• Journal of Korea Multimedia Society
• /
• v.25 no.9
• /
• pp.1284-1290
• /
• 2022

An attacker with a malicious purpose can intentionally type other users' accounts and passwords, causing them to be locked or revoked. Although NIST introduced methods to prevent this attack, all suggested methods are inappropriate to prevent an attacker from manually failing authentication, and reduce user availability. In this paper, in order to prevent user account lockout due to an attacker's intentional authentication failure, we propose a new authentication method using IP address and number of failed authentication. The proposed method not only blocks attackers who intentionally try to fail authentication, but also provides convenience to users because accounts are not locked or revoked. It can also safely protect passwords against password cracking attacks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.75-82
• /
• 2022

Medical data is one of the data that must be kept in safe containers, far from intrusion, viewing and modification. With the technological developments in hospital systems and the use of cloud computing, it has become necessary to save, encrypt and even hide data from the eyes of attackers. Medical data includes medical images, whether they are x-ray images of patients or others, or even documents that have been saved in the image format. In this review, we review the latest research and the latest tools and algorithms that are used to protect, encrypt and hide these images, and discuss the most important challenges facing these areas.

• Journal of IKEEE
• /
• v.27 no.3
• /
• pp.239-245
• /
• 2023

Whitelist-based ransomware solution is known as being vulnerable to false impersonation attack using DLL injection attack. To solve this problem, it is proposed to monitor DLL injection attack and to integrate the monitoring result to ransomware solutions. In this paper, we show that attackers can easily bypass the monitoring mechanism and then illegally access files of a target system. It means that whitelist-based ransomware solutions are still vulnerable.

• Journal of information and communication convergence engineering
• /
• v.21 no.3
• /
• pp.192-197
• /
• 2023

A Distributed reflection denial of service (DRDoS) is a variant of DDoS attacks that threatens the availability of services to legitimate users. In response to this evolving threat landscape, the cybersecurity industry and service providers have intensified their efforts to develop effective countermeasures. Despite these efforts, attackers continue to innovate, developing new strategies and tools while becoming more sophisticated. Consequently, DRDoS attacks continue to be harmful. Therefore, ongoing research and development is essential to improve defense against DRDoS attacks. To advance our understanding and analysis of DRDoS attacks, this study examines the unique characteristics of DRDoS attacks and quantifies the risks involved. Additionally, it adopts a quantitative rather than traditional qualitative methods to derive and apply risk, particularly the probability of loss that can be caused by DRDoS attacks.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.2
• /
• pp.179-187
• /
• 2023

APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. 'Cyberattack Tracing System' allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.917-919
• /
• 2011

Recently, most network communication chips are powered; which causes power consumption a heavily constraint. Since, there are a lot of expectations on TPM to have a high performance in terms of authentication of its device. During the design process there is a need to estimate the security of the design but it always when the chip has already been manufactured. This paper designed a power consumption control monitor in TPM device which evaluate the voltage drop during processing of use. Therefore we will analyze the power consumption profile. The result shows that the voltage drop leads to vulnerability of the system to attackers during communication process.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1009-1011
• /
• 2011

With the growth of Smart Grid technologies, security and privacy will become the most important issues and more attention should be paid. There are some existing solutions about anonymization of smart meters, however, they still have some potential threats. In this paper, we describe an enhanced method to protect the privacy of consumer data. When metering data are required by a utility or the electrical energy distribution center for operational reasons, data are delivered not with the real IDs but with temporary IDs. In addition, these temporary IDs are changed randomly to prevent the attackers from analyzing the energy usage patterns. We also describe secure data transmission method for securing data delivered. In this way, we can enhance the privacy of Smart Grid System with low overhead.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.155-161
• /
• 2023

In the process of remarkable progress in the medical and technical field and activating the role of technology in health care services and applications, and since the safety of medical data and its protection from security violations plays a major role in assessing the security of health facilities and the safety of medical servers Thus, it is necessary to know the cyber vulnerabilities in health information systems and other related services to prevent and address them in addition to obtaining the best solutions and practices to reach a high level of cybersecurity against attackers, especially due to the digital transformation of health care systems and the rest of the dealings. This research is about what cyberattacks are and the purpose of them, in addition to the methods of penetration. Then challenges, solutions and some of the security issues will be discussed in general, and a special highlight will be given to obtaining a safe infrastructure to enjoy safe systems in return.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.101-103
• /
• 2023

With the recent advances in communication technology and Internet of Things (IoT) infrastructure, home automation systems have emerged as a new paradigm for providing users with convenient smart home services. The IoT ecosystem has merged digital systems with the physical world, dramatically changing the way people live and work. However, at the same time, security remains one of the most significant research issues in IoT, as the deployment and application of high-availability systems come with various security risks that cause serious threats to users. Among them, the security issues arising from the interaction among devices/applications should not be underestimated. Attackers can exploit interactions among devices/applications to hack into the user's home. In this paper, we present a survey of research on detecting various types of interactions among devices/applications in IoT.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.157-163
• /
• 2023

The attack technique targeting end-users through phishing URLs is very dangerous nowadays. With this technique, attackers could steal user data or take control of the system, etc. Therefore, early detecting phishing URLs is essential. In this paper, we propose a method to detect phishing URLs based on supervised learning algorithms and abnormal behaviors from URLs. Finally, based on the research results, we build a framework for detecting phishing URLs through end-users. The novelty and advantage of our proposed method are that abnormal behaviors are extracted based on URLs which are monitored and collected directly from attack campaigns instead of using inefficient old datasets.