• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.5150-5169
• /
• 2015

Mobile Ad hoc NETworks (MANETs) are the best choice when mobility, scalability, and decentralized network infrastructure are needed. Because of critical mission applications of MANETs, network security is the vital requirement. Most routing protocols in MANETs assume that every node in the network is trustworthy. However, due to the open medium, the wide distribution, and the lack of nodes' physical protection, attackers can easily compromise MANETs by inserting misbehaving nodes into the network that make blackhole attacks. Previous research to detect the misbehaving nodes in MANETs used the overhearing methods, or additional ACKnowledgement (ACK) packets to confirm the reception of data packets. In this paper a special lightweight acknowledgement-based method is developed that, contrary to existing methods, it uses ACK packets of MAC layer instead of adding new ACK packets to the network layer for confirmations. In fact, this novel method, named PIGACK, uses ACK packets of MAC 802.11 to piggyback confirmations from a receiver to a sender in the same transmission duration that the sender sends a data packet to the receiver. Analytical and simulation results show that the proposed method considerably decreases the network overhead and increases the packet delivery ratio compared to the well-known method (2ACK).

• 한국콘텐츠학회논문지
• /
• 제10권5호
• /
• pp.45-51
• /
• 2010

복제된 AP가 설치되면 무선 스테이션들이 현재 연결된 정상적인 AP와 연결을 끊으며 그 후 복제된 AP가 정상적인 AP 보다 신호강도가 세다면 복제된 AP와 연결(association)설정이 이루어진다. 이로 인해 무선 스테이션들은 공격으로부터 노출되게 된다. 본 연구에서는 정상적인 AP와 무선 스테이션간의 연결설정이 이루어질 때의 접속 시간과 프레임 시퀀스 번호를 이용하여 복제된 AP와 정상적인 AP를 식별하고 복제된 AP를 차단시켰다. NS-2를 이용한 시뮬레이션의 결과, 본 논문에서 제안하는 메커니즘을 통해 무선 스테이션들의 복제된 AP의 등장을 판별할 수 있게 되어 보다 안전한 무선 랜 환경을 구축할 수 있게 되었다.

• 한국컴퓨터산업학회논문지
• /
• 제5권2호
• /
• pp.235-242
• /
• 2004

e-비즈니스의 급격한 발전으로 인하여 네트워크 상의 보안이 중요한 이슈로 부각되고 있다. 대표적인 보안 시스템인 침입 탐지 시스템(IDS)은 네트워크 상의 침입 시도를 탐지하는 역할을 수행한다. 현재의 침입은 광범위해지고, 복잡하게 되어 한 침입 탐지 시스템이 독립적으로 네트워크의 침입을 판단하기 어렵게 되었다. 그래서 본 논문에서는 여러 침입 탐지 시스템을 네트워크상에 배치하려고, 이들이 서로 정보를 공유하면서 공격자에 효과적으로 대처하며 침입을 탐지하도록 하였다. 각 에이전트들이 침입을 탐지하기 위한 연동 방법은 블랙 보드 구조(Blackboard Architecture)와 계약망 프로토콜(Contract Net Protocol)을 사용하였다 본 논문에서는 보안 에이전트들이 블랙 보드 구조를 사용한 경우와 계약망 프로토콜을 사용한 경우의 성능을 비교해 효과적인 방법을 제안할 것이다.

• 정보처리학회논문지C
• /
• 제14C권1호
• /
• pp.17-26
• /
• 2007

네트워크를 통한 공격에 대처하는 방법 중 가장 어려운 문제는 공격자가 자신의 주소를 위장한다는 것이다. 인터넷의 근본적인 구조 때문에 자신의 주소를 위장한 패킷의 근원지를 추적하는 것은 매우 어렵다. 또한, 현재까지 제안된 방법 중 공격 근원지를 추적하는 IP 역추적(Traceback) 알고리즘은 실제 적용에 있어 한계를 가지고 있으며, 이러한 문제점을 극복하긴 위한 연구가 진행되어야 할 필요가 있다. 본 논문에서는 기존 IP 역추적 기법의 문제점 해결하기 위해 마킹을 이용한 새로운 IP 역추적 메커니즘을 제안하였다. 제안된 메커니즘의 성능평가를 통해 적은 시스템 오버헤드만으로 역추적을 위한 효율적인 마킹이 가능함을 보였다.

• Journal of Information Processing Systems
• /
• 제14권5호
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권2호
• /
• pp.766-783
• /
• 2012

Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers. By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client's system, and so on. In order to reduce damage, malicious web pages must be located prior to general users accessing the infected pages. In this paper, a novel framework (JsSandbox) that can monitor and analyze the behavior of malicious JavaScript code using internal function hooking (IFH) is proposed. IFH is defined as the hooking of all functions in the modules using the debug information and extracting the parameter values. The use of IFH enables the monitoring of functions that API hooking cannot. JsSandbox was implemented based on a debugger engine, and some features were applied to detect and analyze malicious JavaScript code: detection of obfuscation, deobfuscation of the obfuscated string, detection of URLs related to redirection, and detection of exploit codes. Then, the proposed framework was analyzed for specific features, and the results demonstrate that JsSandbox can be applied to the analysis of the behavior of malicious web pages.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권1호
• /
• pp.484-510
• /
• 2017

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제4권6호
• /
• pp.1042-1062
• /
• 2010

Cooperative spectrum sensing (CSS) is an effective technology for alleviating the unreliability of local spectrum sensing due to fading/shadowing effects. Unlike most existing solutions, this paper considers the use of CSS technology in decentralized networks where a fusion center is not available. In such a decentralized network, some attackers may sneak into the ranks of cooperative users. On the basis of recent advances in bio-inspired consensus algorithms, an attack-proof, decentralized CSS scheme is proposed in which all secondary users can maintain cooperative sensing by exchanging information locally instead of requiring centralized control or data fusion. Users no longer need any prior knowledge of the network. To counter three potential categories of spectrum sensing data falsification (SSDF) attacks, some anti-attack strategies are applied to the iterative process of information exchange. This enables most authentic users to exclude potentially malicious users from their neighborhood. As represented by simulation results, the proposed scheme can generally ensure that most authentic users reach a consensus within the given number of iterations, and it also demonstrates much better robustness against different SSDF attacks than several existing schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권2호
• /
• pp.846-864
• /
• 2017

Software Defined Network (SDN) realizes management and control over the underlying forwarding device, along with acquisition and analysis of network topology and flow characters through south bridge protocol. Data path Identification (DPID) is the unique identity for managing the underlying device, so forged DPID can be used to attack the link of underlying forwarding devices, as well as carry out DoS over the upper-level controller. This paper proposes a dynamic defense method based on Client-Puzzle model, in which the controller achieves dynamic management over requests from forwarding devices through generating questions with multi-level difficulty. This method can rapidly reduce network load, and at the same time separate attack flow from legal flow, enabling the controller to provide continuous service for legal visit. We conduct experiments on open-source SDN controllers like Fluid and Ryu, the result of which verifies feasibility of this defense method. The experimental result also shows that when cost of controller and forwarding device increases by about 2%-5%, the cost of attacker's CPU increases by near 90%, which greatly raises the attack difficulty for attackers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권5호
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.