• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.599-612
• /
• 2019

Cloud networks are used to provide various services. As services are increasingly deployed using cloud networks, there are a number of resources in the cloud that leverage a variety of environments and protocols. However, there is a security intrusion on these resources, and research on cloud network vulnerability detection is required as threats to cloud resources emerge. In this paper, we propose a vulnerability detection scheme using STRIDE and HARM for vulnerability detection of resources utilizing various environments and protocols, and present cloud network vulnerability detection scheme through vulnerability detection scenario composition.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.11-17
• /
• 2018

IDS/IPS and networked computer systems are playing an increasingly important role in our society. They have been the targets of a malicious attacks that actually turn into intrusions. That is why computer security has become an important concern for network administrators. Recently, various Detection/Prevention System schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems is useful for existing intrusion patterns on standard-only systems. Therefore, probe detection of private clouds using BlockChain has become a major security protection technology to detection potential attacks. In addition, BlockChain and Probe detection need to take into account the relationship between the various factors. We should develop a new probe detection technology that uses BlockChain to fine new pattern detection probes in cloud service security in the end. In this paper, we propose a probe detection using Fuzzy Cognitive Map(FCM) and Self Adaptive Module(SAM) based on service security using BlockChain technology.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.3
• /
• pp.19-25
• /
• 2017

Nowadays, networked computer systems play an increasingly important role in our society and its economy. They have become the targets of a wide array of malicious attacks that invariably turn into actual intrusions. This is the reason computer security has become an essential concern for network administrators. Recently, a number of Detection/Prevention System schemes have been proposed based on various technologies. However, the techniques, which have been applied in many systems, are useful only for the existing patterns of intrusion. Therefore, probe detection has become a major security protection technology to detection potential attacks. Probe detection needs to take into account a variety of factors ant the relationship between the various factors to reduce false negative & positive error. It is necessary to develop new technology of probe detection that can find new pattern of probe. In this paper, we propose an hybrid probe detection using Fuzzy Cognitive Map(FCM) and Self Adaptive Module(SAM) in dynamic environment such as Cloud and IoT. Also, in order to verify the proposed method, experiments about measuring detection rate in dynamic environments and possibility of countermeasure against intrusion were performed. From experimental results, decrease of false detection and the possibilities of countermeasures against intrusions were confirmed.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.179-192
• /
• 2023

The widespread use of Cloud Computing, Internet of Things (IoT), and social media in the Information Communication Technology (ICT) field has resulted in continuous and unavoidable cyber-attacks on users and critical infrastructures worldwide. Traditional security measures such as firewalls and encryption systems are not effective in countering these sophisticated cyber-attacks. Therefore, Intrusion Detection and Prevention Systems (IDPS) are necessary to reduce the risk to an absolute minimum. Although IDPSs can detect various types of cyber-attacks with high accuracy, their performance is limited by a high false alarm rate. This study proposes a new technique called Fuzzy Logic - Objective Risk Analysis (FLORA) that can significantly reduce false positive alarm rates and maintain a high level of security against serious cyber-attacks. The FLORA model has a high fuzzy accuracy rate of 90.11% and can predict vulnerabilities with a high level of certainty. It also has a mechanism for monitoring and recording digital forensic evidence which can be used in legal prosecution proceedings in different jurisdictions.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.12
• /
• pp.287-296
• /
• 2019

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.975-990
• /
• 2020

Nowadays, the Internet of Things (IoT) network, is increasingly becoming a ubiquitous connectivity between different advanced applications such as smart cities, smart homes, smart grids, and many others. The emerging network of smart devices and objects enables people to make smart decisions through machine to machine (M2M) communication. Most real-world security and IoT-related challenges are vulnerable to various attacks that pose numerous security and privacy challenges. Therefore, IoT offers efficient and effective solutions. intrusion detection system (IDS) is a solution to address security and privacy challenges with detecting different IoT attacks. To develop an attack detection and a stable network, this paper's main objective is to provide a comprehensive overview of existing intrusion detections system for IoT environment, cyber-security threats challenges, and transparent problems and concerns are analyzed and discussed. In this paper, we propose software-defined IDS based distributed cloud architecture, that provides a secure IoT environment. Experimental evaluation of proposed architecture shows that it has better detection and accuracy than traditional methods.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.07a
• /
• pp.165-166
• /
• 2018

최근 딥러닝 기술이 발전함에 따라 이를 네트워크 침입탐지 분야에 적용하려는 연구가 활발히 이루어지고 있으며 이에 따라 대용량 네트워크 데이터에 대한 처리 방법이 주목받고 있다. 본 논문에서는 네트워크 데이터를 이미지화하는 전처리 방법을 제안한다. 네트워크 데이터를 세션단위로 처리하여 손실율을 줄이면서 딥러닝 알고리즘에 바로 적용할 수 있도록 정규화된 이미지로 변환하는 방법이다. 이를 통해 딥러닝 기술을 적용한 네트워크 정보보안 분야의 연구 활성화를 기대할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.789-791
• /
• 2012

세계가 주목하는 새로운 컴퓨팅 패러다임으로 클라우드 컴퓨팅 기술이 주목받고 있다. 클라우드 컴퓨팅은 다양한 사용자의 특성 및 사용 목적에 따른 서비스를 제공한다. 최근에 서비스 되고 있는 협업 클라우드 시스템은 클라우드 간 오픈 API들을 통한 상호 운영성을 바탕으로 서비스가 제공되고 있다. 하지만 클라우드 시스템은 보안과 성능, 가용성 등 개선해야할 많은 부분이 많이 남아있고, 특히 협업된 환경에서는 하나의 클라우드에 대한 공격이 다른 클라우드에 영향을 미칠 수 있기 때문에 이러한 특징을 고려한 침입탐지 및 차단을 위한 시스템이 필요하다. 본 논문은 하이퍼바이저와 유기적으로 통신하는 Hypervisor Intrusion Detection Agent(HIDA)를 이용하여 위협을 탐지, 분석하고 Warning Control Center(WCC)이용하여 협업된 클라우드 시스템에 위험을 공유함으로써 기존 시스템에 비해 보다 개선된 보안성 및 가용성을 제공하는 방법을 제안하였다.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.27-35
• /
• 2021

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.659-666
• /
• 2012

Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.