• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.107-116
• /
• 2007

Is need Remote Access through internet for business of Ubiquitous Computing age, and apply OTP for confidentiality about inputed ID and Password, network security of integrity. Current OTP must be possessing hardware of Token, and there is limitation in security. Install a Snooping tool to OTP network in this treatise, and because using Cain, enforce ARP Cache poisoning attack and confirm limitation by Snooping about user password. Wish to propose new system that can apply Tokenless OTP by new security way, and secure confidentiality and integrity. Do test for access control inflecting Tokenless OTP at Remote Access from outside, and could worm and do interface control with certification system in hundred. Even if encounter hacking at certification process, thing that connection is impossible without pin number that only user knows confirmed. Because becoming defense about outward flow and misuse and hacking of password when apply this result Tokenless OTP, solidify security, and evaluated by security system that heighten safety.

• The KIPS Transactions:PartA
• /
• v.12A no.6 s.96
• /
• pp.493-498
• /
• 2005

P2P service is a method that can share various information through direct connection between computer of a person who have information and a Person who have information without server in the Internet and it is getting a lot of popularity by method for free ex change of file. P2P file sharing systems have become popular as a new paradigm for information exchange. Because all users who use service in P2P file sharing system can use shared files of several users freely by equal access privilege, it is happening the 'free rider' that only download shared file of other users without share own files. Although a user share a malicious file including virus, worm or file that have title differing with actuality contents, can use file sharing service without limitation. In this paper, we propose a method that restrict access of 'free rider' that only download using reputation information that indicate reliability of user. Also, we restrict usage ons hared file of other users about users who share harmful file.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.920-925
• /
• 2010

A home network system is made up of home devices and wire and wireless network can not only be the subject of cyber attack from a variety factors of threatening, but also have security weakness in cases of hacking, vicious code, worm virus, DoS attack, tapping of communication network, and more. As a result, a variety of problems such as abuse of private life, and exposure and stealing of personal information arose. Therefore, the necessity for a security protocol to protect user asset and personal information within a home network is gradually increasing. Thus, this dissertation designs and suggests a home network security protocol using user authentication and approach-control technology to prevent the threat by unauthorized users towards personal information and user asset in advance by providing the gradual authority to corresponding devices based on authorized information, after authorizing the users with a Public Key Certificate.

• Journal of KIISE:Information Networking
• /
• v.36 no.3
• /
• pp.173-183
• /
• 2009

We present a real-time monitoring system for detecting anomalous network events using the entropy. The entropy accounts for the effects of disorder in the system. When an abnormal factor arises to agitate the current system the entropy must show an abrupt change. In this paper we deliberately model the Internet to measure the entropy. Packets flowing between these two networks may incur to sustain the current value. In the proposed system we keep track of the value of entropy in time to pinpoint the sudden changes in the value. The time-series data of entropy are transformed into the two-dimensional domains to help visually inspect the activities on the network. We examine the system using network traffic traces containing notorious worms and DoS attacks on the testbed. Furthermore, we compare our proposed system of time series forecasting method, such as EWMA, holt-winters, and PCA in terms of sensitive. The result suggests that our approach be able to detect anomalies with the fairly high accuracy. Our contributions are two folds: (1) highly sensitive detection of anomalies and (2) visualization of network activities to alert anomalies.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.405-414
• /
• 2006

We present a symptom based taxonomy for network security. This taxonomy classifies attacks in the network using early symptoms of the attacks. Since we use the symptom it is relatively easy to access the information to classify the attack. Furthermore we are able to classify the unknown attack because the symptoms of unknown attacks are correlated with the one of known attacks. The taxonomy classifies the attack in two stages. In the first stage, the taxonomy identifies the attack in a single connection and then, combines the single connections into the aggregated connections to check if the attacks among single connections may create the distribute attack over the aggregated connections. Hence, it is possible to attain the high accuracy in identifying such complex attacks as DDoS, Worm and Bot We demonstrate the classification of the three major attacks in Internet using the proposed taxonomy.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.4
• /
• pp.69-76
• /
• 2009

The construction of Internet IP-based Network is composed of router and switch models in a variety of companies. The construction by various models causes the complexity of the management and control as different types of CLI is used by different company to filter out abnormal traffics like worm, virus, and DDoS. To improve this situation, IETF is working on enacting XML based configuration standards from NETCONF working group, but currently few commands processing at the level of operation layer on NETCONF are only standardized and it's hard for unified control operation process between different make of system as different company has different XML command to filter out abnormal traffics. This thesis proposes ways to prevent abnormal attacks and increase efficiency of network by re-routing the abnormal traffics coming thru unified control for different make of systems into Sinkhole router and designing a control system to efficiently prevent various attacks after checking the possibility of including abnormal traffics from unified control operation.

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.351-358
• /
• 2008

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems(IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network environment. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Machine(SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB data sets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.61-75
• /
• 2011

Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

• Journal of Practical Agriculture & Fisheries Research
• /
• v.20 no.2
• /
• pp.57-72
• /
• 2018

In order to extract meaningful information from the excellent farming settlement cases of young farmers published by KNCAF, we studied the key words with text mining and created a word cloud for visualization. First, in the text mining results for the entire sample, the words 'CEO', 'corporate executive', 'think', 'self', 'start', 'mind', and 'effort' are the words with high frequency among the top 50 core words. Their ability to think, judge and push ahead with themselves is a result of showing that they have ability of to be managers or managers. And it is a expression of how they manages to achieve their dream without giving up their dream. The high frequency of words such as "father" and "parent" is due to the high ratio of parents' cooperation and succession. Also 'KNCAF', 'university', 'graduation' and 'study' are the results of their high educational awareness, and 'organic farming' and 'eco-friendly' are the result of the interest in eco-friendly agriculture. In addition, words related to the 6th industry such as 'sales' and 'experience' represent their efforts to revitalize farming and fishing villages. Meanwhile, 'internet', 'blog', 'online', 'SNS', 'ICT', 'composite' and 'smart' were not included in the top 50. However, the fact that these words were extracted without omission shows that young farmers are increasingly interested in the scientificization and high-tech of agriculture and fisheries Next, as a result of grouping the top 50 key words by crop, the words 'facilities' in livestock, vegetables and aquatic crops, the words 'equipment' and 'machine' in food crops were extracted as main words. 'Eco-friendly' and 'organic' appeared in vegetable crops and food crops, and 'organic' appeared in fruit crops. The 'worm' of eco-friendly farming method appeared in the food crops, and the 'certification', which means excellent agricultural and marine products, appeared only in the fishery crops. 'Production', which is related to '6th industry', appeared in all crops, 'processing' and 'distribution' appeared in the fruit crops, and 'experience' appeared in the vegetable crops, food crops and fruit crops. To visualize the extracted words by text mining, we created a word cloud with the entire samples and each crop sample. As a result, we were able to judge the meaning of excellent practices, which are unstructured text, by character size.