• Journal of information and communication convergence engineering
• /
• v.20 no.4
• /
• pp.250-258
• /
• 2022

The emerging scope of the Internet-of-Things (IoT) has piqued the interest of industry and academia in recent times. Therefore, security becomes the main issue to prevent the possibility of cyberattacks. Jamming attacks are threads that can affect performance and cause significant problems for IoT device. This study explores a smart jamming attack (coalition attack) in which the attackers were previously a part of the legitimate network and are now back to attack it based on the gained knowledge. These attackers regroup into a coalition and begin exchanging information about the legitimate network to launch attacks based on the gained knowledge. Our system enables jammer nodes to select the optimal transmission rates for attacks based on the attack probability table, which contains the most probable link transmission rate between nodes in the legitimate network. The table is updated constantly throughout the life cycle of the coalition. The simulation results show that a coalition of jammers can cause highly successful attacks.

• Journal of Arbitration Studies
• /
• v.17 no.2
• /
• pp.167-187
• /
• 2007

As Korea has reached a free trade agreement with the United States of America, it is required to provide an appropriate procedure to ".kr" domain name disputes based on the principles established in the Uniform Domain Name Dispute Resolution Policy(UDRP). Currently, Internet address Dispute Resolution Committee(IDRC) established under Article 16 of the Act on Internet Address Resources provides the dispute resolution proceedings to resolve ".kr" domain name disputes. While the IDRC's proceeding is similar to the UDRP administrative proceeding in procedural aspects, the Domain Name Dispute Mediation Policy that is established by the IDRC and that applies to disputes involving ".kr" domain names is very different from the UDRP for generic Top Level Domain (gTLD) in substantial aspects. Under the Korea-U.S. Free Trade Agreement(KORUS FTA), it is expected that either the Domain Name Dispute Mediation Policy to be amended to adopt the UDRP or the IDRC to examine the Domain Name Dispute Mediation Policy in order to harmonize it with the principles established in the UDRP. It is a common practice of cybersquatters to warehouse a number of domain names without any active use of these domain names after their registration. The Domain Name Dispute Mediation Policy provides that the complainant may request to transfer or delete the registration of the disputed domain name if the registrant registered, holds or uses the disputed domain name in bad faith. This provision lifts the complainant's burden of proof to show the respondent's bad faith because the complainant is only required to prove one of the three bad faiths which are registration in bad faith, holding in bad faith, or use in bad faith. The aforementioned resolution procedure is different from the UDRP regime which requires the complainant, in compliance with paragraph 4(b) of the UDRP, to prove that the disputed domain name has been registered in bad faith and is being used in bad faith. Therefore, the complainant carries heavy burden of proof under the UDRP. The IDRC should deny the complaint if the respondent has legitimate rights or interests in the domain names. Under the UDRP, the complainant must show that the respondent has no rights or legitimate interests in the disputed domain name. The UDRP sets out three illustrative circumstances, any one of which if proved by the respondent, shall be evidence of the respondent's rights to or legitimate interests in the domain name. As the Domain Name Dispute Mediation Policy provides only a general provision regarding the respondent's legitimate rights or interests, the respondent can be placed in a very week foundation to be protected under the Policy. It is therefore recommended for the IDRC to adopt the three UDRP circumstances to guide how the respondent can demonstrate his/her legitimate rights or interests in the disputed domain name. In accordance with the KORUS FTA, the Korean Government is required to provide online publication to a reliable and accurate database of contact information concerning domain name registrants. Cybersquatters often provide inaccurate contact information or willfully conceal their identity to avoid objection by trademark owners. It may cause unnecessary and unwarranted delay of the administrative proceedings. The respondent may loss the opportunity to assert his/her rights or legitimate interests in the domain name due to inability to submit the response effectively and timely. The respondent could breach a registration agreement with a registrar which requires the registrant to submit and update accurate contact information. The respondent who is reluctant to disclose his/her contact information on the Internet citing for privacy rights and protection. This is however debatable as the respondent may use the proxy registration service provided by the registrar to protect the respondent's privacy.

• Proceedings of the Korean Society for Language and Information Conference
• /
• 1996.02a
• /
• pp.317-326
• /
• 1996

• Journal of Technology Innovation
• /
• v.16 no.1
• /
• pp.81-106
• /
• 2008

By analyzing a nation-wide survey, this article examines research related norms and values of 684 scientists in 16 universities and 7 government supported research institutes. The survey shows that Korean scientific community tends to reject communality and disinterestedness while it accepts universalism as a norm. Organized skepticism is received a lukewarm support. In contrast, Korean scientific community tends to perceive the intellectual property and secrecy as legitimate and believe that scientists should consider the applicability of scientific research outcome and its social impacts when they choose research topics. When other variables are controlled for, the more basic research a scientist conducts the scientist is more likely to support communality and reject secrecy. The younger scientists are less likely to accept disinterestedness and the claim that the scientists should keep distance from social issues than the older. Scientists who work in the government-supported research institutes are more likely to view secrecy for more than 6 months as legitimate and reject the claim that science should not be affected by society than university scientists. The implications of these findings are discussed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2166-2180
• /
• 2016

We investigate the opposite of artificial noise (AN)-assisted communication in multiple-input-multiple-output (MIMO) wiretap channels for the multiuser case by taking the side of the eavesdropper. We first define a framework for an AN-assisted multiuser multiple-input-multiple-output (MU-MIMO) system, for which eavesdropping methods are proposed with and without knowledge of legitimate users' channel state information (CSI). The proposed method without CSI is based on a modified joint approximate diagonalization of eigen-matrices algorithm, which eliminates permutation indetermination and phase ambiguity, as well as the minimum description length algorithm, which blindly estimates the number of secret data sources. Simulation results show that both proposed methods can intercept information effectively. In addition, the proposed method without legitimate users' CSI performs well in terms of robustness and computational complexity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.161-168
• /
• 2003

We discuss the security of two famous password authenticated key exchange protocols, EKE2 and PAK. We introduce ′insider assisted attack′ Based on this assumption we point out weakness of the security of EKE2 and PAK protocols. More precisely, when the legitimate user wants to find other user′s password, called "insider-assisted attacker", the attacker can find out many ephemeral secrets of the server and then after monitoring on line other legitimate user and snatching some messages, he can guess a valid password of the user using the previous information. Of course for this kind of attack there are some constraints. Here we present a full description of the attack and point out that on the formal model, one should be very careful in describing the adversary′s behavior.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.

• International Journal of Computer Science & Network Security
• /
• v.23 no.12
• /
• pp.91-100
• /
• 2023

As SDN devices and systems hit the market, security in SDN must be raised on the agenda. SDN has become an interesting area in both academics and industry. SDN promises many benefits which attract many IT managers and Leading IT companies which motivates them to switch to SDN. Over the last three decades, network attacks becoming more sophisticated and complex to detect. The goal is to study how traffic information can be extracted from an SDN controller and open virtual switches (OVS) using SDN mechanisms. The testbed environment is created using the RYU controller and Mininet. The extracted information is further used to detect these attacks efficiently using a machine learning approach. To use the Machine learning approach, a dataset is required. Currently, a public SDN based dataset is not available. In this paper, SDN based dataset is created which include legitimate and non-legitimate traffic. Classification is divided into two categories: binary and multiclass classification. Traffic has been classified with or without dimension reduction techniques like PCA and LDA. Our approach provides 98.58% of accuracy using a random forest algorithm.

• Knowledge Management Research
• /
• v.13 no.4
• /
• pp.31-54
• /
• 2012

This study examines whether employees' legitimacy perceptions of corporate social responsibility (CSR) affect their organizational citizenship behavior (OCB). It also investigates whether CEO's visionary leadership can moderate this causal relationship. CSR legitimacy is defined in the current study as employees' personal beliefs about the appropriateness of corporate CSR activities. In fact, employees evaluate the appropriateness of CSR activity based on its consistency with corporate philosophy (e.g. corporate mission, vision, and values) which functions as employees' referencial belief structure. If CSR activity is perceived as one of firm's effort to fulfill its mission, vision, and values, which means that espoused theory and theory-in-use of CSR activity are congruent, employees will consider firm's CSR activity as legitimate. If, however, employees think that CSR activity is not congruent with firm's mission, vision, and values, which means that espoused theory and theory-in-use of CSR activity are inconsistent, they will perceive that CSR activity of their firm is not legitimate. In the current study, we propose that employees who perceive that the CSR activity of their firm is legitimate are more likely to engage in OCB. In addition, we hypothesize that CEO's visionary leadership can strengthen the positive effect of employees' perception of CSR legitimacy on their OCB. We tested these hypotheses with the sample of 383 employees from 32 companies listed on DJSI (Dow Jones Sustainability Index) Korea 2009. We employed the HLM (hierarchical linear modeling) program to decompose the multi-level random effects. We found that CSR legitimacy perceptions of employees increase employees' OCB and that CEO's visionary leadership moderates this relationship. We discussed implications of these findings in more detail.

• Journal of the Korea Society for Simulation
• /
• v.17 no.3
• /
• pp.27-34
• /
• 2008

Wireless sensor networks are comprised of sensor nodes with resource-constrained hardware. Nodes in the sensor network without adequate protection may be compromised by adversaries. Such compromised nodes are vulnerable to the attacks like false reports injection attacks and false data injection attacks on legitimate reports. In false report injection attacks, an adversary injects false report into the network with the goal of deceiving the sink or the depletion of the finite amount of energy in a battery powered network. In false data injection attacks on legitimate reports, the attacker may inject a false data for every legitimate report. To address such attacks, the probabilistic voting-based filtering scheme (PVFS) has been proposed by Li and Wu. However, each cluster head in PVFS needs additional transmission device. Therefore, this paper proposes a fuzzy logic-based false report detection method (FRD) to mitigate the threat of these attacks. FRD employs the statistical en-route filtering scheme as a basis and improves upon it. We demonstrate that FRD is efficient with respect to the security it provides, and allows a tradeoff between security and energy consumption, as shown in the simulation.