• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.3
• /
• pp.482-488
• /
• 2009

Mobile Ad-hoc Networks provide communication without a centralized infrastructure, which makes them suitable for communication in disaster areas or when quick deployment is needed. On the other hand, they are susceptible to malicious exploitation and have to face different challenges at different layers due to its open Ad-hoc network structure which lacks previous security measures. Denial of service (DoS) attack is one that interferes with the radio transmission channel causing a jamming attack. In this kind of attack, an attacker emits a signal that interrupts the energy of the packets causing many errors in the packet currently being transmitted. In harsh environments where there is constant traffic, a jamming attack causes serious problems; therefore measures to prevent these types of attacks are required. The objective of this paper is to carry out the simulation of the jamming attack on the nodes and determine the DoS attacks in OPNET so as to obtain better results. We have used effective anomaly detection system to detect the malicious behaviour of the jammer node and analyzed the results that deny channel access by jamming in the mobile Ad-hoc networks.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.21-31
• /
• 2018

Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.327-332
• /
• 2013

XSS is an attacker on the other party of the browser that is allowed to run the script. It is seized session of the users, or web site modulation, malicious content insertion, and phishing attack which is available. XSS attacks are stored XSS and reflected XSS. In that, two branch attacks. The form of XSS attacks are cookie sniffing, script encryption, bypass, the malignant cord diffusion, Key Logger, Mouse Sniffer, and addition of lie information addition. XSS attacks are target of attack by script language. Therefore, the countermeasure of XSS is presented and proposed to improve web security.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.7
• /
• pp.1-8
• /
• 2016

Nowadays, distributed denial of service (DDoS) attacks on web sites reward attackers financially or politically because our daily lifes tightly depends on web services such as on-line banking, e-mail, and e-commerce. One of DDoS attacks to web servers is called HTTP-GET flood attack which is becoming more serious. Most existing techniques are running on the application layer because these attack packets use legitimate network protocols and HTTP payloads; that is, network-level intrusion detection systems cannot distinguish legitimate HTTP-GET requests and malicious requests. In this paper, we propose a practical detection technique against HTTP-GET flood attacks, based on the access behavior of inline objects in a webpage using NetFlow data. In particular, our proposed scheme is working on the network layer without any application-specific deep packet inspections. We implement the proposed detection technique and evaluate the ability of attack detection on a simple test environment using NetBot attacker. Moreover, we also show that our approach must be applicable to real field by showing the test profile captured on a well-known e-commerce site. The results show that our technique can detect the HTTP-GET flood attack effectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2512-2531
• /
• 2014

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.7
• /
• pp.2225-2238
• /
• 2022

For advanced healthcare services, a variety of agents should maintain reliable connections with the manager and communicate personal health and medical information. The ISO/IEEE 11073 standards provide convenient interoperability and the optimized exchange protocol (OEP) supports efficient communication for devices. However, the standard does not specify secure communication, and sensitive personal information is easily exposed through attacks. Malicious attacks may lead to the worst results owing to service errors, service suspension, and deliberate delays. All possible attacks on the communication are analyzed in detail, and the damage is specifically identified. In this study, novel secure communication schemes over the 20601 OEP are proposed by introducing an authentication process while maintaining compatibility with existing devices. The agent performs a secure association with the manager for mutual authentication. However, communication with mutual authentication is not completely free from attacks. Message encryption schemes are proposed for concrete security. The authentication process and secure communication schemes between the secure registered agent (SRA) and the secure registered manager (SRM) are implemented and verified. The experimental analysis shows that the complexities of the SRA and SRM are not significantly different from those of the existing agent and manager.

• Journal of Communications and Networks
• /
• v.17 no.1
• /
• pp.75-83
• /
• 2015

In mobile ad-hoc networks (MANETs), nodes are mobile in nature. Collaboration between mobile nodes is more significant in MANETs, which have as their greatest challenges vulnerabilities to various security attacks and an inability to operate securely while preserving its resources and performing secure routing among nodes. Therefore, it is essential to develop an effective secure routing protocol to protect the nodes from anonymous behaviors. Currently, game theory is a tool that analyzes, formulates and solves selfishness issues. It is seldom applied to detect malicious behavior in networks. It deals, instead, with the strategic and rational behavior of each node. In our study,we used the dynamic Bayesian signaling game to analyze the strategy profile for regular and malicious nodes. This game also revealed the best actions of individual strategies for each node. Perfect Bayesian equilibrium (PBE) provides a prominent solution for signaling games to solve incomplete information by combining strategies and payoff of players that constitute equilibrium. Using PBE strategies of nodes are private information of regular and malicious nodes. Regular nodes should be cooperative during routing and update their payoff, while malicious nodes take sophisticated risks by evaluating their risk of being identified to decide when to decline. This approach minimizes the utility of malicious nodes and it motivates better cooperation between nodes by using the reputation system. Regular nodes monitor continuously to evaluate their neighbors using belief updating systems of the Bayes rule.

• Journal of Information Processing Systems
• /
• v.11 no.2
• /
• pp.229-238
• /
• 2015

Web shells are programs that are written for a specific purpose in Web scripting languages, such as PHP, ASP, ASP.NET, JSP, PERL-CGI, etc. Web shells provide a means to communicate with the server's operating system via the interpreter of the web scripting languages. Hence, web shells can execute OS specific commands over HTTP. Usually, web attacks by malicious users are made by uploading one of these web shells to compromise the target web servers. Though there have been several approaches to detect such malicious web shells, no standard dataset has been built to compare various web shell detection techniques. In this paper, we present a collection of web shell files, WebSHArk 1.0, as a standard dataset for current and future studies in malicious web shell detection. To provide baseline results for future studies and for the improvement of current tools, we also present some benchmark results by scanning the WebSHArk dataset directory with three web shell scanning tools that are publicly available on the Internet. The WebSHArk 1.0 dataset is only available upon request via email to one of the authors, due to security and legal issues.

• Journal of KIISE
• /
• v.45 no.2
• /
• pp.106-112
• /
• 2018

Recently, the number of cyber attacks using malicious code has increased. Various types of malicious code detection techniques have been researched for several years as the damage has increased. In recent years, profiling techniques have been used to identify attack groups. This paper focuses on the identification of attack groups using a detection technique that does not involve malicious code detection. The attacker is identified by using a string or a code signature of the malicious code. In addition, the detection rate is increased by adding a technique to confirm the packing file. We use Yara as a detection technique. We have research about RAT (remote access tool) that is mainly used in attack groups. Further, this paper develops a ruleset using malicious code and packer main feature signatures for RAT which is mainly used by the attack groups. It is possible to detect the attacker by detecting RAT based on the newly created ruleset.