• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.12
• /
• pp.6214-6242
• /
• 2019

Routing in mobile ad hoc networks is performed in a distributed fashion where each node acts as host and router, such that it forwards incoming packets for others without relying on a dedicated router. Nodes are mostly resource constraint and the users are usually inclined to conserve their resources and exhibit selfish behaviour by not contributing in the routing process. The trust and reputation models have been proposed to motivate selfish nodes for cooperation in the packet forwarding process. Nodes having bad trust or reputation are detected and secluded from the network, eventually. However, due to the lack of proper identity management and use of non-persistent identities in ad hoc networks, malicious nodes can pose various threats to these methods. For example, a malicious node can discard the bad reputed identity and enter into the system with another identity afresh, called whitewashing. Similarly, a malicious node may create more than one identity, called Sybil attack, for self-promotion, defame other nodes, and broadcast fake recommendations in the network. These identity-based attacks disrupt the overall detection of the reputation systems. In this paper, we propose a reputation-based scheme that detects selfish nodes and deters identity attacks. We address the issue in such a way that, for normal selfish nodes, it will become no longer advantageous to carry out a whitewash. Sybil attackers are also discouraged (i.e., on a single battery, they may create fewer identities). We design and analyse our rationale via game theory and evaluate our proposed reputation system using NS-2 simulator. The results obtained from the simulation demonstrate that our proposed technique considerably diminishes the throughput and utility of selfish nodes with a single identity and selfish nodes with multiple identities when compared to the benchmark scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.719-731
• /
• 2012

One of the most important point in the Internet crime investigation is tracing back and pointing out a criminal host. However, criminals can forge a crime record stored in the crime host, or can utilize malicious applications in order not to leave a crime record. In addition, criminals can change the source IP address of a crime host and deny their involvement. In this study, we suggests the Network Forensic Evidence Generation and Verification Scheme (NFEGVS) to rectify the current limitation of Network Forensic technologies. This scheme can prove who and when the crime has occurred. In addition, this prevents leaking of symmetric key for guaranteeing certification and integrity of Forensic Evidence by proposing the Timestamp Secret Key Distribution Scheme, and minimizes performance degradation of router when generating forensic evidence with the Flow-Based Selection Scheme. In this paper, we implement the proposed scheme and evaluate overall performance of the proposed system.

• Proceedings of the KIEE Conference
• /
• 2006.04a
• /
• pp.144-146
• /
• 2006

The Data Matrix of two-dimensional bar codes is a new technology capable of holding relatively large amounts of data compared to the conventional one-dimensional bar code which is just a key that can access detailed information to the host computer database. A secret key is used to prevent a watermark from malicious attacks. We encoded copyright information into a Data Matrix bar code for encoding process and it was spread a pseudo random pattern using owner key. We embedded a randomized watermark into the image using watermark's embedding position, pattern generated with a secret key. The experimental results have shown that the proposed scheme has good quality and is very robust to various attacks, such as JPEG compression and noise. Also the performance of the proposed scheme is verified by comparing the copyright information with the information which is extracted from a bar code scantier.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.658-660
• /
• 2015

W3C가 발표한 차세대 웹 표준 HTML5의 등장으로 자바스크립트의 기능이 대폭 향상 되었다. 별도의 플러그인 설치 없이 자바스크립트만으로 미디어 재생, 3D 그래픽 처리, 웹 소켓 통신 등을 제공함으로서 Active X와 같은 비표준 기술을 대체할 만큼 강력한 기능을 제공하고 있다. 이러한 흐름에 맞추어 HTML5 기능의 핵심이 되는 자바스크립트를 악용한 위험성을 인지하고 이와 관련된 연구도 활발히 이루어지고 있다. 하지만, 현재의 악성 스크립트를 탐지하는 기술은 대부분 시그니처를 기반으로 하는 패턴 매치이기 때문에 난독화 된 악성 스크립트를 탐지하기에는 많은 한계가 있다. 따라서 본 논문에서는 이런 한계를 극복하기 위해 호스트레벨에서 난독화 된 악성 스크립트를 탐지 및 실행을 방지할 수 있는 난독화 된 악성 스크립트 대응 기술을 제안한다.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.3
• /
• pp.235-245
• /
• 2005

The rapid development of computer network technology has brought the Internet as the major infrastructure to our society. But the rapid increase in malicious computer intrusions using such technology causes urgent problems of protecting our information society. The recent trends of the intrusions reflect that the intruders do not break into victim host directly and do some malicious behaviors. Rather, they tend to use some automated intrusion tools to penetrate systems. Most of the unknown types of the intrusions are caused by using such tools, with some minor modifications. These tools are mostly similar to the Previous ones, and the results of using such tools remain the same as in common patterns. In this paper, we are describing design and implementation of attacker-traceback system, which traces the intruder based on the multi-agent architecture. The system first applied SOM to classify the unknown types of the intrusion into previous similar intrusion classes. And during the intrusion analysis stage, we formalized the patterns of the tools as a knowledge base. Based on the patterns, the agent system gets activated, and the automatic tracing of the intrusion routes begins through the previous attacked host, by finding some intrusion evidences on the attacked system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.267-280
• /
• 2023

With development of computing and communications technologies, IoT environments based on high-speed networks have been extending rapidly. Especially, from home to an office or a factory, applications of IoT devices with sensing environment and performing computations are increasing. Unfortunately, IoT devices which have limited hardware resources can be vulnerable to cyber attacks. Hence, there is a concern that an IoT botnet can give rise to information leakage as a national cyber security crisis arising from abuse as a malicious waypoint or propagation through connected networks. In order to response in advance from unknown cyber threats in IoT networks, in this paper, We firstly define four types of We firstly define four types of characteristics by analyzing darknet traffic accessed from an IoT botnet. Using the characteristic, a suspicious IP address is filtered quickly. Secondly, the filtered address is identified by Cyber Threat Intelligence (CTI) or Open Source INTelligence (OSINT) in terms of an unknown suspicious host. The identified IP address is finally fingerprinted to determine whether the IP is a malicious host or not. To verify a validation of the proposed method, we apply to a Darknet on real-world SOC. As a result, about 1,000 hosts who are detected and blocked preemptively by the proposed method are confirmed as real IoT botnets.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.44 no.1
• /
• pp.113-121
• /
• 2007

Commonly, in the Sensor Network that composed with multiple nodes uses Ad-hoc protocol to communicate each other. Each sensed data packets are collected by base node and processed by Host PC. But the Ad-hoc protocol is too vulnerable to Sinkhole attack, where the intruder attracts surrounding nodes with unfaithful routing information, and then performs selective forwarding or changes the data passing through it. The Sinkhole attack increases overhead over the network and boosts energy consumption speed to decrease network's life time. Since the other attacks can be easily adopted through sinkhole attack, the countermeasure must be considered carefully. In this paper, we proposed the Hop-depth algorithm that detects intruder in Sinkhole attack and colluded nodes. First, the proposed algorithm makes list of suspected nodes and identifies the real intruder in the suspected node list through the Hop-depth count value. And recalculates colluder's path information to find the real intruder. We evaluated the performance of the proposed algorithm using NS2. We compared and analyzed the success ratio of finding real intruder, false positive ratio, false negative ratio, and energy consumption.

• Journal of Broadcast Engineering
• /
• v.6 no.1
• /
• pp.50-57
• /
• 2001

A digital watermarking is a newly developed scheme to embed invisible or inaudible information Into the host data in order to insist the copyright of the owner or the creator. This paper describes a robust data embedding scheme that employs inner product and adaptive quantization. Compared to the previous works for digital watermarking, our proposed scheme can embed relatively large amount of Information, since a secrete key Is not directly relaxed to the watermark data. A secret key is used for the design of random direction vectors. which are taken Inner product with the DCT transformed feature set data. In odder to achieve robustness against malicious attacks. we exploit the Properties of human visual system In designing the random direction vectors which behave as embedded noises. Experimental results show that we can recover the embedded information without utilizing the original host data. We also demonstrate that the ownership assertion is possible even though The watermarked data may undergo common signal processing operations, such as JPEG compression. clopping. and filtering.