• Journal of Information Processing Systems
• /
• 제12권3호
• /
• pp.422-435
• /
• 2016

Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today's cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권7호
• /
• pp.3386-3411
• /
• 2019

Secured and reliable routing is a crucial factor for improving the performance of Wireless Mesh Networks (WMN) since these networks are susceptible to many types of attacks. The existing assumption about the internal nodes in wireless mesh networks is that they cooperate well during the forwarding of packets all the time. However, it is not always true due to the presence of malicious and mistrustful nodes. Hence, it is essential to establish a secure, reliable and stable route between a source node and a destination node in WMN. In this paper, a trust based secure routing algorithm is proposed for enhancing security and reliability of WMN, which contains cross layer and subject logic based reliable reputation scheme with security tag model for providing effective secured routing. This model uses only the trusted nodes with the forwarding reliability of data transmission and it isolates the malicious nodes from the providing path. Moreover, every node in this model is assigned with a security tag that is used for efficient authentication. Thus, by combining authentication, trust and subject logic, the proposed approach is capable of choosing the trusted nodes effectively to participate in forwarding the packets of trustful peer nodes successfully. The simulation results obtained from this work show that the proposed routing protocol provides optimal network performance in terms of security and packet delivery ratio.

• ETRI Journal
• /
• 제36권1호
• /
• pp.51-61
• /
• 2014

In the Mobile IPv6 (MIPv6) protocol, a mobile node (MN) is a mobile device with a permanent home address (HoA) on its home link. The MN will acquire a care-of address (CoA) when it roams into a foreign link. It then sends a binding update (BU) message to the home agent (HA) and the correspondent node (CN) to inform them of its current CoA so that future data packets destined for its HoA will be forwarded to the CoA. The BU message, however, is vulnerable to different types of security attacks, such as the man-in-the-middle attack, the session hijacking attack, and the denial-of-service attack. The current security protocols in MIPv6 are not able to effectively protect the BU message against these attacks. The private-key-based BU (PKBU) protocol is proposed in this research to overcome the shortcomings of some existing MIPv6 protocols. PKBU incorporates a method to assert the address ownership of the MN, thus allowing the CN to validate that the MN is not a malicious node. The results obtained show that it addresses the security requirements while being able to check the address ownership of the MN. PKBU also incorporates a method to verify the reachability of the MN.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1321-1332
• /
• 2016

Wireless sensor networks (WSN) are self-organized networks that typically consist of thousands of low-cost, low-powered sensor nodes. The reliability and availability of WSNs can be affected by faults, including those from radio interference, battery exhaustion, hardware and software failures, communication link errors, malicious attacks, and so on. Thus, we propose a novel multi-agent fault tolerant system for wireless sensor networks. Since a major requirement of WSNs is to reduce energy consumption, we use multi-agent and mobile agent configurations to manage WSNs that provide energy-efficient services. Mobile agent architecture have inherent advantages in that they provide energy awareness, scalability, reliability, and extensibility. Our multi-agent system consists of a resource manager, a fault tolerance manager and a load balancing manager, and we also propose fault-tolerant protocols that use multi-agent and mobile agent setups.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2005년도 춘계학술발표대회
• /
• pp.1461-1464
• /
• 2005

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories, but those are not well-suited for securing ad hoc networks. Moreover, a fundamental issue of securing mobile ad hoc networks is to ensure mobile nodes can authenticate each other. Because of its strength and efficiency, public key and digital signature is an ideal mechanism to construct the authentication service. Although this is already mature in the internet application, providing public key based authentication is still very challenging in mobile ad hoc networks. In this paper I propose a secure public key authentication service based on clustering model and trust model to protect nodes from getting false public keys of the others efficiently when there are malicious nodes in the network.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2012년도 춘계학술발표대회
• /
• pp.756-758
• /
• 2012

클라우드 서비스가 발전됨에 따라 자원공유를 위한 가상머신의 활용도 점차 증진되고 있다. 그러나 이러한 가상머신의 활용으로 인하여 가상 영역에 따른 보안위협이 이슈가 되고 있다. 따라서 본 논문은 가상 영역에 따른 보안위협으로부터 보다 안전하고 유동적인 대처를 하기 위한 시스템을 제안하였다. 해당 시스템은 물리관제센터와 가상관제센터의 연동을 통하여 상호간의 현황을 알 수 있음으로써 가상머신 모니터링, 플랫폼 간 공격연관성 분석 등이 용이하며 자원고갈공격이나 DDoS 공격과 같은 위협으로부터 안전하다. 제안하는 시스템은 향후 클라우드 서비스 운용시 물리영역과 가상영역을 총괄적으로 관리하는 통합관제센터 활용에 적합할 것으로 보인다.

• ETRI Journal
• /
• 제43권1호
• /
• pp.141-151
• /
• 2021

Several methods exist for detecting hacking programs operating within online games. However, a significant amount of computational power is required to detect the illegal access of a hacking program in game clients. In this study, we propose a novel detection method that analyzes the protected memory area and the hacking program's process in real time. Our proposed method is composed of a three-step process: the collection of information from each PC, separation of the collected information according to OS and version, and analysis of the separated memory information. As a result, we successfully detect malicious injected dynamic link libraries in the normal memory space.

• Journal of Information Processing Systems
• /
• 제6권3호
• /
• pp.269-294
• /
• 2010

The interconnection of mobile devices in urban environments can open up a lot of vistas for collaboration and content-based services. This will require setting up of a network in an urban environment which not only provides the necessary services to the user but also ensures that the network is secure and energy efficient. In this paper, we propose a secure, energy efficient dynamic routing protocol for heterogeneous wireless sensor networks in urban environments. A decision is made by every node based on various parameters like longevity, distance, battery power which measure the node and link quality to decide the next hop in the route. This ensures that the total load is distributed evenly while conserving the energy of battery-constrained nodes. The protocol also maintains a trusted population for each node through Dynamic Trust Factor (DTF) which ensures secure communication in the environment by gradually isolating the malicious nodes. The results obtained show that the proposed protocol when compared with another energy efficient protocol (MMBCR) and a widely accepted protocol (DSR) gives far better results in terms of energy efficiency. Similarly, it also outdoes a secure protocol (QDV) when it comes to detecting malicious nodes in the network.

• 한국멀티미디어학회논문지
• /
• 제12권11호
• /
• pp.1593-1608
• /
• 2009

다중 홉 무선 네트워크에서는 일부 중계 단말이 악의적인 목적으로 비협력적이거나 이기적인 행동을 하면 네트워크의 성능이 저하되는 문제점이 발생한다. 무선 단말간의 협력적인 동작을 가정한 기존의 애드혹 라우팅 기법에서는 악의적으로 행동하는 이기적인 무선 단말에 의해 발생되는 성능 감소 문제를 해결할 수 없다. 이에 본 논문에서는 다중 홉 무선 네트워크의 성능을 향상 시킬 수 있는 평판 기반의 협력적 애드혹 라우팅 프로토콜인 CARE (Cooperative Ad hoc routing protocol based REputation) 기법을 제안하였다. 제안한 CARE 기법은 홉 대 홉 기반의 패킷 포워딩 과정에서 악의적으로 행동하거나 무단으로 라우팅 경로에서 이탈하는 이기적인 무선 단말을 우회하도록 라우팅 경로를 설정하는 네트워크 계층간의 수평적 상호 작용을 제공한다. 그리고 CARE 기법은 수직적 상호 작용을 기반으로 하여 MAC 계층으로부터 획득한 무선 채널의 상황 정보를 반영하여 라우팅 경로의 품질 향상시키며, 네트리크 계층에서 획득한 무선 단말의 평판 정보를 전송 계통에 반영하여 TCP의 성능 향상을 제공한다. CARE로 기법의 성능을 평가한 결과, 단말의 빈번한 이동과 악의적인 단말이 존재하는 다중 홉 무선 네트워크 환경에서 패킷 전송의 낮은 실패율과 패킷의 평균 전송 시간의 향상을 제공함과 동시에 종단간 무선 단말의 향상된 TCP 성능을 확인하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권4호
• /
• pp.1773-1795
• /
• 2020

Unmanned aerial vehicles (UAVs) network are a very vibrant research area nowadays. They have many military and civil applications. Limited bandwidth, the high mobility and secure communication of micro UAVs represent their three main problems. In this paper, we try to address these problems by means of secure clustering, and a security clustering algorithm based on integrated trust value for UAVs network is proposed. First, an improved the k-means++ algorithm is presented to determine the optimal number of clusters by the network bandwidth parameter, which ensures the optimal use of network bandwidth. Second, we considered variables representing the link expiration time to improve node clustering, and used the integrated trust value to rapidly detect malicious nodes and establish a head list. Node clustering reduce impact of high mobility and head list enhance the security of clustering algorithm. Finally, combined the remaining energy ratio, relative mobility, and the relative degrees of the nodes to select the best cluster head. The results of a simulation showed that the proposed clustering algorithm incurred a smaller computational load and higher network security.