• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.607-614
• /
• 2001

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from those attacks, many vendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However, managing those systems individually requires too much work and high cost. Thus, in order to manage integrated security management and establish consistent security management for various security products, the policy model of PN-ISMS (Policy Based Integrated Security Management System) has become very important. In this paper, present the hierarchical policy model which explore the refinement of high-level/conceptual policies into a number of more specific policies to form a policy hierarchy. A formal method of policy description was used as the basis of the mode in order to achieve precision and generality. Z-Notation was chosen for this propose. The Z-Notation is mathematical notation for expressing and communicating the specifications of computer programs. Z uses conventional notations of logic and set theory organized into expressions called schemas.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.2
• /
• pp.676-682
• /
• 2018

As the IoT world including WSNs develops, the number of sensor systems that sense information according to the environment based on the principle of IoT is increasing. In order to perform security for each sensor system in such a complicated environment, the security modules must be varied. These problems make hardware/software implementation difficult when considering the system efficiency and hacking/cracking. Therefore, to solve this problem, this paper proposes a pseudorandom number generator (FLT: Pseudo-random Number Generator with Fixed Length Tap unrelated to the variable sensing nodes) with a fixed-length tap that generates a pseudorandom number with a constant period, irrespective of the number of sensing nodes, and has the purpose of detecting anomalies. The proposed FLT-LFSR architecture allows the security level and overall data formatting to be kept constant for hardware/software implementations in an IoT environment. Therefore, the proposed FLT-LFSR architecture emphasizes the scalability of the network, regardless of the ease of implementation of the sensor system and the number of sensing nodes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.1B
• /
• pp.11-16
• /
• 2007

This paper describes the design and performance of a secure routing protocol with time-space cryptography for mobile ad-hoc networks. The proposed time-space scheme works in the time domain for key distribution between source and destination as well as in the space domain for intrusion detection along the route between them. For data authentication, it relies on the symmetric key cryptography due to high efficiency and a secret key is distributed using a time difference from the source to the destination. Also, a one-way hash chain is formed on a hop-by-hop basis to prevent a compromised node or an intruder from manipulating the routing information. In order to evaluate the performance of our routing protocol, we compare it with the existing AODV protocol by simulation under the same conditions. The proposed protocol has been validated using the ns-2 network simulator with wireless and mobility extensions.

• Journal of IKEEE
• /
• v.23 no.4
• /
• pp.1469-1472
• /
• 2019

CAN bus in automotive applications does not assign node addresses. When a node is hacked and it transmits malicious data frame, it is difficult to resolve which node is hacked. However, this CAN bus internal attack seriously threatens the safety of a car, so a prompt counterattack is necessary in the CAN bus physical layer. This paper proposes a counterattack method against malicious CAN bus internal attack. When a malicious data frame is detected, an intrusion detection system in the CAN bus increases the error counter of the malicious node. Then, the malicious node is off from the bus when its error counter exceeds its limit. A CAN controller with the proposed method is implemented in Verilog HDL, and the proposed method is proved to counterattack against malicious CAN bus internal attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.41-49
• /
• 2017

According to a research by global IT market research institute IDC, CSIM(Converged Security Information Management) market of Korea was estimated to be 1.7 trillion KRW in 2010, and it has grown approximately 32% every year since. IDC forcasts this size to grow to 12.8 trillion KRW by 2018. Moreover, this case study exemplifies growing importance of CSIM market worldwide. Traditional CSIM solution consists of various security solutions(e.g. firewall, network intrusion detection system, etc.) and devices(e.g. CCTV, Access Control System, etc.). With this traditional solution, the the data collected from these is used to create events, which are then used by the on-site agents to determine and handle the situation. Recent development of IoT industry, however, has come with massive growth of IoT devices, and as these can be used for security command and control, it is expected that the overall amount of event created from these devices will increase as well. While massive amount of events could help determine and handle more situations, this also creates burden of having to process excessive amount of events. Therefore, in this paper, we discuss potential events that can happen in CSIM system and classify them into 3 groups, and present a model that can categorize and process these events effectively to increase overall efficieny of CSIM system.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.1-8
• /
• 2016

Current indoor intrusion detection and location tracking methods have the weakness in seamless operations in tracking the objective because the object must possess a communicating device and the limitation of the single cell size (approximate $100cm{\times}100cm$) exits. Also, the utilization of CCTV technologies show the shortcomings in tracking when the object disappear the area where the CCTV is not installed or illumination is not enough for capturing the scene (e.g. where the context-awarded system is not installed or low illumination presents). Therefore, in this paper we present an improved in-door tracking system based on sensor networks. Such system is built on a simulated scenario and enables us to detect and extend the area of surveillance as well as actively responding the emergency situation. Through simulated studies, we have demonstrated that the proposed system is capable of supplementing the shortcomings of signal cutting, and of estimating the location of the moving object. We expect the study will improve the better analysis of the intruder behavior, the more effective prevention and flexible response to various emergency situations.

• Journal of Intelligence and Information Systems
• /
• v.16 no.4
• /
• pp.213-225
• /
• 2010

Data mining has empowered the managers who are charge of the tasks in their company to present personalized and differentiated marketing programs to their customers with the rapid growth of information technology. Most studies on customer' response have focused on predicting whether they would respond or not for their marketing promotion as marketing managers have been eager to identify who would respond to their marketing promotion. So many studies utilizing data mining have tried to resolve the binary decision problems such as bankruptcy prediction, network intrusion detection, and fraud detection in credit card usages. The prediction of customer's response has been studied with similar methods mentioned above because the prediction of customer's response is a kind of dichotomous decision problem. In addition, a number of competitive data mining techniques such as neural networks, SVM(support vector machine), decision trees, logit, and genetic algorithms have been applied to the prediction of customer's response for marketing promotion. The marketing managers also have tried to classify their customers with quantitative measures such as recency, frequency, and monetary acquired from their transaction database. The measures mean that their customers came to purchase in recent or old days, how frequent in a period, and how much they spent once. Using segmented customers we proposed an approach that could enable to differentiate customers in the same rating among the segmented customers. Our approach employed support vector regression to forecast the purchase amount of customers for each customer rating. Our study used the sample that included 41,924 customers extracted from DMEF04 Data Set, who purchased at least once in the last two years. We classified customers from first rating to fifth rating based on the purchase amount after giving a marketing promotion. Here, we divided customers into first rating who has a large amount of purchase and fifth rating who are non-respondents for the promotion. Our proposed model forecasted the purchase amount of the customers in the same rating and the marketing managers could make a differentiated and personalized marketing program for each customer even though they were belong to the same rating. In addition, we proposed more efficient learning method by separating the learning samples. We employed two learning methods to compare the performance of proposed learning method with general learning method for SVRs. LMW (Learning Method using Whole data for purchasing customers) is a general learning method for forecasting the purchase amount of customers. And we proposed a method, LMS (Learning Method using Separated data for classification purchasing customers), that makes four different SVR models for each class of customers. To evaluate the performance of models, we calculated MAE (Mean Absolute Error) and MAPE (Mean Absolute Percent Error) for each model to predict the purchase amount of customers. In LMW, the overall performance was 0.670 MAPE and the best performance showed 0.327 MAPE. Generally, the performances of the proposed LMS model were analyzed as more superior compared to the performance of the LMW model. In LMS, we found that the best performance was 0.275 MAPE. The performance of LMS was higher than LMW in each class of customers. After comparing the performance of our proposed method LMS to LMW, our proposed model had more significant performance for forecasting the purchase amount of customers in each class. In addition, our approach will be useful for marketing managers when they need to customers for their promotion. Even if customers were belonging to same class, marketing managers could offer customers a differentiated and personalized marketing promotion.