• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.47 no.5
• /
• pp.67-74
• /
• 2010

Recently, the early detection and prevention of worm research is mainly studying based on the analysis of generalized worm propagation property. However, it is not easy to do Worm early detection with its attributes because the modeling method for Worm propagation is vague and not specified yet. Worm scanning method is exceedingly effect to Worm propagation process. This paper describes a modeling method and its simulations to estimate various worm growth patterns and their corresponding propagation algorithms. It also tests and varies the impact of various improvements, starting from a trivial simulation of worm propagation and the underlying network infrastructure. It attempts to determine the theoretical maximum propagation speed of worms and how it can be achieved. Moreover, we present the feasibility of the proposed model based on real testbed for verification.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.474-481
• /
• 2008

Scanning worm increases network traffic load and result in severe network congestion because it is a self-replicating worm and send copies of itself to a number of hosts through the Internet. So an early detection system which can automatically detect scanning worms is needed to protect network from those attacks. Although many studies are conducted to detect scanning worms, most of them are focusing on the method using packet header information. The method using packet header information has long detection delay since it must examine the header information of all packets entering or leaving the network. Therefore we propose an algorithm to detect scanning worms using network traffic characteristics such as variance of traffic volume, differentiated traffic volume, mean of differentiated traffic volume, and product of mean traffic volume and mean of differentiated traffic volume. We verified the proposed algorithm by analyzing the normal traffic captured in the real network and the worm traffic generated by simulator. The proposed algorithm can detect CodeRed and Slammer which are not detected by existing algorithm. In addition, all worms were detected in early stage: Slammer was detected in 4 seconds and CodeRed and Witty were detected in 11 seconds.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.75-82
• /
• 2006

Internet worm gives various while we paralyze the network and flow the information out damages. In this paper, I suggest the method to prevent this. This method detect internet worm in PC first. and present the method to do an automatic confrontation. This method detect a traffic foundation network scanning of internet worm which is the feature and accomplish the confrontation. This method stop the process to be infected at the internet worm and prevent that traffic is flowed out to the outside. and This method isolate the execution file to be infected at the internet worm and move at a specific location for organizing at the postmortem so that we could accomplish the investigation about internet worm. Such method is useful to the radiation detection indication and computation of unknown internet worm. therefore, Stable network operation is possible through this method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.57-66
• /
• 2007

Scanning worms increase network traffic load because they randomly scan network addresses to find hosts that are susceptible to infection. Since propagation speed is faster than human reaction, scanning worms cause severe network congestion. So we need to build an early detection system which can automatically detect and quarantine such attacks. We propose algorithms to detect scanning worms using network traffic characteristics such as variance, variance to mean ratio(VMR) and correlation coefficient. The proposed algorithm have been verified by computer simulation. Compared to existing algorithm, the proposed algorithm not only reduced computational complexity but also improved detection accuracy.

• Applied Microscopy
• /
• v.32 no.1
• /
• pp.45-55
• /
• 2002

The worm of Thelazia callipaeda Railliet et Henry, 1910 (The oriental eye worm) was frequently observed in the eyes of animal and human in Korea. But it did not clearly describe about the ultrastructural character on the sensory papillae and cuticular striation of the worm. This study was performed to investigate the ultrastructure and character on the cuticular surface of the worm that was extracted from the eyes of two patients in Korea University Medical Center, using the scanning electron microscopy. According to the mouth, 1/4, 1/2, 3/4 and tail portion of the worm, the size of cuticular striation on each portion was measured. The size of cuticular striation on the worm surface was $1.8{\mu}m$ in the mouth and tail portion, $4.0{\sim}4.5{\mu}m$ in the middle portion of the worm. On the scanning electron microscopy, the female worms were developed phasmids in the tail end and male worms were developed sensory papillae and external sexual organ on the tail end. The sensory papillae on the tail end were composed anterior ventral postcloacal papillae, middle ventral postcloacal papillae, subventral postcloacal papillae, and lateral papillae. According to the result in this study, it is considered that the character of the cuticular striation and the sensory papillae were able to accept as classifying key for the identification of species.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.173-181
• /
• 2008

Recently, Worm epidemic models have been developed in response to the cyber threats posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical model techniques such as Epidemic(SI), KM (Kermack-MeKendrick), Two-Factor and AAWP(Analytical Active Worm Propagation). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the network such as CodeRed worm and it was able to be applied to the specified threats. Therefore, we propose the probabilistic of worm propagation based on the Markov Chain, which can be applied to cyber threats such as Mass SQL Injection worm. Using the proposed method in this paper, we can predict the occurrence probability and occurrence frequency for each threats in the entire system.

• Parasites, Hosts and Diseases
• /
• v.53 no.6
• /
• pp.719-724
• /
• 2015

Nematomorpha, horsehair or Gordian worms, include about 300 freshwater species in 22 genera (Gordiida) and 5 marine species in 1 marine genus (Nectonema). They are parasitic in arthropods during their juvenile stage. In the present study, the used gordian worm was found in the feces of a dog (5-month old, male) in July 2014. Following the worm analysis using light and scanning electron microscopes, the morphological classification was re-evaluated with molecular analysis. The worm was determined to be a male worm having a bi-lobed tail and had male gonads in cross sections. It was identified as Gordius sp. (Nematomorpha: Gordiidae) based on the characteristic morphologies of cross sections and areole on the cuticle. DNA analysis on 18S rRNA partial sequence arrangements was also carried out, and the gordiid worm was assumed to be close to the genus Gordius based on a phylogenic tree analysis.

• Korean Journal of Veterinary Service
• /
• v.39 no.4
• /
• pp.271-276
• /
• 2016

Horsehair or gordian worms (Nematomorpha) were identified with 22 genera (Gordiida) and 5 marine species (Nectonema) until now. During juvenile phase in development, they gain parasitic activity in arthropods. In this study, a gordian worm was detected in the feces of a dog living in Nonsan-si, Chungcheongnam-do, Korea. Using this worm, we evaluated the morphological characteristics by light microscopic analysis. Furthermore, the morphological classification was re-evaluated by scanning and transverse electron microscopes. The worm was determined that it is male adult having a bi-lobed tail and male gonads in cross sections. Based on the morphological characteristics including cross sections of body and areole on the cuticle, the parasite was also identified as Gordius sp. (Nematomorpha: Gordiidae).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.73-86
• /
• 2007

Numerous types of models have been developed in recent years in response to the cyber threat posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical modeling techniques such as Epidemic, AAWP (Analytical Active Worm Propagation Modeling) and LAAWP (Local AAWP). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the entire nv4 network and fail to consider the effects of countermeasures, making it difficult to analyze the extent of damage done by them and the effects of countermeasures in a specific network. This paper extends the equations and parameters of AAWP and LAAWP and suggests ALAAWP (Advanced LAAWP), a new worm simulation technique that rectifies the drawbacks of existing models.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.