• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.82-96
• /
• 2003

The Internet has evolved into the global computer network due to the openness of its protocol, but such evolution brings about new risks and threats. To protect computer networks safely, it is the best way that preventing an attacher from intruding beforehand. However, to provision against all attacks causes the degradation of network performance as well as to prevent unknown attacks is very hard. Secure Combination, the framework which establishes a mutual collaboration and cooperation between the trusted zones, could protect systems from the potential attacks. This frameworks can predict attacks by exchanging security information and cooperating with each zone. It is a dynamic and powerful security architecture that rapidly enables updating security policy and deploying response modules.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.190-194
• /
• 2023

By looking the importance of communication, data delivery and access in various sectors including governmental, business and individual for any kind of data, it becomes mandatory to identify faults and flaws during cyber communication. To protect personal, governmental and business data from being misused from numerous advanced attacks, there is the need of cyber security. The information security provides massive protection to both the host machine as well as network. The learning methods are used for analyzing as well as preventing various attacks. Machine learning is one of the branch of Artificial Intelligence that plays a potential learning techniques to detect the cyber-attacks. In the proposed methodology, the Decision Tree (DT) which is also a kind of supervised learning model, is combined with the different cross-validation method to determine the accuracy and the execution time to identify the cyber-attacks from a very recent dataset of different network attack activities of network traffic in the UNSW-NB15 dataset. It is a hybrid method in which different types of attributes including Gini Index and Entropy of DT model has been implemented separately to identify the most accurate procedure to detect intrusion with respect to the execution time. The different DT methodologies including DT using Gini Index, DT using train-split method and DT using information entropy along with their respective subdivision such as using K-Fold validation, using Stratified K-Fold validation are implemented.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.356-360
• /
• 2006

Recently, many power analysis attacks have been proposed. Since the attacks are powerful, it is very important to implement cryptosystems securely against the attacks. We propose countermeasures against power analysis attacks for elliptic curve cryptosystems based on Koblitz curves (KCs), which are a special class of elliptic curves. That is, we make our countermeasures be secure against SPA, DPA, and new DPA attacks, specially RPA, ZPA, using a random point at each execution of elliptic curve scalar multiplication. And since our countermeasures are designed to use the Frobenius map of KC, those are very fast.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.159-168
• /
• 2021

Detecting cyber-attacks using machine learning or deep learning is being studied and applied widely in network intrusion detection systems. We noticed that the application of deep learning algorithms yielded many good results. However, because each deep learning model has different architecture and characteristics with certain advantages and disadvantages, so those deep learning models are only suitable for specific datasets or features. In this paper, in order to optimize the process of detecting cyber-attacks, we propose the idea of building a new deep learning network model based on the association and combination of individual deep learning models. In particular, based on the architecture of 2 deep learning models: Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM), we combine them into a combined deep learning network for detecting cyber-attacks based on network traffic. The experimental results in Section IV.D have demonstrated that our proposal using the CNN-LSTM deep learning model for detecting cyber-attacks based on network traffic is completely correct because the results of this model are much better than some individual deep learning models on all measures.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.143-150
• /
• 2019

Recently, As ICT technology develops, cyber attacks are becoming more intelligent and advanced. In order to cope with such cyber attacks, the security control system must be maintained 24 hours a day, 365 days a year. Security personnel should be able to respond in real time to cyber attacks through shift work for 24 hours, but the workforce law was revised in 2018 to affect manpower and security control work systems. Therefore, in this paper, we propose an effective security control work system by reducing 52 working hours per week.

• Journal of the Korea Convergence Society
• /
• v.3 no.4
• /
• pp.1-5
• /
• 2012

The fast-paced development in the field of U-Healthcare, which is available anytime and anywhere, is being underway in accordance with the development of IT technology. U-Healthcare technology has various security threats because it is based on network. The purpose of this paper is to examine the threats of DOS / DDOS attacks based on network attacks, and to propose the response technique that fit the situation of the U-Healthcare service by modifying the existing Detecting Early DOS / DDOS attacks through Packet Counting.

• Journal of Information Processing Systems
• /
• v.14 no.6
• /
• pp.1431-1437
• /
• 2018

Securing objects in the Internet of Things (IoT) is essential. Authentication model is one candidate to secure an object, but it is only limited to handle a specific type of attack such as Sybil attack. The authentication model cannot handle other types of attack such as trust-based attacks. This paper proposed two-phase security protection for objects in IoT. The proposed method combined authentication and statistical models. The results showed that the proposed method could handle other attacks in addition to Sybil attacks, such as bad-mouthing attack, good-mouthing attack, and ballot stuffing attack.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.276-282
• /
• 2022

One of the most essential foundations upon which big institutions rely in delivering cloud computing and hosting services, as well as other kinds of multiple digital services, is the security of infrastructures for digital and information services throughout the world. Distributed denial-of-service (DDoS) assaults are one of the most common types of threats to networks and data centers. Denial of service attacks of all types operates on the premise of flooding the target with a massive volume of requests and data until it reaches a size bigger than the target's energy, at which point it collapses or goes out of service. where it takes advantage of a flaw in the Transport Control Protocol's transmitting and receiving (3-way Handshake) (TCP). The current study's major focus is on an architecture that stops DDoS attacks assaults by producing code for DDoS attacks using a cloud controller and calculating Round-Tripe Time (RTT).

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.87-99
• /
• 2022

Cyber attacks have become more difficult to detect and track as sophisticated and advanced APT attacks increase. System providence graphs provide analysts of cyber security with techniques to determine the origin of attacks. Various system provenance graph techniques have been studied to reveal the origin of penetration against cyber attacks. In this study, we investigated various system provenance graph techniques and described about data collection and analysis techniques. In addition, based on the results of our survey, we presented some future research directions.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.27-34
• /
• 2017

Network security visualization technique using security alerts provide the administrator with intuitive network security situation by efficiently visualizing a large number of security alerts occurring from the security devices. However, most of these visualization techniques represent events using overlap the timelines of the alerts or Top-N analysis by their frequencies resulting in failing to provide information such as the attack trend, the relationship between attacks, the point of occurrence of attack, and the continuity of the attack. In this paper, we propose an effective visualization technique which intuitively explains the transition of the whole attack and the continuity of individual attacks by arranging the events spirally according to timeline and marking occurrence point and attack type. Furthermore, the relationship between attackers and victims is provided through a single screen view, so that it is possible to comprehensively monitor not only the entire attack situation but also attack type and attack point.