• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.168-182
• /
• 2020

Spoofing attacks, especially replay attacks, pose great security challenges to automatic speaker verification (ASV) systems. Current works on replay attacks detection primarily focused on either developing new features or improving classifier performance, ignoring the effects of feature variability, e.g., the channel variability. In this paper, we first establish a mathematical model for replay speech and introduce a method for eliminating the negative interference of the channel. Then a novel feature is proposed to detect the replay attacks. To further boost the detection performance, four post-processing methods using normalization techniques are investigated. We evaluate our proposed method on the ASVspoof 2017 dataset. The experimental results show that our approach outperforms the competing methods in terms of detection accuracy. More interestingly, we find that the proposed normalization strategy could also improve the performance of the existing algorithms.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Journal of IKEEE
• /
• v.28 no.1
• /
• pp.6-13
• /
• 2024

This paper proposes an approach to detect abnormal data in automotive controller area network (CAN) using an unsupervised learning model, i.e. autoencoder and Gaussian kernel density estimation function. The proposed autoencoder model is trained with only message ID of CAN data frames. Afterwards, by employing the Gaussian kernel density estimation function, it effectively detects abnormal data based on the trained model characterized by the optimally determined number of frames and a loss threshold. It was verified and evaluated using four types of attack data, i.e. DoS attacks, gear spoofing attacks, RPM spoofing attacks, and fuzzy attacks. Compared with conventional unsupervised learning-based models, it has achieved over 99% detection performance across all evaluation metrics.

• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.139-149
• /
• 2010

Internet was designed for network scalability and best-effort service which makes all hosts connected to Internet to be vulnerable against attack. Many papers have been proposed about attack detection algorithms against the attack using IP spoofing and DoS/DDoS attack. Purpose of DoS/DDoS attack is achieved in short period after the attack begins. Therefore, DoS/DDoS attack should be detected as soon as possible. Attack detection algorithms using false alarm rates consist of the false negative rate and the false positive rate. Moreover, they are important metrics to evaluate the attack detections. In this paper, we analyze the performance of the attack detection algorithms using the impact of false negative rate and false positive rate variation to the normal traffic and the attack traffic by simulations. As the result of this, we find that the number of passed attack packets is in the proportion to the false negative rate and the number of passed normal packets is in the inverse proportion to the false positive rate. We also analyze the limits of attack detection due to the relation between the false negative rate and the false positive rate. Finally, we propose a solution to minimize the limits of attack detection algorithms by defining the network state using the ratio between the number of packets classified as attack packets and the number of packets classified as normal packets. We find the performance of attack detection algorithm is improved by passing the packets classified as attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.151-158
• /
• 2010

The industrial foundation of the inside and outside of a country has brought significant damages due to attacks from hackers. Especially, if the national primary core infrastructures(like electric power, dam, railroad, atomic energy, etc.) has been significantly damaged, it can be directly linked not only to economic problems but also to people's lives. These national primary core infrastructures usually constitute SCADA system using Modbus RS486 communication. Because of this characteristic, SCADA system has RTU master and slave linked to RJ11 cables to directly pass commands. RJ11 is possible in data spoofing using physical connection because the transmission range of RJ11 has a wide bandwidth(almost 1km). Hence, this paper designed an idle-time measurement system for SCADA system for emerging security improvement in the national primary core infrastructures.

• Proceedings of the KIEE Conference
• /
• 2015.07a
• /
• pp.1306-1307
• /
• 2015

As a basic research for the detection of GPS spoofing signal we study to generate a GPS fake signal which can mislead GPS receivers, and show that the fake signal is generated and transmitted through a pseudolite and the GPS receivers produce a wrong position as designated in the fake signal.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.29-37
• /
• 2020

Conventional firewalls cannot cope with attacks immediately. It is because security professionals or administrators need to analyze them and enter relevant policies to the firewalls. In addition, those policies may often block even normal accesses. Even though the packet themselves are normal, there exist many attacks that cause denial of service due to the inflow of a large amount of those packets. In this paper, we propose a method to block attacks such as Flooding, Spoofing and Scanning while allowing normal accesses based on whitelist policies which are automatedly generated by learning normal access patterns.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.413-418
• /
• 2019

Attacks on existing sensor networks include sniffing, flooding, and spoofing attacks. The basic countermeasures include encryption and authentication methods and switching methods. Wormhole attack, HELLO flood attack, Sybil attack, sinkhole attack, and selective delivery attack are the attacks on the network layer in wireless sensor network (WSN). These attacks may not be defended by the basic countmeasures mentioned above. In this paper, new countermeasures against these attacks include periodic key changes and regular network monitoring. Moreover, we present various threats (attacks) in the network layer of wireless sensor networks and new countermeasures accordingly.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.47-53
• /
• 2019

Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.