• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.993-998
• /
• 2004

As Worm Virus & DDoS attack appeares, the targets and damage of infringement accidents are extending from specific system or services to paralysis of the network itself. These attacks are expending very frequently and strongly, and ISP who will be used as the path of these attacks will face serious damages. But compare to Worm Virus & DDoS attack that generally occures in many Systems at one time with it's fast propagation velocity, network dimensional opposition is slow and disable to deal with the whole appearance for it is operated manually by the network manager. Therefore, this treatise present devices how to detect Worm Virus & DDoS attack's outbreak and the attacker(attacker IP adderss) automatically.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.3-10
• /
• 1997

Computer viruses are increasing in number and are continually intellectualized as well. To cope with this problem, anti-virus tools such as a scanner and the monitoring program have been developed. But it is not guaranteed that these softwares will work in safety under MS-DOS' control. If the virus is run first, it can avoid the monitoring of anti-virus software or even can attack the anti-virus software. Therefore, anti-virus programs should be run before the system is infected. This paper presents a new PC starting mechanism which allows the PC system to start from a clean state after booting. For this mechanism, we build a new disk file system different from DOS' file system, and manage the two file systems heterogeneously. Our system is strong against boot viruses and recovers from infections automatically.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.2
• /
• pp.39-47
• /
• 2008

As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the international cyber terror to the national key organizations go on increasing. If the national key organizations is attacked by the attack, the national paper, document and records are exposed to the other nations. The national paper, document and records can give damage to the nation. Especially, the unknown attack can give much damage to the nation. Therefore, this paper suggested a countermeasures on the cyber terror for the national key organizations provided the inner of the organization is safe. The uneffective item and invasion privacy item are included among the countermeasures. However the countermeasures can protect only one cyber terror to the national key organizations.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.2
• /
• pp.30-36
• /
• 2007

The UPnP uses the same standard protocol as SSDP and UDP based on standard internet and technology like the TCP/IP, and is independent of other physical networking product. But the structure of the UPnP has the of vulnerability to the security countermeasure for home-networking technology since it is operated on the same protocol as the SSDP and UDP. In this paper, we analyze and report against the DoS attack, where the worm virus, using the vulnerability to the UPnP, eliminates the attack of all equipments that are based on networking and eliminates the information belonging to the equipments of the home-networking or transmits the massive data.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.9-17
• /
• 2021

In this paper, we propose a reversely using the "Man In The Middle Attack" attack technique as a way to introduce network security without changing the physical structure and configuration of the existing network, a Virtual Network Overlay is formed with only a single Ethernet Interface. Implementing In-line mode to protect the network from external attacks, we propose an integrated control method through a micro network security sensor and cloud service. As a result of the experiment, it was possible to implement a logical In-line mode by forming a Virtual Network Overlay with only a single Ethernet Interface, and to implement Network IDS/IPS, Anti-Virus, Network Access Control, Firewall, etc.,. It was possible to perform integrated monitor and control in the service. The proposed system in this paper is helpful for small and medium-sized enterprises that expect high-performance network security at low cost, and can provide a network security environment with safety and reliability in the field of IoT and embedded systems.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.641-648
• /
• 2013

ARP spoofing is a typical Internet attack, in which an attacker sends data by changing his's MAC address with the other's one. Currently, this attack is usually dealt with separating the attacking PCs infected with ARP spoofing virus, by keeping network devices investigating by the network manager. However, this manual process has some limitations in time and accuracy. This paper proposes a new network management system to replace the effort of network manager who has to keep on inspecting the network. Along with designing an ARP analyzer and a disconnection notifier and adding them into the existing network management system, the proposed system provides a basement to identify and notify the PC infected by an ARP spoofing virus with fast and high accuracy. As a result, it is expected to minimize the network break off and to make easy the network management.

• Journal of the Korean Society of Food Science and Nutrition
• /
• v.29 no.1
• /
• pp.128-133
• /
• 2000

This study was designed to verify the efficacy of garlic extracts for protecting the infecton of influenza and Japanese B encephalitis virus. Influenza virus (AO/PR8 strain) and Japanese B encephalitis virus (JaGAr O1 strain) were used to attack mouse through nasal route and each vaccines were injected subcutaneously. 0.002 and 0.2 mL/day of garlic extracts were orally administered to mice. The blood and serum samples were taken from the mice to measure LD50, Defense Index (DI), virus-neutralizing antibody for comparing virus influence inhibiting activities. Defense indices of the male and female mice were not significantly different at every experiment. Vaccination effectively inhibited the influence of influenza virus and 0.002 mL/day garlic extract (0.55$\pm$0.05) resulted in significantly higher DI than the control (0$\pm$0.05) (p<0.05). Although 0.002 mL/day garlic extract (0.55$\pm$0.05) resulted in significantly lower DI than the vaccination (1.10$\pm$0.05), 0.2 mL/day garlic extract (2.05$\pm$0.05) resulted in 10 times higher DI than the vaccination (1.10$\pm$0.05). Garlic extract did not affect DI in Japanese B encephalitis virus influence of the vaccinated mouse, but significantly reduced DI of the non-vaccinated mouse (p<0.05). Garlic extracts did not affect the production of the neutralizing antibody against influenza by vaccination. However, neutralizing antibody production of Japanese B encephalitis was accelerated by vaccination. Consequently, the current study proved the efficacy of garlic on inhibition of influenza virus. Finally, it is very hard to show the higher preventing effect on flu through ingestion of garlic as a food than vaccination.

• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 2004.11a
• /
• pp.322-322
• /
• 2004

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.199-207
• /
• 2002

Comes in into recent times and there is on with a level where the attack against the computer virus and the hacking which stand is serious. The recently computer virus specific event knows is the substantial damage it will be able to occur from our life inside is a possibility of feeling. The virus which appears specially in 1999 year after seemed the change which is various, also the virus of the form which progresses appeared plentifully The part virus does it uses the password anger technique which relocates the cord of the oneself. Hereupon consequently the vaccine programs in older decode anger to do the password anger of the virus again are using emulation engine. The password anger technique which the like this virus is complicated and decode anger technique follow in type of O.S. and the type is various. It uses a multi emulation engine branch operation setup consequently from one system and to respect it will be able to use a multiple operation setup together it will use the VMware which is an application software which it does as a favor there is a possibility where it will plan 'Virus Test Simulation' and it will embody.