• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.337-340
• /
• 2022

SQL Injection attacks are one of the older attack techniques and are the dominant type of hacking attempts against web services. There have been many attempts to hack SQL injection attacks by exposing data or obtaining privileges. In this paper, we implement a log analysis system that can respond to SQL injection attacks in real time using the open source ELK Stack. did. By providing a visualization of SQL injection attack log data through the implemented system, it is expected that users will be able to easily grasp the degree of attack risk and quickly prepare for attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2576-2590
• /
• 2020

The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.1
• /
• pp.1-7
• /
• 2013

The cloud computing is technology which gives flexible and solid infrastructure to IT environment. With this technology multiple computing environment can be consolidated in to a single server so that maximize system resource utilization. Better processing power can be achieved with less system resource. IT manager can cope with increasing unnecessary cost for additional server and management cost as well. This means a enterprise is able to provide services with better quality and create new services with surplus resource. The time required for recovery from system failure will be reduced from days to minutes. Enhanced availability and continuity of enterprise business minimize the codt and the risk produced by service discontinuity. In this paper, we propose framework architecture that is strong against denial-of-service attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.217-226
• /
• 2005

In today's cyberworld, network performance is affected not only by an increased demand for legitimate content request, but also by an increase in malicious activity. In this Paper, we research that network performance was affected by an increase in malicious Hacker who make DoS Attack, DDoS Attack, SYN Flooding, IP Spoofing, etc. in using TCP/IP. We suggest that Packet filtering in Network Level, Gateway Level, Application Level against to Protect by Hacker's attack. Also, we suggest that content distribution in Web Server approaches to mitigate Hacker's activity using Cache Sever, Mirror Sever, CDN. These suggests are going to use useful Protection methode of Hacker's attack.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.33-40
• /
• 2012

In this paper we propose an anomaly detection scheme to detect new attack paths or new attack methods without false positives by monitoring HTTP Outbound Traffic after efficient training. Our proposed scheme detects web-based attacks by comparing tags or javascripts of HTTP Outbound Traffic with normal behavioral models which apply HMM(Hidden Markov Model). Through the verification analysis under the real-attacked environment, we show that our scheme has superior detection capability of 0.0001% false positive and 96% detection rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.99-110
• /
• 2010

Recently, network based DDoS attacks have been changed into application layer DDoS attacks which are targeted at the web services. Specially, an attacker makes zombie PCs generate small traffic and its traffic pattern has been similar to the normal user's pattern. So, existing HTTP PPS based Threshold cannot defend the DDoS attacks effectively. In this paper, we displayed all the GET Flooding attack types and propose three DDoS attack defense mechanisms which are simple and very powerful. Proposed mechanisms can defend all the existing GET Flooding DDoS attacks and be deployed in the real environment immediately with little resource consumption.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.125-128
• /
• 2022

As the number of online systems based on the internet gradually increases, cyber-scale attacks that interfere with the normal operation of web services are also on the rise. In particular, distributed denial-of-service attacks (DDoS) that interfere with normal web service operations are also increasing. Therefore, this paper presents an efficient DDoS attack defense technique utilizing Equal Cost Multi-Path (BGP ECMP) routing techniques in networks of Anycast type by operating PoP basis of major attack sources and describes how high-availability web services can be operated.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.