• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.800-803
• /
• 2010

센서 노드는 제한적인 에너지를 가지기 때문에 라우팅 기법 개발에 있어 에너지 효율은 중요한 디자인 요소이다. 체인 기반 클러스터 구조의 라우팅 기법은 각 센서 노드에서 수집되는 유사한 정보를 베이스 스테이션에 효율적으로 전하기 위한 라우팅 기법이다. 체인 기반 클러스터 구조의 라우팅 기법은 에너지 효율적으로 정보를 모을 수 있는 장점을 가지지만, 센서 노드의 키를 오용하여 메시지를 삽입, 수정하는 공격이 발생할 경우 매우 큰 피해를 입게 되는 단점이 있다. 따라서, 체인 기반 클러스터 구조의 라우팅 기법을 사용하는 무선 센서 네트워크에서는 키의 오용을 탐지하고 이를 막는 기술이 매우 중요하다. 본 논문에서는 체인 기반 무선 센서 네트워크 환경에서 센서 노드의 키의 오용을 막는 효율적인 방법에 대해 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.254-257
• /
• 2020

최근 악성코드에 의한 피해사례가 매년 증가하고 있다. 전통적인 시그니처 기반 안티바이러스 솔루션은 제로데이 공격이나 랜섬웨어처럼 전례가 없는 새로운 위협에 속수무책일 정도로 취약하다. 그럼에도 불구하고 많은 기업이 다중 엔드포인트 보안 전략의 일환으로 시그니처 기반 안티바이러스 솔루션을 유지하고 있다. 이에 응하고자 다양한 악성코드 분석기술이 출현해왔으며, 최근의 연구들은 부분 머신러닝을 이용하여 기존에 진행했던 시그니쳐 기반의 한계를 보완하고 노력하고 있다. 본 논문은 머신러닝을 이용한 바이러스 분석 모델과 머신러닝 알고리즘 중 GRU를 이용한 솔루션 시스템을 제안한다. 기존 DB Server를 통해 머신러닝을 학습 시키며 다양한 샘플과 형식을 이용하여 머신러닝을 학습하고 이를 이용해 새로운 악성코드, 변조된 악성코드의 탐지율을 높일 수 있다.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.46-53
• /
• 2022

Today, due to the 4th industrial revolution and extensive R&D funding, domestic companies have begun to possess world-class industrial technologies and have grown into important assets. The national government has designated it as a "national core technology" in order to protect companies' critical industrial technologies. Particularly, technology leaks in the shipbuilding, display, and semiconductor industries can result in a significant loss of competitiveness not only at the company level but also at the national level. Every year, there are more insider leaks, ransomware attacks, and attempts to steal industrial technology through industrial spy. The stolen industrial technology is then traded covertly on the dark web. In this paper, we propose a system for detecting industrial technology leaks in the dark web environment. The proposed model first builds a database through dark web crawling using information collected from the OSINT environment. Afterwards, keywords for industrial technology leakage are extracted using the KeyBERT model, and signs of industrial technology leakage in the dark web environment are proposed as quantitative figures. Finally, based on the identified industrial technology leakage sites in the dark web environment, the possibility of secondary leakage is detected through the PageRank algorithm. The proposed method accepted for the collection of 27,317 unique dark web domains and the extraction of 15,028 nuclear energy-related keywords from 100 nuclear power patents. 12 dark web sites identified as a result of detecting secondary leaks based on the highest nuclear leak dark web sites.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.113-120
• /
• 2018

Today, the development of information and communication technology is rapidly increasing the number of users of network-based service, and enables real-time information sharing among users on the Internet. There are various methods in the information sharing process, and information sharing based on portal service is generally used. However, the process of information sharing serves as a cause of illegal activities in order to amplify the social interest of the relevant stakeholders. Public opinion attack using macro function can distort normal public opinion, so security measures are urgent. Therefore, security measures are urgently needed. Macro attacks are generally defined as attacks in which illegal users acquire multiple IP or ID to manipulate public opinion on the content of a particular web page. In this paper, we analyze network path information based on traceback for macro attack of a specific user, and then detect multiple access of the user. This is a macro attack when the access path information for a specific web page and the user information are matched more than once. In addition, when multiple ID is accessed for a specific web page in the same region, it is not possible to distort the overall public opinion on a specific web page by analyzing the threshold count value.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.685-687
• /
• 2013

Today, as wireless communications devices such as laptops, smart phones are generalized, wireless LAN has been widely installed in the corporate office conference rooms, industrial warehouses, Internet-ready classrooms, and even in a coffee shop. Though a wired network can be accessed and attacked only by the physical penetration, the wireless network which can be accessed anywhere within the reach of anyone has relative vulnerability by unauthorized users' attack. To defend these vulnerabilities, the introduction of WIDS / WIPS is required. In this paper, we recognize the limitations of WLAN security technology, review the current technology trends and propose the solutions in the future security problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.997-1008
• /
• 2022

Today, AI(Artificial Intelligence) technology is being extensively researched in various fields, including the field of malware detection. To introduce AI systems into roles that protect important decisions and resources, it must be a reliable AI model. AI model that dependent on training dataset should be verified to be robust against new attacks. Rather than generating new malware detection, attackers find malware detection that succeed in attacking by mass-producing strains of previously detected malware detection. Most of the attacks, such as adversarial attacks, that lead to misclassification of AI models, are made by slightly modifying past attacks. Robust models that can be defended against these variants is needed, and the Robustness level of the model cannot be evaluated with accuracy and recall, which are widely used as AI evaluation indicators. In this paper, we experiment a framework to evaluate robustness level by generating an adversarial sample based on one of the adversarial attacks, C&W attack, and to improve robustness level through adversarial training. Through experiments based on malware dataset in this study, the limitations and possibilities of the proposed method in the field of malware detection were confirmed.

• Journal of the Korea Convergence Society
• /
• v.3 no.2
• /
• pp.7-12
• /
• 2012

An advanced and proactive response mechanism against diverse attacks should be proposed for enhance its security and reliability on android based commercial smart work device. In this study, we propose a user-oriented vulnerability analysis and response system on commercial smart work device based on android when diverse attacks are activated. Proposed mechanism uses simplified and optimized memory for monitoring and detecting the abnormal behavior on commercial smart work device, with which we can find and determine the attacker's attempts. Additionally, proposed mechanism provides advanced vulnerability analysis and monitoring/control module.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1279-1290
• /
• 2021

As vehicle technology has grown, autonomous driving that does not require driver intervention has developed. Accordingly, CAN security, an network of in-vehicles, has also become important. CAN shows vulnerabilities in hacking attacks, and machine learning-based IDS is introduced to detect these attacks. However, despite its high accuracy, machine learning showed vulnerability against adversarial examples. In this paper, we propose a adversarial CAN frame generation method to avoid IDS by adding noise to feature and proceeding with feature selection and re-packet for physical attack of the vehicle. We check how well the adversarial CAN frame avoids IDS through experiments for each case that adversarial CAN frame generated by all feature modulation, modulation after feature selection, preprocessing after re-packet.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1210-1213
• /
• 2007

WiBro는 무선랜과 3G 이동통신의 장점을 결합한 휴대 인터넷 기술로 최근 국내에서 상용화 되었다. WiBro의 장점인 이동성과 고속 무선 통신에 기인하여, 향후 지속적인 발전이 기대된다. 이러한 WiBro의 확산에 따라 개인 사용자에 대한 보안문제가 최근 크게 부각되고 있다. 현재 Wibro는 3G 이동통신 및 무선랜과 효율적인 연동을 위해 EAP-AKA 인증기법을 사용하고 있다. 하지만 EAP-AKA는 단말이 기지국을 인증하지 못하는 치명적인 취약점이 있다. 따라서 공격자는 임의로 rogue BS를 설치할 수 있고, 정상 사용자의 데이터를 이종 네트워크로 보내는 Redirection Attack을 시도할 수 있다. Redirection Attack은 전송 속도 저하, Denial-of-Service (DoS) 을 초래하며, 데이터가 redirection 되는 이종 네트워크에 따라 암호화된 데이터가 노출될 수 있다. 본 논문에서는 EAP-AKA와 Redirection Attack에 대해 분석하고, 그 해결책을 제시한다. 논문은 1) 프로토콜을 일부 수정하여 공격을 막는 방법과 2) traffic 분석을 통한 공격 탐지 방식을 다루고 있으며, 이러한 두 가지 방법을 통해 Redirection Attack에 대한 취약점을 근본적으로 제거할 수 있다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.