• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.57-66
• /
• 2021

Deep neural networks (DNNs) provide excellent performance for image, speech, and pattern recognition. However, DNNs sometimes misrecognize certain adversarial examples. An adversarial example is a sample that adds optimized noise to the original data, which makes the DNN erroneously misclassified, although there is nothing wrong with the human eye. Therefore studies on defense against adversarial example attacks are required. In this paper, we have experimentally analyzed the success rate of detection for adversarial examples by adjusting various parameters. The performance of the ensemble defense method was analyzed using fast gradient sign method, DeepFool method, Carlini & Wanger method, which are adversarial example attack methods. Moreover, we used MNIST as experimental data and Tensorflow as a machine learning library. As an experimental method, we carried out performance analysis based on three adversarial example attack methods, threshold, number of models, and random noise. As a result, when there were 7 models and a threshold of 1, the detection rate for adversarial example is 98.3%, and the accuracy of 99.2% of the original sample is maintained.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.39-48
• /
• 2022

Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2004.11a
• /
• pp.343-348
• /
• 2004

Since the destruction of World Trade Center the attention of the united States and the wider international community has focussed upon the need to strengthen security and prevent terrorism. This paper suggests an analysis prior to risk factor and structure for anti-terrorism in the korean maritime society. For this, in this paper, maritime terror risk factor was extracted by type and case of terror using brainstorming method. Also, risk factor is structured by FSM method and analyzed for ranking of each risk factor by AHP. At the result, the evaluation of risk factor is especially over maximum factor for related external impact.

• Annual Conference of KIPS
• /
• 2006.05a
• /
• pp.939-942
• /
• 2006

웹 서비스는 오늘날의 인터넷 환경에서 분산되어있고, 이질적인 시스템들 간에 상호운용을 제공하는 새로운 소프트웨어 시스템의 형태이다. 이러한 환경에 있어서 보안은 가장 중요한 이슈 중 하나이다. 공격자는 아무런 인증 없이 사용자의 비밀정보를 노출시킬 수도 있다. 더구나 유비쿼터스 환경에서 사용자들은 웹 서비스를 이용하기 위해 반드시 그들 대신 서비스를 처리할 에이전트들에게 그들의 권한 모두를 혹은 그 중 일부분을 일시적으로 위임해야만 한다. 이것은 사용자의 비밀정보가 에이전트들을 통해 외부에 노출되는 결과를 초례한다. 본 논문에서는 유비쿼터스 환경에서의 안전한 웹 서비스를 위한 위임모델을 제시한다. 우리는 에이전트를 통한 비밀정보의 노출을 막고 서비스의 기밀성과 단언정보의 무결성을 제공하기 위해 XML암호화와 XML전자서명 방식을 이용한다. 그리고 XACML 기반의 웹 서비스 관리 서버를 통해 웹 서비스 제공자들과의 서비스정책의 상호운용을 수행한다. 우리는 역시 멀티 에이전트들 간의 위임을 통해 웹 서비스 제공자들에게 전달될 위임 단언을 정의하기 위해 SAML을 확장 시킨다.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.465-473
• /
• 2008

The MQV protocol has been regarded as the most efficient authenticated Diffie- Hellman key exchange protocol, and standardized by many organizations including the US NSA. In Crypto 2005, Hugo Krawczyk showed vulnerabilities of MQV to several attacks and suggested a hashed variant of MQV, called HMQV, which provides the same superb performance of MQV and provable security in the random oracle model. In this paper we suggest an efficient authenticated Diffie-Hellman key exchange protocol providing the same functionalities and security of HMQV without random oracles. So far there are no authenticated Diffie-Hellman protocols which are provably secure without using random oracles and achieve the same level of security goals of HMQV efficiently yet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.527-536
• /
• 2020

It has been found that an attacker can extract the secret key embedded in a security device and recover the operation instruction using power consumption traces which are some kind of side channel information. Many profiling-based side channel attacks based on a deep learning model such as MLP(Multi-Layer Perceptron) method are recently researched. In this paper, we implemented a disassembler for operation instruction set used in the micro-controller AVR XMEGA128-D4. After measuring the template traces on each instruction, we automatically made the pre-processing process and classified the operation instruction set using a deep learning model CNN. As an experimental result, we showed that all instructions are classified with 87.5% accuracy and some core instructions used frequently in device operation are with 99.6% respectively.

• Annual Conference of KIPS
• /
• 2017.11a
• /
• pp.271-274
• /
• 2017

점차 늘어나는 클라우드 서비스 이용률과 더불어 보안 위협 또한 증가하고 공격 방법 또한 다양해지고 있다. 하지만 클라우드 환경에서 보안사고가 발생했을 시 대응을 위한 조치나 정책은 여전히 미흡한 실정이다. 보안사고 대응을 위한 디지털 포렌식에 대한 연구를 통해 많은 해결 방법이 제시되고 있으나 클라우드 환경에서는 가상화 기술이 적용되어 있어 기존의 방법으로 증거의 수집 및 보관에 대한 무결성 증명이 까다롭다. 본 논문에서는 클라우드 서비스 이용자가 제공자로부터 서비스를 제공받는 클라우드 환경에서 보안사고 사후 대응을 위해 클라우드 환경에서 포렌식 절차를 수행 시 제안하는 참조모델을 바탕으로 필요한 역할 및 보안 고려사항에 대해 다루고자 한다.

• Journal of KIISE:Information Networking
• /
• v.28 no.4
• /
• pp.489-497
• /
• 2001

In the coming age of information warfare, information security patterns take on a more offensive than defensive stance. It is necessary to develop an active form of offensive approach to security protection in order to guard vital information infrastructures and thwart hackers. Information security products need to support an automatic response facility without human intervention in order to minimize damage to the attacked system and cope with the intrusion immediately. This paper presents an automatic intrusion response model which is developed on a Self-Extension Monitoring. It also proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested model. The Self-Extension Monitoring using self-protection and replication minimizes spatial limitations on collection of monitoring information and intruder tracing. It enhances the accuracy of intrusion detection and tracing.

• Journal of Navigation and Port Research
• /
• v.29 no.6 s.102
• /
• pp.487-493
• /
• 2005

Since the destruction of World Trade Center the attention of the United States and the wider international community has focussed upon the need to strengthen security and prevent terrorism This paper suggests an analysis prior to risk factor and structure for anti-terrorism in the korean maritime society. For this, in this paper, maritime terror risk factor was extracted by type and case of terror using brainstorming method. Also, risk factor is structured by FSM method and analyzed for ranking of each risk factor by AHP. At the result, the evaluation of risk factor is especially over maximum factor for related external impact.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.15-22
• /
• 2005

The spread of Internet and the appear of Downsizing, SI(System Integration) is chaning centralized computing to distributed computing. Also distributed computing is rapidly changing to Ubiquitous computing escape from hard wire connected network. CORBA(Common Object Request Broker Architecture) is a middleware that used for smoothness communication between application program and operation system in a different environment. However distributed computing environment is not safe from the danger, the attack like virus, worm is too intellectual and variety. In this paper, we design a new DB security model and suggest efficiency of it in Ubiquitous environment base on CSS(CORBA Security Service) that present ed from OMG(Object Management Group).