• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.147-153
• /
• 2015

Since the DoS(Denial of Service) attack is still an important vulnerable element in many web service sites, sites including public institution should try their best in constructing defensive systems. Recently, DDoS(Distributed Denial of Service) has been raised by prompting mass network traffic that uses NTP's monlist function or DoS attack has been made related to the DNS infrastructure which is impossible for direct defense. For instance, in June 2013, there has been an outbreak of an infringement accident where Computing and Information Agency was the target. There was a DNS application DoS attack which made the public institution's Information System impossible to run its normal services. Like this, since there is a high possibility in having an extensive damage due to the characteristics of DDoS in attacking unspecific information service and not being limited to a particular information system, efforts have to be made in order to minimize cyber threats. This thesis proposes a method for using TTL (Time To Live) value in IP header to detect DDoS attack with IP spoofing, which occurs when data is transmitted under the agreed regulation between the international and domestic information system.

• KIISE Transactions on Computing Practices
• /
• v.22 no.9
• /
• pp.441-448
• /
• 2016

RBAC(Role-Based Access Control), which is widely used in Medical Information Systems, is vulnerable to illegal access through abuse/misuse of permissions. In order to solve this problem, treatment based risk assessment of access requests is necessary. In this paper, we propose a risk evaluation method based on treatment information. We use network analysis to determine the correlation between treatment information and access objects. Risk evaluation can detect access that is unrelated to the treatment. It also provides indicators for information disclosure threats of insiders. We verify the validity using large amounts of data in real medical information systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.875-884
• /
• 2024

The proliferation of IoT networks has led to an increase in cyber attacks, highlighting the importance of Network Intrusion Detection Systems (NIDS). To overcome the limitations of traditional NIDS and cope with more sophisticated cyber attacks, there is a trend towards integrating artificial intelligence models into NIDS. However, AI-based NIDS are vulnerable to adversarial attacks, which exploit the weaknesses of algorithm. Model Type Inference Attack is one of the types of attacks that infer information inside the model. This paper proposes an optimized framework for Model Type Inference attacks against NIDS models, applying more realistic assumptions. The proposed method successfully trained an attack model to infer the type of NIDS models with an accuracy of approximately 0.92, presenting a new security threat to AI-based NIDS and emphasizing the importance of developing defence method against such attacks.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.9
• /
• pp.217-224
• /
• 2019

Recently, sensor networks are built and used on many kinds of fields such as home, traffic, medical treatment and power grid. Sensing data manipulation on these fields could be a serious threat on property and safety. Thus, a proper way to block sensing data manipulation is necessary. In this paper, we propose IoT(Internet of Things) sensing data validation mechanism based on data obfuscation and variance analysis to remove manipulated sensing data effectively. IoT sensor device modulates sensing data with obfuscation function and sends it to a user. The user demodulates received data to use it. Fake data which are not modulated with proper obfuscation function show different variance aspect with valid data. Our proposed mechanism thus can detect fake data by analyzing data variance. Finally, we measured data validation time for performance analysis. As a result, block rate for false data was improved by up to 1.45 times compared with the existing technique and false alarm rate was 0.1~2.0%. In addition, the validation time on the low-power, low-performance IoT sensor device was measured. Compared to the RSA encryption method, which increased to 2.5969 seconds according to the increase of the data amount, the proposed method showed high validation efficiency as 0.0003 seconds.

• Journal of the Korea Convergence Society
• /
• v.8 no.12
• /
• pp.15-22
• /
• 2017

This paper analyzes vulnerability of each service protocol used in ICT convergence industry, smart factory, smart grid, smart home, smart traffic, smart health care, and suggests technologies that can overcome security vulnerabilities. In addition, we design a service-oriented protocol security framework that allows us to quickly and easily develop security functions in an open environment by defining a security element common to protocols and designing a security module for each protocol layer including the corresponding elements. Service protocol independent security module and specialized security module, it will be possible to develop flexible and fast security system in ICT convergence industry where various protocols are used. The overall security level of the ICT service network can be improved by installing the necessary security modules in the operating system, and the productivity can be improved in the industrial security field by reusing each security module.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.632-640
• /
• 2013

In this paper, we proposed a system in a wireless LAN environment in case of security threats, the mobile terminal and the remote server-based WLAN security. The security of the wireless LAN environment in the recent technology in a variety of ways have been proposed and many products are being launched such as WIPS and DLP. However, these products are expensive and difficult to manage so very difficult to use in small businesses. Therefore, in this paper, we propose a security system, wireless LAN-based terminal and a remote server using whitelist according to development BYOD market and smartphone hardware. The proposed system that AP and personal device information to be stored on the server by an administrator and Application installed on a personal device alone, it has the advantage that can be Applicationlied to a variety of wireless network environment.

• Journal of Advanced Navigation Technology
• /
• v.20 no.6
• /
• pp.604-611
• /
• 2016

Drone, which refers to unmanned aerial vehicles (UAV), industries are improving rapidly and exceeding existing level of remote controlled aircraft models. Also, they are applying automation and cloud network technology. Recently, the ability of drones can bring serious threats to public safety such as explosives and unmanned aircraft carrying hazardous materials. On the purpose of reducing these kinds of threats, it is necessary to detect these illegal drones, using acoustic feature extraction and classifying technology. In this paper, we introduce sound feature vector extraction method by harmonic feature extraction method (HLA). Feature vector extraction method based on HLA make it possible to distinguish drone sound, extracting features of sound data. In order to assess the performance of distinguishing sounds which exists in outdoor environment, we analyzed various sounds of things and real drones, and classified sounds of drone and others as simulation of each sound source.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.5
• /
• pp.429-437
• /
• 2015

DDoS attacks have been used for paralyzing popular Internet services. Especially, amplification attacks have grown dramatically in recent years. Defending against amplification attacks is challenging since the attacks usually generate extremely hugh amount of traffic and attack traffic is coming from legitimate servers, which is hard to differentiate from normal traffic. Moreover, some of protocols used by amplification attacks are widely adopted in IoT devices so that the number of servers susceptible to amplification attacks will continue to increase. This paper studies on the analysis of amplification attack mechanisms in detail and proposes defense methodologies for scenarios where attackers, abused servers or victims are in a monitoring network.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.133-139
• /
• 2018

The 5 Game changer means the concepts of the army's operation against the enemy's asymmetric threats so that minimize damage to the public and leads to victory in war in the shortest time. A study of network architecture of Dronebot operation is a key study to carry out integrated operation with integrated C4I system by organically linking several drones battle groups through ICT. The NBC reconnaissance drones can be used instead of vehicles and humans to detect NBC materials and share situations quickly. However, there is still a lack of research on the swarm flight of the NBC reconnaissance drones and the weaknesses of cyber electronic warfare. In this study, we present weaknesses and countermeasures of CBRNs in swarm flight operations and provide a basis for future research.