• Title/Summary/Keyword: 사이버 공격 및 방어

Search Result 93, Processing Time 0.025 seconds

A Study on Injection Attacks and Defenses on Microsoft Windows (MS Windows에서 인젝션 공격 및 방어 기법 연구)

  • Seong, HoJun;Cho, ChangYeon;Lee, HoWoong;Cho, Seong-Je
    • Journal of Software Assessment and Valuation
    • /
    • v.16 no.2
    • /
    • pp.9-23
    • /
    • 2020
  • Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

DDoS Attack Response Framework using Mobile Code (DDoS 공격 대응 프레임워크 설계 및 구현)

  • Lee, Young-seok
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.3 no.3
    • /
    • pp.31-38
    • /
    • 2010
  • It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

  • PDF

A Study of Security Method against Attack in TCP/IP (TCP/IP 공격에 대한 보안 방법 연구)

  • Park Dea-Woo;Seo Jeong-Man
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.5 s.37
    • /
    • pp.217-226
    • /
    • 2005
  • In today's cyberworld, network performance is affected not only by an increased demand for legitimate content request, but also by an increase in malicious activity. In this Paper, we research that network performance was affected by an increase in malicious Hacker who make DoS Attack, DDoS Attack, SYN Flooding, IP Spoofing, etc. in using TCP/IP. We suggest that Packet filtering in Network Level, Gateway Level, Application Level against to Protect by Hacker's attack. Also, we suggest that content distribution in Web Server approaches to mitigate Hacker's activity using Cache Sever, Mirror Sever, CDN. These suggests are going to use useful Protection methode of Hacker's attack.

  • PDF

Response Methodology against Spoofed IP Attack using Active Networks Mechanism (액티브 네트워크를 이용한 위조 IP 공격 대응 메커니즘)

  • Park, Sang-Hyun;Ko, Haeng-Seok;Kwon, Oh-Seok
    • Journal of Internet Computing and Services
    • /
    • v.9 no.2
    • /
    • pp.69-81
    • /
    • 2008
  • It has become more difficult to correspond a cyber attack quickly as patterns of attack become various and complex. However, current security mechanism just have passive defense functionalities. In this paper, we propose new network security mechanism to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed mechanism makes it possible to deal effectively with cyber attacks such as IP spoofing, by using active packet technology including a mobile code on active network. Also, it is designed to hove more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

  • PDF

Design and Implementation of FakePort for Efficient Port Control Based on Linux Server (리눅스 서버의 효율적인 포트제어를 위한 페이크포트 설계 및 구현)

  • 김완경;소우영;김환국;서동일
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.319-324
    • /
    • 2004
  • Internet is spread by the rapid development of information telecommunication infrastructure. But there are swinging damages becuase of most of the user has a shortage of knowledge. Especially, in proportion to increase of Linux user as PC, that is exposed to various threatener and is target of malicious attacker. In this paper, design and implement Fakeport based on Linux to control port efficiently and easily for protection against attack.

  • PDF

IP Traceback System Design and Implement based on Agent (에이전트기반의 IP 역추적 시스템 설계 및 구현)

  • Chae, Cheol-Joo;Lee, Seong-Hyeon;Kim, Ji-Hyun;Lee, Jae-Kwang
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • v.9 no.2
    • /
    • pp.823-827
    • /
    • 2005
  • 최근의 정보보호 환경에서는 자신의 관리 도메인 내로 침입하게 되는 공격을 어떻게 잘 탐지 할 것인가와 탐지된 공격을 어떻게 효율적으로 차단하여 자신의 도메인을 잘 보호할 것인가에 초점이 맞추어 있다. 따라서 탐지된 침입의 공격자에 대한 대응도 자신의 도메인 경계에서 해당 트래픽을 차단하는 수동적인 방법 이외에는 별다른 방법이 없는 상태이고, 이 경우 자신의 도메인에서 파악한 침입자 정보를 바탕으로 자신의 도메인 입구에서만 해당 트래픽을 차단함으로써 침입자는 자유로이 인터넷을 이용할 수 있을 뿐만 아니라 다른 공격 기술이나 공격 루트를 이용한 제2, 제3의 공격이 이루어 질수 있다. 반면 인터넷을 이용한 경제 활동 및 그 액수가 점차 증가함에 따라 사이버 공격으로 입게 되는 피해는 점차 기업의 생존을 위협하는 수준에 도달하고 있다. 따라서 해킹에 능동적으로 대응할 수 있는 기술이 요구된다고 할 수 있으며, 능동적인 해킹 방어를 위한 가장 기본적인 기술로 해커의 실제 위치를 추적하는 역추적 기술을 활용할 수 있어야 한다. 그러나 현재까지 제안된 역추적 기술들은 인터넷이 보유한 다양성을 극복하지 못하여 현재의 인터넷 환경에 적용하는데 어려움이 따른다. 이에 본 논문에서는 해킹으로 판단되는 침입에 대하여 효율적으로 역추적 하기 위해서 iTrace 메시지를 이용한 역추적 시스템을 설계하고 구현한다.

  • PDF

The probable use of UAV(Unmanned Aerial Vehicle) in crime, cybercrime, and terrorism and responses (무인기 개발과 범죄, 사이버 범죄, 테러 활용 가능성과 대응방안)

  • Joh, Hyeon-Jin;Yun, Min-Woo
    • Korean Security Journal
    • /
    • no.46
    • /
    • pp.189-216
    • /
    • 2016
  • In March 2015, the North Korean UAVs (Unmanned Aerial Vehicles) were found and countries around the world have actively developed UAVs. UAVs or Drone have become commercialized and more civilians use UAVs for leisure. The positive possibilities of UAV use expand. However, there could be the negative sides of UAV use. The UAVs could be used for the purpose of various crime, cybercrime, and terrorism. For instance, hacking devices attached drone could be infiltrated into the sensitive networks to steal personal informations and public data. This could be a new dimension of cybercrime. As the number of internet users and cyberspace rapidly expands, problems of crimes could be worsened both quantitatively and qualitatively. By contrast, defensive measures against such threats are limited. Especially, the Korean society is vulnerable despite its well-advanced internet and computer network technology. This article investigates the current UAV types and its developments, discusses various possibilites of UAV-related crime, cybercrime, and terrorism, and proposes responses.

  • PDF

Network Security Modeling and Simulation Using the SES/MB Framework (SES/MB 프레임워크를 이용한 네트워크 보안 모델링 및 시뮬레이션)

  • 지승도;박종서;이장세;김환국;정기찬;정정례
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.2
    • /
    • pp.13-26
    • /
    • 2001
  • This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.

Effective Defense Mechanism Against New Vulnerability Attacks (신규 취약점 공격에 대한 효율적인 방어 메커니즘)

  • Kwak, Young-Ok;Jo, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.21 no.2
    • /
    • pp.499-506
    • /
    • 2021
  • Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

Tag-Reader Mutual Authentication Protocol for secure RFID environments (안전한 RFID 환경을 위한 태그-리더 상호 인증 프로토콜)

  • Lee, Young-Seok;Choi, Hoon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.19 no.2
    • /
    • pp.357-364
    • /
    • 2015
  • Tags and Readers is receiving and sending the data using the wireless communication in the RFID environment. Therefore, it could allow an attacker to participate in the network without the physical constraints, which can be easily exposed to a variety of attacks, such as taps and data forgery. Also, it is not easy to apply the security techniques to defend external attacks because the resource constraints of RFID tags is high. In this paper, new tag-reader mutual authentication protocol is proposed to protect the external cyber attacks such as spoofing attacks, replay attacks, traffic analysis attacks, location tracking attacks. The performance evaluation of the proposed mutual authentication protocol is performed and the simulation results are presented.