• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.39-47
• /
• 2002

This paper deals with study of a new framework for the traceback of distributed DoS(Denial of Service) attacks in the Internet, in which many sources flood "spoofed" IP packets towards a single victim. In our scheme, the destination host traces those anonymous packets' losses, and infers the logical end-to-end paths back towards the sources. This method is based on the fact that there is a strong correlation between packet losses when those packets traverse along a same route, and the simulation results show high probabilities of detecting the topology under a certain condition. Compared with previous approaches, our scheme has a number of distinct features: It can be performed in realtime or non-realtime, without any supports of routers or ISPs. Our results may be applied to the inference of physical topology and to support previous approaches.pproaches.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.493-495
• /
• 2002

본 연구에서는 TCP Connection을 유지하는 Stepping Stone 형태의 공격을 역추적하기 위해 사용되는 패킷 워터마크를 검출하는 시스템의 구현에 대해서 기술하고 있다. 본 연구에서 사용한 패킷 워터마크는 Sleepy Watermark Tracing(SWT)에서 사용한 virtual null string 형태의 워터마크를 사용하였으며, 이러한 워터마크의 효율적인 탐지 및 분석하는 방법을 설계 구현하였다. 본 연구의 의의는 패킷 워터마크 검출 시스템의 실제 구현을 통하여 TCP Connection Traceback 형태의 침입자 역추적 시스템에 활용할 수 있다는 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1039-1048
• /
• 2019

Symbolic execution, an automatic search method for vulnerability verification, has been technically improved over the last few years. However, it is still not practical to analyze the program using only the symbolic execution itself. One of the biggest reasons is that because of the path explosion problem that occurs during program analysis, there is not enough memory, and you can not find the solution of all paths in the program using symbolic execution. Thus, it is practical for the analyst to construct a path for symbolic execution to a target with vulnerability rather than solving all paths. In this paper, we propose a static analysis - based backward CFG(Control Flow Graph) generation technique that can be used in symbolic execution for program analysis. With the creation of a backward CFG, an analyst can select potential vulnerable points, and the backward path generated from that point can be used for future symbolic execution. We conducted experiments with Linux binaries(x86), and indeed showed that potential vulnerability selection and backward CFG path generation were possible in a variety of binary situations.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.654-662
• /
• 2002

As the Internet technology becomes a major information infrastructure, an emerging problem is the tremendous increase of malicious computer intrusions. The present Intrusion Detection System (IDS) serves a useful purpose for detecting such intrusions, but the current situation requires more active response mechanism other than simple detection. This paper describes a multi-agent based tracing system against the intruders when the system is attacked. The focus of the study lies on the secure communication mechanism for the agent message communication. We have extended parameters on the KQML protocol, and apt)lied the public key encryption approach, The limitation might be the requirements of two-way authentication for every communication through the broker agent. This model ma)r not improve the efficiency, but it provides a concrete secure communication. Also this is one important factor to protect the agent and the tracing server during the tracing process.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.111-114
• /
• 2019

최근 봇넷(Botnet)은 PC 뿐만 아니라 IoT 기기를 대상으로 확대되어 구축되고 있으며, 최신 기술들이 적용되면서 탐지와 방어가 어렵도록 구축되고 있다. 특히, 해커와 테러범 사이에서 많이 활용되는 정보 은닉 기술인 스테가노그래피(Steganography)가 적용된 Botnet(Stego-botnet)이 출현하였는데, 기존의 Botnet 형태와는 달리 SNS 환경을 Botnet 개체 사이의 통신 기반으로 활용하며 Steganography 기술로 통신 내용을 숨겨 탐지가 어렵기 때문에 그 위험성과 피해가 심각할 수 있다. 본 논문에서는 SNS 환경에서의 Steganography 기반 Botnet 구축 가능성을 조사하고, 실제로 카카오톡을 활용한 Steganography 기반 Botnet 통신 가능성을 실험한 후 결과를 제시하며, Steganography 기반 Botnet에 대한 탐지 및 역추적 방안을 간략히 제안한다.

• Journal of the Institute of Convergence Signal Processing
• /
• v.24 no.3
• /
• pp.172-177
• /
• 2023

In this paper, 2-dimensional backtracking method for ultrasonic signals. Ultrasonic sensors are a common technology used in industrial fields as many studies have been conducted on distance measurement and indoor location tracking using transmission and reception devices in pairs. A method for tracking a signal of an arbitrary ultrasonic transmission device on a 2D plane using only a receiver of an ultrasonic signal is proposed. In order to track the ultrasonic signal, the receiver receives the signal by making at least three. The three receivers may calculate a direction and a distance using a time difference in which the ultrasound reception sound is reached. The existing method of tracking signal sources using ultrasonic waves has a problem of time synchronization of devices because the transceivers must be paired or installed independently for each sensor. In order to solve this problem, the distance of the ultrasonic receiver is minimized, and it is configured as one device. The sensor installed as one device may be processed by one operator, thereby solving the time synchronization problem. To increase time difference accuracy, high-speed 32-bit timers with high time resolution can be used to quickly calculate and track distances and directions.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.275-278
• /
• 2013

Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.22 no.4
• /
• pp.95-102
• /
• 2022

This paper proposed a linear time algorithm for a three-partition problem(TPP) in which a polynomial time algorithm is not known as NP-complete. This paper proposes a backtracking method that improves the problems of not being able to obtain a solution of the MM method using the sum of max-min values and third numbers, which are known polynomial algorithms in the past. In addition, the problem of MM applying the backtracking method was improved. The proposed algorithm partition the descending ordered set S into three and assigned to the forward, backward, and best-fit allocation method with maximum margin, and found an optimal solution for 50.00%, which is 5 out of 10 data in initial allocation phase. The remaining five data also showed performance to find the optimal solution by exchanging numbers between surplus boxes and shortage boxes at least once and up to seven times. The proposed algorithm that performs simple allocation and exchange optimization with less O(k) linear time performance complexity than the three-partition m=n/3 data, and it was shown that there could be a polynomial time algorithm in which TPP is a P-problem, not NP-complete.

• Ecology and Resilient Infrastructure
• /
• v.10 no.4
• /
• pp.125-134
• /
• 2023

In order to develop a backtracking technique for turbidity measurement data without discriminatory characteristics, three turbidity backtracking techniques for predicting inflow turbidity of a stream were compared using real-time turbidity data measured at automatic water quality measurement points located upstream and downstream of the stream and the Py_STPS model. Three turbidity backtracking techniques were applied: 1) simple preservation method of turbidity load considering flow time, 2) a method of using the flow rate at the upstream boundary considering the flow time as the flow rate at the downstream boundary, 3) method of introducing internal reaction rate to reflect the behavior characteristics of turbidity-causing substances. As a result of applying the three backtracking models, it was confirmed that the backtracking technique that introduced the internal reaction rate had the best results.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1466-1469
• /
• 2009

최근 웹 서비스 환경에서 공격자가 자신의 근원지를 은닉하기 위하여 여러 단계의 경유지를 거쳐 공격을 시도하는 사례가 증가하고 있으며, 이에 대한 법률적 증거 확보 및 능동적인 대처를 위하여 웹 어플리케이션에서의 역추적 기술이 필요하다. 현재 자바 애플릿이나 ActiveX, 플러그인, 웹 로그 등을 이용한 응용 계층의 추적 기술이 개발되고 있지만, 웹 클라이언트에 의하여 차단될 가능성이 높고, 플러그인 종류 및 호환되지 않는 운영 환경 등 제약조건으로 인하여 사용에 제한이 있다. 본 논문에서는 액션 스크립트를 이용한 웹 클라이언트 모니터링 시스템을 제안한다. 제안된 시스템은 웹 클라이언트가 실행을 인식하지 못하고 수행되어 웹 클라이언트에 의한 차단을 막을 수 있고, 다양한 운영 환경에서 사용이 가능하다.