• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1595-1606
• /
• 2018

Recently, there has been an increase in the number of social engineering techniques that indirectly attack the target system administrators or organizational weaknesses rather than the traditional technical cyber attacks that directly attacked the target systems. Accordingly, the type analysis and case study of social engineering techniques are being actively conducted. There has been, however, little effort to derive an analysis model that systematically analyzes social engineering based cyberspace operations. Therefore, this paper aims at building a Social Engineering Based Cyberspace Operations Analysis Model, which can be used as a reference framework for a case study or attack scenario generation of social engineering based cyberspace operations.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• KSCI Review
• /
• v.15 no.1
• /
• pp.53-64
• /
• 2007

Avoid at damage systems in order to avoid own IP address exposure, and an invader does not attack directly a system in recent hacking accidents at these papers, and use Stepping stone and carry out a roundabout attack. Use network audit Policy and use a CIS, AIAA technique and algorithm, the Sleep Watermark Tracking technique that used Thumbprints Algorithm, Timing based Algorithm, TCP Sequence number at network bases, and Presented a traceback system at TCP bases at log bases, and be at these papers Use the existing algorithm that is not one module in a system one harm for responding to invasion technology develop day by day in order to supplement the disadvantage where is physical logical complexity of configuration of present Internet network is large, and to have a fast technology development speed, and presentation will do an effective traceback system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.206-208
• /
• 2023

비대면 활동 및 원격 작업 증가에 따라 문서 파일을 이용한 사이버 공격 빈도가 증가하고 있으며, 별도의 실행 파일 대신 문서 내의 기본적인 기능을 악용하는 문서 공격은 기존의 악성코드 탐지 메커니즘을 우회할 수 있기 때문에 큰 문제가 되고 있다. 이러한 문제에 대응하기 위한 여러 기술 중 CDR 기술은 악성 행위에 이용될 가능성이 있는 액티브 콘텐츠를 제거하거나 비활성화하여 사전에 악성코드로 탐지되지 않았던 파일에 대한 보안성을 제공하지만, 문서의 내용을 분석하고 안전하게 재조합하는 과정에서 오류가 발생하여 전달하고자 했던 내용을 제대로 표현할 수 없게 되거나, 파일을 사용할 수 없게 되는 문제가 발생할 수 있다. 본 논문에서는 파일을 후처리하는 방식으로만 CDR을 적용하는 것이 아니라, 확장 프로그램이나 가상 환경 등을 이용해 문서의 작성 단계에서부터 CDR 처리과정을 거치게 하는 방법을 제안하여 파일 손상이나 내용 누락 문제를 완화하고 사용자의 업무 효율을 높이는 동시에 강화된 보안성을 제공한다.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.6
• /
• pp.558-564
• /
• 2013

Wireless sensor networks (WSNs) contain limited energy resources and are left in open environments. Since these sensor nodes are self-operated, attacks such as sinkhole attacks are possible as they can be compromised by an adversary. The sinkhole attack may cause to change initially constructed routing paths, and capture of significant information at the compromised node. A localized encryption and authentication protocol (LEAP) has been proposed to authenticate packets and node states by using four types of keys against the sinkhole attack. Even though this novel approach can securely transmits the packets to a base station, the packets are forwarded along the constructed paths without checking the next hop node states. In this paper, we propose the next hop node selection method to cater this problem. Our proposed method evaluates the next hop node considering three factors (i.e., remaining energy level, number of shared keys, and number of filtered false packets). When the suitability criterion for next hop node selection is satisfied against a fix threshold value, the packet is forwarded to the next hop node. We aim to enhance energy efficiency and a detour of attacked areas to be effectively selected Experimental results demonstrate validity of the proposed method with up to 6% energy saving against the sinkhole attack as compared to the LEAP.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.25-36
• /
• 2023

Today, as AI (Artificial Intelligence) technology is introduced in various fields, including security, the development of technology is accelerating. However, with the development of AI technology, attack techniques that cleverly bypass malicious behavior detection are also developing. In the classification process of AI models, an Adversarial attack has emerged that induces misclassification and a decrease in reliability through fine adjustment of input values. The attacks that will appear in the future are not new attacks created by an attacker but rather a method of avoiding the detection system by slightly modifying existing attacks, such as Adversarial attacks. Developing a robust model that can respond to these malware variants is necessary. In this paper, we propose two methods of generating Adversarial attacks as efficient Adversarial attack generation techniques for improving Robustness in AI models. The proposed technique is the XAI-based attack technique using the XAI technique and the Reference based attack through the model's decision boundary search. After that, a classification model was constructed through a malicious code dataset to compare performance with the PGD attack, one of the existing Adversarial attacks. In terms of generation speed, XAI-based attack, and reference-based attack take 0.35 seconds and 0.47 seconds, respectively, compared to the existing PGD attack, which takes 20 minutes, showing a very high speed, especially in the case of reference-based attack, 97.7%, which is higher than the existing PGD attack's generation rate of 75.5%. Therefore, the proposed technique enables more efficient Adversarial attacks and is expected to contribute to research to build a robust AI model in the future.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.535-545
• /
• 2014

As the software industry has developed, the attacks making use of software vulnerability has become a big issue in society. In particular, because the attacks using the vulnerability of web browsers bypass Windows protection mechanism, web browsers can readily be attacked. To protect web browsers against security threat, research on fuzzing has constantly been conducted. However, most existing web browser fuzzing tools use a simple fuzzing technique which randomly mutates DOM tree. Therefore, this paper analyzed existing web browser fuzzing tools and the patterns of their already-known vulnerability to propose an event and command based fuzzing tool which can detect the latest web browser vulnerability more effectively. Three kinds of existing fuzzing tools were compared with the proposed tool. As a result, it was found that the event and command based fuzzing tool proposed was more effective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.