• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.130-140
• /
• 2010

SIP (Session Initiation Protocol) is a signaling protocol to provide IP-based VoIP (Voice over IP) service. However, many security vulnerabilities exist as the SIP protocol utilizes the existing IP based network. The SIP Malformed message attacks may cause malfunction on VoIP services by changing the transmitted SIP header information. Additionally, there are several threats such that an attacker can extract personal information on SIP client system by inserting malicious code into SIP header. Therefore, the alternative measures should be required. In this study, we analyzed the existing research on the SIP anomaly message detection mechanism against SIP attack. And then, we proposed a Co-occurrence based SIP packet analysis mechanism, which has been used on language processing techniques. We proposed a association rule generation and an attack detection technique by using the actual SIP session state. Experimental results showed that the average detection rate was 87% on SIP attacks in case of using the proposed technique.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

• Journal of Convergence Society for SMB
• /
• v.5 no.2
• /
• pp.1-6
• /
• 2015

Small and medium-sized companies lack countermeasures to secure the safety of a information system. In this circumstance, they have difficulties regarding the damage to their images and legal losses, when the information is leaked. This paper examines the information leakage of the system and hacking methods including APT attacks. Especially, APT attack, Advanced Persistent Threats, means that a hacker sneaks into a target and has a latency period of time and skims all the information related to the target, and acts in the backstage and neutralize the security services without leaving traces. Because he attacks the target covering up his traces not to reveal them, the victim remains unnoticed, which increases the damage. This study examines attack methods and the process of them and seeks a countermeasure.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.179-190
• /
• 2020

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.

• Journal of the Korea Society for Simulation
• /
• v.16 no.2
• /
• pp.27-35
• /
• 2007

When sensor networks are deployed in open environments, all the sensor nodes are vulnerable to physical threat. An attacker can physically capture a sensor node and obtain the security information including the keys used for data authentication. An attacker can easily inject false reports into the sensor network through the compromised node. False report can lead to not only false alarms but also the depletion of limited energy resource in battery powered sensor networks. To overcome this threat, Fan Ye et al. proposed that statistical on-route filtering scheme(SEF) can do verify the false report during the forwarding process. In this scheme, the choice of a security threshold value is important since it trades off detection power and energy, where security threshold value is the number of message authentication code for verification of false report. In this paper, we propose a fuzzy rule-based system for security threshold determination that can conserve energy, while it provides sufficient detection power in the SEF based sensor networks. The fuzzy logic determines a security threshold by considering the probability of a node having non-compromised keys, the number of compromised partitions, and the remaining energy of nodes. The fuzzy based threshold value can conserve energy, while it provides sufficient detection power.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.1 s.33
• /
• pp.15-26
• /
• 2005

As one of the lightweight software development methodology, the XP (Extreme Programming) is the practical means to improve the productivity and qualify of software through the pursuit of 4 values - communication, simplicity, feedback, and courage. It appears, however, the TDD (Test Driven Development). one of the practices of in. has a problem. which is the unavailability of the test driven development in case of the prolonged period of testing or the failure of securing the independency of the test cases. This results in the emphasis on the importance of the Mock Objects recently. The Mock Objects, the one imitating the faulty real code, has the fundamentals of simplicity allowing even manual script but. due to the inefficiency of manual script of the Mock Objects in a real life, it is implemented the Mock Objects Generator such as Mockotjects, EasyMock in Java. It Is found difficult, however to apply the Mock Objects in C language due to its object -oriented Premise as well as the absence of mock objects generators for C language. Therefore, in this Paper it is presented the CMock, a Mock Objects generator fer C language which allows the easy creation of the Mock Objects, and the study is performed to verify the efficiency accordingly.

• Journal of agricultural medicine and community health
• /
• v.29 no.2
• /
• pp.287-301
• /
• 2004

Objectives: The development of internet programs for smoking cessation was motivated to quit smoking in the large group of smokers. This personalized program consisted of tailored message to consider the smokers characteristics, and contain the informations on the outcomes of smoking cessation and the skills to be used in the quit attempts. The purpose of this study was to develop the internet management program and information push-delivery system for smoking cessation to encourage the personal intention to quit smoking. Methods: We conducted in 3 steps as developing push service to encourage intention of smoking cessation, analyzing problems of smoking cessation program through the pilot test and suggesting improvements by implication stages. Results: This program is delivered for 30 days. if the participants do not fail to quit smoking. The contents consisted of 13 stages which were divided on starting period. practical period, maintenance period and success period. And push service afforded the tailored message to participants using their e-mail. According to the evaluation of pilot test, the problems of internet information push-delivery service for smoking cessation were the over-tasks per visiting time, recording style of participants, difficulty of terms and sentences, lack of visual effects, absence of follow-up module and unsuitable link with main homepage. Improvements were divided on 3 stages by implication period. The first stage included the immediate improvements as improving link with homepage, modifying menu of smoking information and upload file of notice part. The second stage included the short term improvements as alleviating condition of withdrawal, coordinating start stage of retrial, modifying errors of information push-delivery service and addition of educational materials. The third stage included the long term improvements as development of follow-up module, cost-effectiveness evaluation, reducing contents quantity, introduction of checking style, compensation of graphics effect and review for SMS utilization. Conclusions: This program contribute to improving smoking cessation rate. Therefore this program should be tested in a community to evaluate the effectiveness. To promote the effectiveness, this program should be developed the contents and the strategies for various targets, and established the follow-up system for ex-smokers.

• Tuberculosis and Respiratory Diseases
• /
• v.66 no.4
• /
• pp.300-308
• /
• 2009

Background: The quality of care for patients with community acquired pneumonia needs to be improved; the factors affecting this care need to be analyzed. The objectives of this study were used to measure the performance of care processes of for patients with pneumonia and to determine those patient and hospital characteristics are associated with quality care. Methods: The analysis was performed using data from 21 hospitals that had over 500 beds for 1,001 patients, who were sampled randomly. All patients were born before 31 December 1989, and discharged between the two months' August 2006 and October 2006. Performance process indicators were measured by respective hospital, and multivariate logistic regression was used to calculate associations between patients and hospital characteristics using 4 process indicators. Results: Performance rates in timely assessment of oxygenation assessments and blood cultures, correct administration of antibiotic medications, and blood culture performed prior to initial antibiotics were 69.4%, 79.1%, 82.5% and 60.5%, respectively. Age had a positive affect on oxygenation assessment within 24 hours. Bed number, number of nurses per bed, annual number of emergency department visits, average percentage of beds filled, location and arrival time, and site were factors associated with process indicators. Conclusion: It is necessary to make up for the weak points in the process of care for patients with community acquired pneumonia, by enforcing quality assurance. To reduce performance rate variation among hospitals, improvement in care protocols is required for hospitals that have poor quality of care levels.