• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• The KIPS Transactions:PartD
• /
• v.9D no.1
• /
• pp.21-30
• /
• 2002

The active database system introduces the active rules detecting specified state. As the condition evaluation of the active rules is performed every time an event occurs, the performance of the system has a great influence, depending on the conditions processing method. In this paper, we propose the conditions processing system with the preprocessor which determines the delta tree structure, constructs the classification tree, and generates the aggregate function table. Due to the characteristics of the active database through which the active rules can be comprehended beforehand, the preprocessor can be introduced. In this paper, the delta tree which can effectively process the join, selection operations, and the aggregate function is suggested, and it can enhance the condition evaluation performance. And we propose the classification tree which effectively processes the join operation and the aggregate function table processing the aggregate function which demands high cost. In this paper, the conditions processing system can be expected to enhance the performance of conditions processing in the active rules as the number of conditions comparison decreases because of the structure which is made in the preprocessor.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.1
• /
• pp.38-45
• /
• 2017

Attacking of computer and network is increasing as information processing technology heavily depends on computer and network. To prevent the attack of system and network, host and network based intrusion detection system has developed. But previous rule based system has a lot of difficulties. For this reason demand for developing a intrusion detection system which detects and cope with the attack of system and network resource in real time. In this paper we develop a real time intrusion detection system which is combination of APEX and LS-SVM classifier. Proposed system is for nonlinear data and guarantees convergence. While real time processing system has its advantages, such as memory efficiency and allowing a new training data, it also has its disadvantages of inaccuracy compared to batch way. Therefore proposed real time intrusion detection system shows similar performance in accuracy compared to batch way intrusion detection system, it can be deployed on a commercial scale.

• Information Systems Review
• /
• v.12 no.2
• /
• pp.89-104
• /
• 2010

Recently, ubiquitous sensor network (USN) has been applied to many areas including environment monitoring. A few studies applied the USN to disaster prevention and emergency management, in particular, aiming to conserve cultural heritage. USN is an useful technology to do online real-time monitoring for the purpose of early detection of the fire which is a critical cause of damage and destruction of cultural heritages. It is necessary to online monitor the cultural heritages that human has a difficulty to access or their external appearance and beauty are important, by using the USN. However, there exists false warning from USN-based monitoring systems without human intervention. In this paper, we presented an alternative to resolve the problem by applying ontology. Our intelligent fire early detection systems for conserving cultural heritages are based on ontology and inference rules, and tested under laboratory environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.59-71
• /
• 2000

Due to the advance of computer and communication technology, intrusions or crimes using a computer have been increased rapidly while various information has been provided to users conveniently. As a results, many studies are necessary to detect the activities of intruders effectively. In this paper, a new association algorithm for the anomaly detection model is proposed in the process of generating user\`s normal patterns. It is that more recently observed behavior get more affection on the process of data mining. In addition, by clustering generated normal patterns for each use or a group of similar users, it is possible to identify the usual frequency of programs or command usage for each user or a group of uses. The performance of the proposed anomaly detection system has been tested on various system Parameters in order to identify their practical ranges for maximizing its detection rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.225-238
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. In this paper, we propose a framework for user behavior analysis for bot detection in online games. Specifically, we focus on party play that reflects the social activities of gamers: In a Massively Multi-user Online Role Playing Game (MMORPG), party play log includes a distinguished information that can classify game users under normal-user and abnormal-user. That is because the bot users' main activities target on the acquisition of cyber assets. Through a statistical analysis of user behaviors in game activity logs, we establish the threshold levels of the activities that allow us to identify game bots. Also, we build a knowledge base of detection rules based on this statistical analysis. We apply these rule reasoner to the sixth most popular online game in the world. As a result, we can detect game bot users with a high accuracy rate of 95.92%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.459-469
• /
• 2023

The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

• Information Systems Review
• /
• v.22 no.1
• /
• pp.59-72
• /
• 2020

Artificial Intelligence is establishing itself as a familiar tool from an intractable concept. In this trend, financial sector is also looking to improve the problem of existing system which includes Fraud Detection System (FDS). It is being difficult to detect sophisticated cyber financial fraud using original rule-based FDS. This is because diversification of payment environment and increasing number of electronic financial transactions has been emerged. In order to overcome present FDS, this paper suggests 3 types of artificial intelligence models, Generative Adversarial Network (GAN), Deep Neural Network (DNN), and Convolutional Neural Network (CNN). GAN proves how data imbalance problem can be developed while DNN and CNN show how abnormal financial trading patterns can be precisely detected. In conclusion, among the experiments on this paper, WGAN has the highest improvement effects on data imbalance problem. DNN model reflects more effects on fraud classification comparatively.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.123-131
• /
• 2011

In this paper, modeling and design of a distributed detection system are considered for an active sonar sensor network. The sensor network has a parallel configuration and it consists of a fusion center and a set of receiver nodes. A system with two receiver nodes is considered to investigate a theoretical aspect of design. To be specific, AND rule and OR rule are considered as the fusion rules of the sensor network. For the fusion rules, it is shown that a threshold rule of each sensor node has uniformly most powerful properties. Optimum threshold for each sensor is obtained that maximizes the probability of detection given probability of false alarm. Numerical experiments were also performed to investigate the detection characteristics of a distributed detection system with multiple sensor nodes. The experimental results show how signal strength, false alarm probability, and the distance between nodes in a sensor field affect the system detection performances.