• Journal of the Korea Society for Simulation
• /
• v.12 no.2
• /
• pp.63-73
• /
• 2003

The major objective of this paper is to propose the method of attacker and host modeling for cyber-attack simulation. In the security modeling and simulation for information assurance, it is essential the modeling of attacker that is able to generate various cyber-attack scenarios as well as the modeling of host, which is able to represent behavior on attack concretely The security modeling and simulation, which was announced by Cohen, Nong Ye and etc., is too simple to concretely analyze attack behavior on the host. And, the attacker modeling, which was announced by CERT, Laura and etc., is impossible to represent complex attack excepting fixed forms. To deal with this problem, we have accomplished attacker modeling by adopted the rule-based SES which integrates the existing SES with rule-based expert system for synthesis and performed host modeling by using the DEVS formalism. Our approach is to show the difference from others in that (ⅰ) it is able to represent complex and repetitive attack, (ⅱ) it automatically generates the cyber-attack scenario suitable on the target system, (ⅲ) it is able to analyze host's behavior of cyber attack concretely. Simulation tests performed on the sample network verify the soundness of proposed method.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.119-128
• /
• 2024

The moveable ad hoc networks are untrustworthy and susceptible to any intrusion because of their wireless interaction approach. Therefore the information from these networks can be stolen very easily just by introducing the attacker nodes in the system. The straight route extent is calculated with the help of hop count metric. For this purpose, routing protocols are planned. From a number of attacks, the wormhole attack is considered to be the hazardous one. This intrusion is commenced with the help of couple attacker nodes. These nodes make a channel by placing some sensor nodes between transmitter and receiver. The accessible system regards the wormhole intrusions in the absence of intermediary sensor nodes amid target. This mechanism is significant for the areas where the route distance amid transmitter and receiver is two hops merely. This mechanism is not suitable for those scenarios where multi hops are presented amid transmitter and receiver. In the projected study, a new technique is implemented for the recognition and separation of attacker sensor nodes from the network. The wormhole intrusions are triggered with the help of these attacker nodes in the network. The projected scheme is utilized in NS2 and it is depicted by the reproduction outcomes that the projected scheme shows better performance in comparison with existing approaches.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2199-2205
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Journal of Digital Convergence
• /
• v.15 no.7
• /
• pp.201-211
• /
• 2017

Wireless network using dynamic IP and mobile IP technology provides the user with convenience of access and movement. However, this causes the attacker who disguises normal user(pretending to be a regular user) to have more opportunity in regard to access and acquisition of information. This paper help the network administrator and the service provider quickly to recognize the attacker's intention to access network and service. Therefore network administrator and service provider can specify and respond the location of the attacker appropriately. To achieve above, we define an entity (W_L_M) that manages user information of WiFi and LTE network, and propose messages and procedures for attacker's location identification and alarm. The performance evaluation of this paper is based on qualitative analysis. By using the proposed method, some cost (message creation, processing and transmission) occurred but it was analyzed to be less than the total network operation cost. The proposal of this paper is a management method that utilizes existing network information and structure. This method can be used as a reference material to enhance security.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.306-309
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Journal of the military operations research society of Korea
• /
• v.18 no.1
• /
• pp.47-60
• /
• 1992

A class of allocation problems can be modeled in a linear programming formulation. But in reality, the coefficient of both the cost and constraint equations can not be generally determined by crisp numbers due to the imprecision or fuzziness in the related parameters. To account for this. a fuzzy version is considered and solved by transforming to a conventional non-linear programming model. This gives a solution as well as the degree that the solution satisfies the objective and constraints simultaneously and hence will be very useful to a decision maker. An attacker assignment problem for multiple fired targets has been modeled by a linear programming formulation by Lemus and David. in which the objective is to minimize the cost that might occur on attacker's losses during the mission. A fuzzy version of the model is formulated and solved by transforming it to a conventional nonlinear programming formulation following the Tanaka's approach. It is also expected that the fuzzy approach will have wide applicability in general allocation problems

• Journal of Korea Society of Industrial Information Systems
• /
• v.18 no.3
• /
• pp.17-26
• /
• 2013

We have developed an ideal functionality for security requirement of functional encryption schemes. The functionality is needed when we want to show the security of a functional encryption scheme in universal composable (UC) framework. A functionality $F_{fe}$ was developed to represent ideal respond of a functional encryption scheme against any polynomial time active attacker. We show that UC security notion of functional encryption scheme $F_{fe}$ is as strong as fully secure functional encryption in an indistinguishable game with chosen cipher text attack. The proof used a method that showing for any environment algorithm, it can not distinguish ideal world where the attacker play with ideal functionality $F_{fe}$ and real world where the attacker play a fully secure functional encryption scheme.

• Journal of Korea Multimedia Society
• /
• v.19 no.8
• /
• pp.1395-1403
• /
• 2016

In recent years, researches of security threats reported that various types of social engineering attack were frequently observed. In this paper, we propose secure keypad scheme for mobile devices. In our scheme, every edge of keypad is linked each other, and it looks like a sphere. With this keypad, users input their password using pre-selected grid pointer. Because of circulation of the keypad layout, even though the attacker snatch the user password typing motion through the human eyes or motion capture devices, attacker do not estimate the original password. Moreover, without the information of grid pointer position, the attacker do not acquire original password. Therefore, our scheme is resistant to password guessing attack.

• Journal of Korea Multimedia Society
• /
• v.25 no.9
• /
• pp.1284-1290
• /
• 2022

An attacker with a malicious purpose can intentionally type other users' accounts and passwords, causing them to be locked or revoked. Although NIST introduced methods to prevent this attack, all suggested methods are inappropriate to prevent an attacker from manually failing authentication, and reduce user availability. In this paper, in order to prevent user account lockout due to an attacker's intentional authentication failure, we propose a new authentication method using IP address and number of failed authentication. The proposed method not only blocks attackers who intentionally try to fail authentication, but also provides convenience to users because accounts are not locked or revoked. It can also safely protect passwords against password cracking attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1419-1429
• /
• 2017

Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.