• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.69-81
• /
• 2008

It has become more difficult to correspond a cyber attack quickly as patterns of attack become various and complex. However, current security mechanism just have passive defense functionalities. In this paper, we propose new network security mechanism to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed mechanism makes it possible to deal effectively with cyber attacks such as IP spoofing, by using active packet technology including a mobile code on active network. Also, it is designed to hove more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.19-26
• /
• 2006

Recently, web server hacking is trending toward web application hacking which uses comparatively vulnerable web applications based on open sources. And, it is possible to hack databases using web interfaces because web servers are usually connected databases. Web application attacks use vulnerabilities not in web server itself, but in web application structure, logical error and code error. It is difficult to defend web applications from various attacks by only using pattern matching detection method and code modification. In this paper, we propose a method to secure the web applications based on profiling which can detect and filter out abnormal web application requests.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.83-92
• /
• 2009

Ari Juels proposed Yoking-Proof protocol for authenticating multiple tags simultaneously using RFID system. Because common Yoking-Proof methods authenticate by using MAC (Message Authentication Code), it is difficult to apply them to inexpensive tags. It is also difficult to implement common hash functions such as MD5 in inexpensive tags. So, Ari Juels also proposed a lightweighted Yoking-Proof method with only 1 authentication. However, Minimalist MAC, which is a lightweighted MAC used in the proposed method is for single-use, and the proposed structure is vulnerable to replay attacks. Therefore, in this study, the minimalist MAC using Lamport's digital signature scheme was adopted, and a new type of Yoking-Proof protocol was proposed where it uses tags that are safe from replay attacks while being able to save multiple key values.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.4
• /
• pp.759-766
• /
• 2017

In this paper, we preserve the transparency of digital contents by compressing and storing the medical image for a certain period so as to be safe and robust against various attacks of medical images. The proposed algorithm generates an encrypted image authentication code that extracts the feature value of the original image and combines it with the user's information. in order to extract hidden data, the authentication code is first decrypts the encrypted medical image and extracts the hidden data using the spatial characteristics of image. The proposed algorithm guarantees integrity when comparing extracted authentication code and newly generated authentication code for image authentication after directly inserting it into content itself through watermarking. We have proved various security of attack of image data and proved that the certification rate is improved to 98.4%.

• Journal of Multimedia Information System
• /
• v.6 no.4
• /
• pp.165-172
• /
• 2019

Machine-learning techniques have been actively employed to information security in recent years. Traditional rule-based security solutions are vulnerable to advanced attacks due to unpredictable behaviors and unknown vulnerabilities. By employing ML techniques, we are able to develop intrusion detection systems (IDS) based on anomaly detection instead of misuse detection. Moreover, threshold issues in anomaly detection can also be resolved through machine-learning. There are very few datasets for network intrusion detection compared to datasets for malicious code. KDD CUP 99 (KDD) is the most widely used dataset for the evaluation of IDS. Numerous studies on ML-based IDS have been using KDD or the upgraded versions of KDD. In this work, we develop an IDS model using CSE-CIC-IDS 2018, a dataset containing the most up-to-date common network attacks. We employ deep-learning techniques and develop a convolutional neural network (CNN) model for CSE-CIC-IDS 2018. We then evaluate its performance comparing with a recurrent neural network (RNN) model. Our experimental results show that the performance of our CNN model is higher than that of the RNN model when applied to CSE-CIC-IDS 2018 dataset. Furthermore, we suggest a way of improving the performance of our model.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.3-8
• /
• 2011

Advanced Persistent Threat (APT), aims a specific business or political targets, is rapidly growing due to fast technological advancement in hacking, malicious code, and social engineering techniques. One of the most important characteristics of APT is persistence. Attackers constantly collect information by remaining inside of the targets. Enterprise Security Management (EMS) system can misidentify APT as normal pattern of an access or an entry of a normal user as an attack. In order to analyze this misidentification, a new system development and a research are required. This study suggests the way of forecasting APT and the effective countermeasures against APT attacks by categorizing misidentified data in data-mining through threshold ratings. This proposed technique can improve the detection of future APT attacks by categorizing the data of long-term attack attempts.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.4
• /
• pp.1223-1247
• /
• 2012

The need for securing Wireless Sensor Networks (WSNs) is essential especially in mission critical fields such as military and medical applications. Security techniques that are used to secure any network depend on the security requirements that should be achieved to protect the network from different types of attacks. Furthermore, the characteristics of wireless networks should be taken into consideration when applying security techniques to these networks. In this paper, energy efficient Security Model for Tree-based Routing protocols (SMTR) is proposed. In SMTR, different attacks that could face any tree-based routing protocol in WSNs are studied to design a security reference model that achieves authentication and data integrity using either Message Authentication Code (MAC) or Digital Signature (DS) techniques. The SMTR communication and processing costs are mathematically analyzed. Moreover, SMTR evaluation is performed by firstly, evaluating several MAC and DS techniques by applying them to tree-based routing protocol and assess their efficiency in terms of their power requirements. Secondly, the results of this assessment are utilized to evaluate SMTR phases in terms of energy saving, packet delivery success ratio and network life time.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.595-605
• /
• 2015

This paper proposes a robust, imperceptible block-based digital video watermarking algorithm that makes use of the Speeded Up Robust Feature (SURF) technique. The SURF technique is used to extract the most important features of a video. A discrete multiwavelet transform (DMWT) domain in conjunction with a discrete cosine transform is used for embedding a watermark into feature blocks. The watermark used is a binary image. The proposed algorithm is further improved for robustness by an error-correction code to protect the watermark against bit errors. The same watermark is embedded temporally for every set of frames of an input video to improve the decoded watermark correlation. Extensive experimental results demonstrate that the proposed DMWT domain video watermarking using SURF features is robust against common image processing attacks, motion JPEG2000 compression, frame averaging, and frame swapping attacks. The quality of a watermarked video under the proposed algorithm is high, demonstrating the imperceptibility of an embedded watermark.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.323-330
• /
• 2005

Buffer overflow is one of the most prevalent and critical internet security vulnerabilities. Recently, various methods to prevent buffer overflow attacks have been investigated, but they are still difficult to apply to real applications due to their run-time overhead. This paper suggests an efficient rewrite method to prevent buffer-overflow attacks only with lower costs by generating a redundant copy of the return address in stack frame and comparing return address to copied return address. Not to be overwritten by the attack data the new copy will have the lower address number than local buffers have. In addition, for a safer execution environment, every vulnerable function call is transformed during the rewriting procedure.