• 한국IT서비스학회:학술대회논문집
• /
• 2009.11a
• /
• pp.544-548
• /
• 2009

The underlying success of logistics depends on the flow of data and information for effective management. Over the last 30 years, we have seen the power of microprocessors double about every 18months. This continuing trend means that computers will become considerably smaller, cheaper, and more abundant; indeed, they are becoming ubiquitous and are even finding their way into everyday objects, resulting in the creation of smart things. In the long term, ubiquitous technologies will take on great economic significance. Industrial products will become smart because of their integrated information processing capacity, or take on an electronic identity that can be queried remotely, or be equipped with sensors for detecting their environment, enabling the development of innovative products and totally new services. The global marketplace runs on logistics, security, speed, agility and flexibility..In this paper we report that pairing these traditional logistics functions with RFID technology can be a huge value-driver for companies. This winning combination yields increased logistics management effectiveness and more efficient visibility into the supply chain management.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1458-1461
• /
• 2010

작년 7월 7일에 있었던 DDoS 공격과 같이 악성 코드로 인한 피해의 규모가 해마다 증가하고 있다. 특히 변형 웜(Polymorphic Worm)은 기존의 방법으로 1차 공격에서의 탐지가 어렵기 때문에 그 위험성이 더 크다. 이에 본 연구에서는 바이오 인포매틱스(Bioinformatics) 분야에서 유전자들의 유사성과 특징을 찾기 위한 방법 중 하나인 Local Alignment를 소개하고 이를 변형 웜 탐지에 적용한다. 또한 수행의 병렬화 및 알고리즘 변형을 통하여 기존 알고리즘의 $O(n^4)$수행시간이라는 단점을 극복한다. 병렬화는 NVIDIA사의 GPU를 이용한 CUDA 프로그래밍과 AMD사의 GPU를 사용한 OpenCL 프로그래밍을 통하여 수행되었다. 이로써 각 GPGPU 플랫폼에서의 Local Alignment를 이용한 변형 웜 탐지 알고리즘의 성능을 비교하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.653-654
• /
• 2009

인터넷전화의 활성화와 더불어 SIP 프로토콜의 사용이 증가하고 있다. 최근 DDoS 공격이 주요위협으로 이슈가 되고 있으며, 향후 SIP관련 서비스 대상 서비스 거부 공격 위협도 증가할 것으로 예상된다. 본 논문에서는 SIP 프로토콜의 특성을 이용한 SIP서비스 거부 공격들의 유형을 살펴보고, SIP 프로토콜의 특성을 이용한 서비스거부 공격 탐지를 위한 고려사항을 바탕으로 분석시스템 아키텍처를 제안한다. SIP서비스 거부공격의 유형은 분류 기준에 따라 다양할 수 있으나, 본 논문에서는 SIP 프로토콜의 특성을 이용한 공격 기법을 대상으로 한다. SIP서비스 거부 공격 트래픽 분석을 위해 정보수집, 정보분석, 정보관리 기능을 고려한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.11
• /
• pp.1082-1089
• /
• 2012

Recent malicious attempts in Cyber space are intended to emerge national threats such as Suxnet as well as to get financial benefits through a large pool of comprised botnets. The evolved botnets use the Domain Name System(DNS) to communicate with the C&C server and zombies. DNS is one of the core and most important components of the Internet and DNS traffic are continually increased by the popular wireless Internet service. On the other hand, domain names are popular for malicious use. This paper studies on DNS-based cyber threats domain detection by data classification based on supervised learning. Furthermore, the developed cyber threats domain detection system using DNS traffic analysis provides collection, analysis, and normal/abnormal domain classification of huge amounts of DNS data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.315-318
• /
• 2017

Nowadays, Distributed Denial of Service (DDoS) attacks have gained increasing popularity and have been a major factor in a number of massive cyber-attacks. It could easily exhaust the computing and communicating resources of a victim within a short period of time. Therefore, we have to find the method to detect and prevent the DDoS attack. Recently, there have been some researches that provide the methods to resolve above problem, but it still gets some limitations such as low performance of detecting and preventing, scope of method, most of them just use on cloud server instead of network, and the reliability in the network. In this paper, we propose solutions for (1) handling multiple DDoS attacks from multiple IP address and (2) handling the suspicious attacks in the network. For the first solution, we assume that there are multiple attacks from many sources at a times, it should be handled to avoid the conflict when we setup the preventing rule to switches. In the other, there are many attacks traffic with the low volume and same destination address. Although the traffic at each node is not much, the traffic at the destination is much more. So it is hard to detect that suspicious traffic with the sampling based method at each node, our method reroute the traffic to another server and make the analysis to check it deeply.

• Journal of KIISE
• /
• v.41 no.9
• /
• pp.617-624
• /
• 2014

Malicious traffic, such as DDoS attack and botnet communications, refers to traffic that is generated for the purpose of disturbing internet networks or harming certain networks, servers, or hosts. As malicious traffic has been constantly evolving in terms of both quality and quantity, there have been many researches fighting against it. In this paper, we propose an effective malicious traffic detection method that exploits the X-means clustering algorithm. We also suggest how to analyze statistical characteristics of malicious traffic and to define metrics that are used when clustering. Finally, we verify effectiveness of our method by experiments with two released traffic data.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.47-53
• /
• 2019

Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.21-28
• /
• 2012

Recently, the necessity for good techniques of detecting network traffic attack has increased. In this paper, we suggest a new method of detecting abnormal patterns of network traffic data by visualizing their IP and port information into two dimensional images. The proposed approach first generates four 2D images from IP data of transmitters and receivers, and makes one 2D image from port data. Analyzing those images, it then extracts their major features such as linear patterns or high intensity values, and determines if traffic data contain DDoS or DoS Attacks. To comparatively evaluate the performance of the proposed algorithm, we show that our abnormal pattern detection method outperforms the existing algorithm in terms of accuracy and speed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1551-1559
• /
• 2015

Recently, the performance of smart devices is almost similar to that of the existing PCs, thus the users of smart devices can perform similar works such as messengers, SNSs(Social Network Services), smart banking, etc. originally performed in PC environment using smart devices. Although the development of smart devices has led to positive impacts, it has caused negative changes such as an increase in security threat aimed at mobile environment. Specifically, the threats of mobile devices, such as leaking private information, generating unfair billing and performing DDoS(Distributed Denial of Service) attacks has continuously increased. Over 80% of the mobile devices use android platform, thus, the number of damage caused by mobile malware in android platform is also increasing. In this paper, we propose android based malware detection mechanism using time-series analysis, which is one of statistical-based detection methods.We use auto-regressive moving-average model which is extracting accurate predictive values based on existing data among time-series model. We also use fast and exact malware detection method by extracting possible malware data through Z-Score. We validate the proposed methods through the experiment results.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.44 no.3 s.357
• /
• pp.33-40
• /
• 2007

In this paper, low-rate TCP attack as one of shrew attacks is considered and the scaling based dynamic time warping (S-DTW) algorithm is introduced. The low-rate TCP attack can not be detected by the detection method for the previous flooding DoS/DDoS (Denial of Service/Distirbuted Denial of Service) attacks due to its low average traffic rate. It, however, is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and then some pattern matching mechanisms have been proposed to detect it among legitimate input flows. A DTW mechanism as one of detection approaches has proposed to detect attack input stream consisting of many legitimate or attack flows, and shown a depending method as well. This approach, however, has a problem that legitimate input stream may be caught as an attack one. In addition, it is difficult to decide a threshold for separation between the legitimate and the malicious. Thus, the causes of this problem are analyzed through simulation and the scaling by maximum auto-correlation value is executed before computing the DTW. We also discuss the results on applying various scaling approaches and using standard deviation of input streams monitored.