• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1129-1135
• /
• 2016

The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.85-97
• /
• 2003

At the end of last January, 2003, a domestic top-level domain name server (DNS) shut down the server and it caused the wired and wireless internet services to be completely paralyzed in the aftermath of a virus attack incurring a various range of losses nationwide. The main reason of this event is the lack of our awareness of cyber security. In particular, in the small-scale network, there are few security administrators and no operating devices to protect information as well. Under this circumstance, using ESM center to service real-time security supervision and correspondence for network, it can be one option. However, due to the economic efficiency, most of security systems have been being developed focusing on the large-scale network first. Therefore, ESM centers which inspect security state of network concentrate on IDC or large-scale network services. This dissertation studies economical ESM service by designing exclusive SnSA for small-scale network for widespread use. Firstly, network invasion feeler function N_SnSA and host invasion feeler function H_SnSA are embodied to collect more informations in the small-scale network. Secondarily, the existing vulnerability is studied to find the solutions linked with a low cost to a Public center such as Kyonggi Univ ESM center.

• Journal of Convergence Society for SMB
• /
• v.3 no.2
• /
• pp.33-39
• /
• 2013

Recently, lots of anti-phishing schemes have been developed. Several products identify phishing sites and show the results on the address bar of the internet browser. However, they determine only by domain names or IP addresses. Although this kind of method is effective against recent DNS Pharming attacks, there is still a possibility that hidden attacks which modifies HTML codes could incapacitate those anti-phishing programs. In this paper, the cognitive approach which compares images to decide phishing or Pharming is presented by using system tray and balloon tips that are hard to fake with pop-ups or flash in order for users to compare pictures from connecting sites and system tray. It differs from an old method that a program analyzes IP or domains to judge if it is phishing or Pharming. Therefore, proposed method effective cognitive approach against phishing and Pharming attacks.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.816-822
• /
• 2013

In modern networks, data rate is getting faster and transferred data is extremely increased. At this point, the malicious codes are evolving to various types very fast, and the frequency of occurring new malicious code is very short. So, it is hard to collect/analyze data using general networks with the techniques like traditional intrusion detection or anormaly detection. In this paper, we collect and analyze the data more effectively with cloud environment than general simple networks. Also we analyze the malicious code which is similar to real network's malware, using botnet server/client includes DNS Spoofing attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.35-45
• /
• 2005

There has recently been an increase of phishing attacks, attacks which lure users into revealing their personal information to an attacker who in turn exploits this information for economic gain. The conventional methods of fooling the user with similarly modified mail or address are constantly evolving and have diversified to include the forgery of mail or domain addresses. Recently the injury incurred by these attacks has greatly increased as attackers exploit the weaknesses found on a few web browsers and used these to conduct phishing attacks based on URL spoofing. Furthermore we are now witnessing the entrance of highly advanced phishing techniques that no longer simply rely on vulnerabilities, but employ ordinary script, HTML, DNS sniffing, and the list goes on. In this paper we first discuss means of investigating and preventing the advanced URL spoofing techniques used in phishing attacks, and then propose a scheme for fundamentally restricting them altogether.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Wind and Structures
• /
• v.34 no.1
• /
• pp.59-72
• /
• 2022

In this work the numerical results of the flow around a 5:1 rectangular cylinder at Reynolds numbers 3 000 and 40 000, zero angle of attack and smooth incoming flow condition are presented. Implicit Large Eddy Simulations (ILES) have been performed with a high-order accurate spatial scheme and an implicit high-order accurate time integration method. The spatial approximation is based on a discontinuous Galerkin (dG) method, while the time integration exploits a linearly-implicit Rosenbrock-type Runge-Kutta scheme. The aim of this work is to show the feasibility of high-fidelity flow simulations with a moderate number of DOFs and large time step sizes. Moreover, the effect of different parameters, i.e., dimension of the computational domain, mesh type, grid resolution, boundary conditions, time step size and polynomial approximation, on the results accuracy is investigated. Our best dG result at Re=3 000 perfectly agrees with a reference DNS obtained using Nek5000 and about 40 times more degrees of freedom. The Re=40 000 computations, which are strongly under-resolved, show a reasonable correspondence with the experimental data of Mannini et al. (2017) and the LES of Zhang and Xu (2020).