• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.25-36
• /
• 2023

Today, as AI (Artificial Intelligence) technology is introduced in various fields, including security, the development of technology is accelerating. However, with the development of AI technology, attack techniques that cleverly bypass malicious behavior detection are also developing. In the classification process of AI models, an Adversarial attack has emerged that induces misclassification and a decrease in reliability through fine adjustment of input values. The attacks that will appear in the future are not new attacks created by an attacker but rather a method of avoiding the detection system by slightly modifying existing attacks, such as Adversarial attacks. Developing a robust model that can respond to these malware variants is necessary. In this paper, we propose two methods of generating Adversarial attacks as efficient Adversarial attack generation techniques for improving Robustness in AI models. The proposed technique is the XAI-based attack technique using the XAI technique and the Reference based attack through the model's decision boundary search. After that, a classification model was constructed through a malicious code dataset to compare performance with the PGD attack, one of the existing Adversarial attacks. In terms of generation speed, XAI-based attack, and reference-based attack take 0.35 seconds and 0.47 seconds, respectively, compared to the existing PGD attack, which takes 20 minutes, showing a very high speed, especially in the case of reference-based attack, 97.7%, which is higher than the existing PGD attack's generation rate of 75.5%. Therefore, the proposed technique enables more efficient Adversarial attacks and is expected to contribute to research to build a robust AI model in the future.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5631-5652
• /
• 2019

The existing defense strategy selection methods based on game theory basically select the optimal defense strategy in the form of mixed strategy. However, it is hard for network managers to understand and implement the defense strategy in this way. To address this problem, we constructed the incomplete information stochastic game model for the dynamic analysis to predict multi-stage attack-defense process by combining Bayesian game theory and the Markov decision-making method. In addition, the payoffs are quantified from the impact value of attack-defense actions. Based on previous statements, we designed an optimal defense strategy selection method. The optimal defense strategy is selected, which regards defense effectiveness as the criterion. The proposed method is feasibly verified via a representative experiment. Compared to the classical strategy selection methods based on the game theory, the proposed method can select the optimal strategy of the multi-stage attack-defense process in the form of pure strategy, which has been proved more operable than the compared ones.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.652-654
• /
• 2021

Attacks such as DDoS are detected by the intrusion detection system and can be prevented early. DDoS attack traffic was analyzed using the decision tree. Deterministic features with high importance were found, and the accuracy was verified by proceeding the decision tree for only those properties. And the contents of false positive and false negative traffic were analyzed. As a result, the accuracy of one attribute was 98% and the two attributes were 99.8%, respectively.

• Journal of the Semiconductor & Display Technology
• /
• v.22 no.3
• /
• pp.112-118
• /
• 2023

As technology advances, the need for enhanced preparedness against cyber-attacks becomes an increasingly critical problem. Therefore, it is imperative to consider various circumstances and to prepare for cyber-attack strategic technology. This paper proposes a method to solve network security problems by applying reinforcement learning to cyber-security. In general, traditional static cyber-security methods have difficulty effectively responding to modern dynamic attack patterns. To address this, we implement cyber-attack scenarios such as 'Tiny Alpha' and 'Small Alpha' and evaluate the performance of various reinforcement learning methods using Network Attack Simulator, which is a cyber-attack simulation environment based on the gymnasium (formerly Open AI gym) interface. In addition, we experimented with different RL algorithms such as value-based methods (Q-Learning, Deep-Q-Network, and Double Deep-Q-Network) and policy-based methods (Actor-Critic). As a result, we observed that value-based methods with discrete action spaces consistently outperformed policy-based methods with continuous action spaces, demonstrating a performance difference ranging from a minimum of 20.9% to a maximum of 53.2%. This result shows that the scheme not only suggests opportunities for enhancing cybersecurity strategies, but also indicates potential applications in cyber-security education and system validation across a large number of domains such as military, government, and corporate sectors.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.73-79
• /
• 2023

Cyber threats are evolving and becoming more sophisticated with the development of new technologies, and consequently the number of service failures caused by DDoS attacks are continually increasing. Recently, DDoS attacks have numerous types of service failures by applying a large amount of traffic to the domain address of a specific service or server. In this paper, after generating the data of the Syn Flooding attack, which is the representative attack type of bandwidth exhaustion attack, the data were compared and analyzed using Random Forest, Decision Tree, Multi-Layer Perceptron, and KNN algorithms for the effective detection of attacks, and the optimal algorithm was derived. Based on this result, it will be useful to use as a technique for the detection policy of Syn Flooding attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.83-97
• /
• 2021

Wireless sensors that make up the Wireless Sensor Network generally have extremely limited power and resources. The wireless sensor enters the sleep state at a certain interval to conserve power. The Sleep deflation attack is a deadly attack that consumes power by preventing wireless sensors from entering the sleep state, but there is no clear countermeasure. Thus, in this paper, using clustering-based binary search tree structure, the Sleep deprivation attack detection model is proposed. The model proposed in this paper utilizes one of the characteristics of both attack sensor nodes and normal sensor nodes which were classified using machine learning. The characteristics used for detection were determined using Long Short-Term Memory, Decision Tree, Support Vector Machine, and K-Nearest Neighbor. Thresholds for judging attack sensor nodes were then learned by applying the SVM. The determined features were used in the proposed algorithm to calculate the values for attack detection, and the threshold for determining the calculated values was derived by applying SVM.Through experiments, the detection model proposed showed a detection rate of 94% when 35% of the total sensor nodes were attack sensor nodes and improvement of up to 26% in power retention.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.365-371
• /
• 2021

With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2067-2080
• /
• 2016

Cooperative spectrum sensing (CSS) for vacant licensed bands is one of the key techniques in cognitive radio networks. Currently, sequential probability ratio test scheme (SPRT) is considered as a powerful soft decision approach to improve the sensing result for CSS. However, SPRT assumes all secondary users (SU) are honest, and thus offering opportunities for malicious SUs to launch the spectrum sensing data falsification attack (SSDF attack). To combat such misbehaved behaviors, recent efforts have been made to trust mechanism. In this paper, we argue that powering SPRT with traditional trust mechanism is not enough. Dynamic SSDF attackers can maintain high trust in an alternant process of submitting honest or false sensing data, resulting in difficultly detecting them. Noting that the trust value of dymamic SSDF attackers behave highly volatile, a novel trusted SPRT scheme (VSPRT) based on volatility decay analysis is proposed in this paper to mitigate the harmful effect of dynamic SSDF attackers in the process of the soft-decision data fusion, and thus improving the accuracy of the final sensing result. Simulation results show that the VSPRT scheme outperforms the conventional SPRT schemes.

• Journal of Communications and Networks
• /
• v.11 no.4
• /
• pp.359-367
• /
• 2009

Trust-based solutions provide some form of payment to peers to encourage good behavior. The problem with trust management systems is that they require prior knowledge to work. In other words, peers are vulnerable to attack if they do not have knowledge or correct knowledge of other peers in a trust management system. Therefore, considering only trust is inadequate when a decision is made to identify the best set of peers to utilize. In order to solve the problem, we propose a distributed decision-making mechanism for wireless peer-to-peer (P2P) networks based on game theory and relevant trust mechanisms in which we incorporate the element of trust and risk into a single model. The main idea of our mechanism is to use utility function to express the relationship between benefits and costs of peers, and then make the decision based on expected utility as well as risk attitude in a fully distributed fashion. The unique feature of our mechanism is that it not only helps a peer to select its partners, but also mitigates vulnerabilities in trust-based mechanisms. Through analysis and experiments, we believe our approach is useful for peers to make the decision regarding who to interact with. In addition, it is also a good starting point for exploring tradeoffs among risk, trust and utility.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.3-14
• /
• 2021

Cognitive Radio network (CR) is a promising paradigm that helps the unlicensed user (Secondary User) to analyse the spectrum and coordinate the spectrum access to support the creation of common control channel (CCC). The cooperation of secondary users and broadcasting between them is done through transmitting messages in CCC. In case, if the control channels may get jammed and it may directly degrade the network's performance and under such scenario jammers will devastate the control channels. Hopping sequences may be one of the predominant approaches and it may be used to fight against this problem to confront jammer. The jamming attack can be alleviated using one of the game modelling approach and in this proposed scheme stochastic games has been analysed with more single users to provide the flexible control channels against intrusive attacks by mentioning the states of each player, strategies ,actions and players reward. The proposed work uses a modern player action and better strategic view on game theoretic modelling is stochastic game theory has been taken in to consideration and applied to prevent the jamming attack in CR network. The selection of decision is based on Q learning approach to mitigate the jamming nodes using the optimal MDP decision process