• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.4
• /
• pp.267-272
• /
• 2016

Wireless sensor networks (WSNs) are vulnerable to external intrusions due to the wireless communication characteristics and limited hardware resources. Thus, the attacker can cause sinkhole attack while intruding the network. INSENS is proposed for preventing the sinkhole attack. INSENS uses the three symmetric keys in order to prevent such sinkhole attacks. However, the sinkhole attack occurs again, even in the presence of INSENS, through the compromised node because INSENS does not consider the node being compromised. In this paper, we propose a method to counter the sinkhole attack by considering the compromised node, based on the neighboring nodes' information. The goals of the proposed method are i) network reliability improvement and ii) energy conservation through effective prevention of the sinkhole attack by detecting compromised nodes. The experimental results demonstrate that the proposed method can save up to, on average, 19.90% of energy while increasing up to, on average, 71.50%, the report reliability against internal sinkhole attacks in comparison to INSENS.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.313-319
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.127-138
• /
• 2006

The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.27-37
• /
• 2011

The IDS/IPS(Intrusion Detection/Prevention System) has been widely deployed to protect the internal network against internet attacks. Reducing the packet inspection time is one of the most important challenges of improving the performance of the IDS/IPS. Since the IDS/IPS needs to match multiple patterns for the incoming traffic, we may have to apply the multiple pattern matching schemes, some of which use finite automata, while the others use the shift table. In this paper, we first show that the performance of those schemes would degrade with various kinds of pattern sets and payload, and then propose a hybrid multiple pattern matching scheme which combines those two schemes. The proposed scheme is organized to guarantee an appropriate level of performance in any cases. The experimental results using real traffic show that the time required to do multiple pattern matching could be reduced effectively.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Ecology and Resilient Infrastructure
• /
• v.2 no.4
• /
• pp.265-273
• /
• 2015

It is the better to take preventative measures against the natural intrusion in advance from invasive alien species that reduce biodiversity and cause economic loss to humans. If the prevention of intrusion and spread fails, we need to make active control and eradication. This study aims to introduce nutria (Myocastor coypus) control cases performed in the United Kingdom and the United States and to provide information for the contribution of nutria management measure improvements. The nutria eradication campaign in the United Kingdom was developed as a long-term plan based on sufficient understanding on the management target and objective and suitable support. Sufficient information on nutria was accumulated and the management strategy was flexibly modified according to the changes in management that were proactively reflected in the field. Regarding the eradication project at Chesapeake Bay in the United States, based on long-term ecological information, more advanced capture technology than in the United Kingdom were introduced and the eradication plan, strategy and implementation were configured by analyzing the strengths and weaknesses of the eradication campaign in the United Kingdom. The successful cases in the United Kingdom and the United State provide an information on how to improv the nutria management measure. For the eradication of nutria, it is necessary to reach a consensus between stakeholders and to form a consultative group between related organizations for periodic communication. Opinions on the field must be actively accepted in the consultation process for strategy and policy decision, and the eradication plan needs to be developed based on a management index. The eradication plan is required to be managed, evaluated and adjusted in a systematic way. Scientific management must be introduced and the management performance must be evaluated objectively so that a practical plan can be flexibly adjusted. It is also required to secure a long-term budget support and a stable organization and to input a concentrated budget at the proper period when there is high efficiency of eradication.

• Journal of Korea Water Resources Association
• /
• v.49 no.1
• /
• pp.61-72
• /
• 2016

In Korea, the aquifers at the coastal areas are mostly shallow alluvial unconfined aquifers. To simulate the flow and dispersion in unconfined aquifer, a FDM model has been developed to solve the nonlinear Boussinesq equation. Related analysis and verification have been executed. The iteration method is used to solve the nonlinearity, and the model shows 3-D shape because it is a 2-D y model that consider the undulation of water table and bottom. For the verification of the model, the output of flow module is compared to the 1-D analytic solution of Lee (1989) which have the drawdown or uplift boundary condition, and the two results show almost the same value. and the mass balance of dispersion module shows about 10% error. The developed model can be used for the analysis and design of the flow and dispersion in the unconfined aquifers. The model has been applied to the estuary area of Ssangcheon watershed, and the parameters have been deduced as a result : hydraulic conductivity is 90 m/day, and longitudinal dispersivity is 15 m. And the analysis with these parameters shows that the wells are situated in the influence circle of each others except for No. 7 well. Groundwater discharge to sea is $3700m^3/day$. And the chlorine ion ($cl^-$) concentration at the pumping wells increase at least 1000 mg/L if groundwater dam is not exist, so the groundwater dam plays an important role for the prevention of sea water intrusion.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.2 no.4
• /
• pp.54-63
• /
• 1999

This study was conducted to suggest the ecological restoration and environmentally friendly revegetation technology for the rock-exposed cut-slopes by the Natural Topsoil Restoration Methods (NTRM) with the following restoration objectives; (1) prevention or reduction of wind and water erosion, (2) provision of food and cover for variety of animal species, (3) improvement of the visual or aesthetic quality of the disturbed slopes. On Nov. in 1995, the 5cm thick layer of artificial soil and 2cm thick layer of straw-mulching was attached at rock-exposed cut-slopes by NTRM without using anchor wire and anchor pin. The main results during four years surveying on the ground-coverage effect, plant growth, species diversity and importance values were summarized as follows. 1. Artificial soil attached at rock exposed cut-slopes was not eroded until recovered by tree and herbaceous vegetation in spite of not using anchor wire and anchor pin. Also it shows low soil hardiness and has almost the same amount of bacteria and fungi with in surrounding natural topsoil. 2. In 'combination for the woody vegetation', Lespedeza cyrtobotrya, Albizzia julibrissin, Rhus chinensis, Indigofera pseudo-tinctoria occupied upper layer vegetation. Since three years after seeding, Indigofera pseudo-tinctoria had overwhelmed the other woody plants and cool season foreign grasses, Erigeron canadensis, Taraxacum mongolicum, Commelina communis, Arundinella hirta (Thunberg) and Oenothera erythrosepala grows at lower part of the vegetation, 3. The heights of the Rhus chinensis grows 1.8m, Indigofera pseudo-tinctoria 2.0m, so it seems that the objectives of woody vegetation with native plants could be accomplished. 4. After 4 years later after seeding in 'combination for the herbaceous vegetation', the most dominant plant was Indigofera pseudo-tinctoria, the next was in order of cool-season grasses, Taraxacum mongolicum, Erigeron canadensis, lxeris dentata (Thunberg), Oenothera erythrosepala, Arundinella hirta (Thunberg). The diversity index in 'combination for woody vegetation' was higher than that in 'combination for the herbaceous vegetation'. The tendency of the intrusion of secondary succession plants was more effective in 'combination for the herbaceous vegetation' than in 'combination for the woody vegetation'.

• Journal of Environmental Policy
• /
• v.6 no.2
• /
• pp.47-70
• /
• 2007

In recent days, people's requests about water resources have been developed from managing quality and quantity of water resources to forming a river environment by restoring normal function of river. To meet these requests, it is necessary to establish the concept of environmental flows. In Korea, the environmental flows was introduced as a concept of river maintenance flows in a sense of river management. The function of river maintenance flows has been changed according to what the major issue is in that age such as navigation, water quality, and prevention of saline water intrusion. As the assesment of river maintenance flows in Korea focused mainly on the function of water usage oriented in human, it could not be defined and emphasized in a sense of ecosystem as a pure meaning of environmental flows. And while the existing river maintenance flows are included the assesment of flows, there is not a practical procedure to supply them and the efficient management in a sense of environment is not performed. The environmental flows should be further developed from the river maintenance flows and changed to a new concept focused on maintaining the health of ecosystem. In other words, the environmental flows should be defined as a necessary flows for maintaining the function of river and its original value, and be considered on the same or higher value of flows for maintenance of economic activity, recreation, and power generation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.