• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2007.11a
• /
• pp.514-519
• /
• 2007

컴퓨터 네트워크 모니터링에 의한 보안장비는 많은 트래픽 자료를 분석하여, 이상유무를 판단하고, 대응해야 한다. 기존의 보안장비들은 이미 알려진 패턴에 대한 규칙을 이용하는 오용탐지방법(misuse detection)과 의미를 파악하기 어려운 많은 자료들을 제시하고 있는데 머물고 있다. 보다 나은 보안을 위해서는 정상적인 동작에서 벗어나는 이상징후를 탐지하여 침입을 탐지하는 이상탐지방법(anomaly detection)의 채용이 필요하고, 보안장비에서 제시되는 많은 트래픽 자료들은 보안전문가의 전문적인 분석이 필요하다. 본 연구에서는 데이터마이닝 기법을 이용한 이상탐지방법과 보안전문가의 전문적인 보안지식에 의한 분석, 대응, 관리를 위한 지식처리 기법을 사용할 수 있는 지능형 IPS(intrusion Detection System) 프레임워크를 제안한다.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.559-572
• /
• 2017

Cyberbullying has been an emerging issue in recent years where research has revealed that users generally spend an increasing amount of time in social networks and forums to keep connected with each other. However, issue arises when cyberbullies are able to reach their victims through these social media platforms. There are different types of cyberbullying and like traditional bullying; it causes victims to feel overly selfconscious, increases their tendency to self-harm and generally affects their mental state negatively. Such situations occur due to security issues such as user anonymity and the lack of content restrictions in some social networks or web forums. In this paper, we highlight the existing solutions, which are Intrusion Prevention System and Intrusion Detection System from a number of researchers. However, even with such solutions, cyberbullying acts still occurs at an alarming rate. As such, we proposed an alternative solution that aims to prevent cyberbullying activities at a younger age, e.g., young children. The application would provide an alternative method to preventing cyberbullying activities among the younger generations in the future.

• Convergence Security Journal
• /
• v.6 no.2
• /
• pp.91-99
• /
• 2006

As the speed of network has fastened and the Internet has became common, an ill-intentioned aggression, such as worm and E-mail virus rapidly increased. So that there too many defenses created the recent Intrusion detection system as well as the Intrusion Prevention Systems to defense the malicious aggression to the network. Also as the form of malicious aggression has changed, at the same time the method of defense has changed. There is "snort" the most representive method of defense and its Rules file increases due to the change of aggression form. This causes decline of capability for detection. This paper suggest, design, and realize the structure for the improvement of processing capability by separating the files of Snort Rule according to o/s. This system show more improvement of the processing capability than the existing composion.

• Korean Security Journal
• /
• no.40
• /
• pp.57-86
• /
• 2014

As the revision of Building Code including applying crime prevention design to buildings passed recently and target hardening ought to be evidence-based, we studied the Modus Operandi (MO) and intrusion tools of domestic burglary to earn basic data for improvement of crime prevention hardware in the future. To be specific, we reviewed related academic literature and police official statistics of domestic burglary critically and interviewed detectives in charge of burglary to specify and categorize MO and tools. We can derive some implications from research findings, including improvement of the statistical system for the MO of burglary, active sharing of the MO of burglary among the criminal justice agencies and related industries and experts. Also, crime prevention advice and education for the local residents focused on MO of burglary can be recommended. Based on this research, to enhance the level of community safety significantly, performance tests of crime prevention hardware such as security doors and windows etc. and the study on related certification system should be vitalized.

• The Journal of the Korea Contents Association
• /
• v.9 no.4
• /
• pp.131-141
• /
• 2009

An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. This paper proposes an intrusion detection system based outflow traffic analysis. Many research efforts and commercial products have focused on preventing intrusion by filtering known exploits or unknown ones exploiting known vulnerabilities. Complementary to these solutions, the proposed IDS can detect intrusion of unknown new mal ware before their signatures are widely distributed. The proposed IDS is consists of a outflow detector, user monitor, process monitor and network monitor. To infer user intent, the proposed IDS correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. As a complement to existing prevention system, proposed IDS decreases the danger of information leak and protects computers and networks from more severe damage.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1121-1124
• /
• 2004

일반적인 침입탐지 시스템의 원리를 보면 공격자가 공격 패킷을 보내면 침입탐지서버에 IDS 프로그램으로 공격자의 패킷을 기존의 공격패턴과 비교하여 탐지한다. 공격자가 일반적인 공격 패킷이 아닌 패킷을 가짜 패킷과 공격 패킷을 겸용한 진보된 방법을 사용할 경우 IDS는 이를 탐지하지 못하고 로그 파일에 기록하지 않는다. 이는 패턴 검사에 있어 공격자가 IDS를 속였기 때문이다. 따라서 공격자는 추적 당하지 않고서 안전하게 공격을 진행할 수 있다. 본 논문에서는 이러한 탐지를 응용프로그램 단계가 아닌 커널 단계에서 탐지함으로서 침입탐지뿐만 아니라 침입 방지까지 할 수 있도록 하였다.

• Korean Journal of Veterinary Service
• /
• v.43 no.3
• /
• pp.167-171
• /
• 2020

The epidemiological investigation of outbreak in korea confirmed that the inflow of avian influenza (AI) is related to the migration of migratory birds. In this study, avian repellents instrument were implemented and developed using the visual effects of lasers in accordance with the situation of small domestic fowl farms, and monitoring cameras were installed around each instrument to investigate the frequency of wild birds appearing and evaluate the performance of the instrument. Observation showed that the appreance ratio was reduced by 95%, and no significant reduction in the intrusion prevention effect by adaptation was observed on all fowl farms. In conclusion, it is expected that the outbreak of wild bird-borne infectious diseases such as avian influenza will be decreased if the device is installed on domestic fowl farms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.