• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.19-24
• /
• 2019

It is impossible to apply the routing protocol in the wired environment because MANET consists of only mobile nodes. Therefore, routing protocols considered these characteristics are required. In particular, if malicious nodes are not excluded in the routing phase, network performance will be greatly reduced. In this paper, we propose intrusion detection technique based on region to improve routing performance. In the proposed technique, the whole network is divided into certain areas, and then attack detection within the area using area management node is performed. It is a proposed method that can detect attack nodes in the path through cooperation with each other by using completion message received from member nodes. It also applied a method that all nodes participating in the network can share the attack node information by storing the detected attack node and sharing. The performance evaluation of the proposed technique was compared with the existing security routing techniques through the experiments and the superior performance of the proposed technique was confirmed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.7
• /
• pp.1831-1853
• /
• 2012

By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks.

• Journal of Computing Science and Engineering
• /
• v.5 no.4
• /
• pp.305-313
• /
• 2011

Due to the expansion of high-speed Internet access, the need for secure and reliable networks has become more critical. The sophistication of network attacks, as well as their severity, has also increased recently. As such, more and more organizations are becoming vulnerable to attack. The aim of this research is to classify network attacks using neural networks (NN), which leads to a higher detection rate and a lower false alarm rate in a shorter time. This paper focuses on two classification types: a single class (normal, or attack), and a multi class (normal, DoS, PRB, R2L, U2R), where the category of attack is also detected by the NN. Extensive analysis is conducted in order to assess the translation of symbolic data, partitioning of the training data and the complexity of the architecture. This paper investigates two engines; the first engine is the back-propagation neural network intrusion detection system (BPNNIDS) and the second engine is the radial basis function neural network intrusion detection system (BPNNIDS). The two engines proposed in this paper are tested against traditional and other machine learning algorithms using a common dataset: the DARPA 98 KDD99 benchmark dataset from International Knowledge Discovery and Data Mining Tools. BPNNIDS shows a superior response compared to the other techniques reported in literature especially in terms of response time, detection rate and false positive rate.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.49-57
• /
• 2006

Firewall to block a network access of unauthorized IP system and IDS (Intrusion Detection System) to detect malicious code pattern to be known consisted the main current of the information security system at the past. But, with rapid growth the diffusion speed and damage of malicious code like the worm, study of the unknown attack traffic is processed actively. One of such method is detection technique using traffic statistics information on the network viewpoint not to be an individual system. But, it is very difficult but to reserve traffic raw data or statistics information. Therefore, we present extraction technique of a network traffic Raw data and a statistics information like the time series. Also, We confirm the validity of a mixing traffic and show the evidence which is suitable to the experiment.

• KSCI Review
• /
• v.15 no.1
• /
• pp.65-75
• /
• 2007

Analyzed about a matter and requirements to intimidate security of ubiquitous and home network threatening various security for personal information protection in ubiquitous home networks at these papers, and studied. Got authentication procedures and verification procedures acid user approach to be reasonable through designs to the home security gateway which strengthened a security function in the outsides, and strengthened protection of a home network. Also, execute a DoS, DDoS, IP Spoofing attack protective at home network security gateways proved, and security regarding an external denial of service attack was performed, and confirmed. Strengthen appliances and security regarding a user, and confirm a defense regarding an external attack like DoS, DDoS, IP Spoofing, and present a home network security model of this paper to the plans that can strengthen personal information protection in ubiquitous home networks in ubiquitous home networks through experiment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.5
• /
• pp.999-1008
• /
• 2017

In this paper, we propose a pipeline network coding (PNC) scheme for efficient data transmission in wireless networks, a data authentication scheme for verifying the integrity of data, and a node authentication scheme for a virtual source. PNC is a technique that improves the overall network performance by relaying data such that the relay node performing network coding transmits to the sender instead. However, network coding is vulnerable to a pollution attack, which is an attack by a malicious attacker to inject modified data into the network. To prevent this, hash-based message authentication code (HMAC) is used. For this purpose, in order to generate a tag used for data authentication, a key must be distributed to the nodes performing authentication. We applied a hash chain to minimize the overhead of key distribution. A null vector is used as the authentication scheme for the virtual source. Finally, we analyze the safety and complexity of the proposed scheme and show he performance through simulation.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.38-42
• /
• 2024

In this paper, we analyze the security of a self-recovery fragile watermarking scheme proposed by C. Wang et al. An attack against C. Wang et al.'s scheme is demonstrated. The theoretical and experimental results show that the proposed scheme is not secure against attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

• Journal of the Korea Society for Simulation
• /
• v.12 no.2
• /
• pp.63-73
• /
• 2003

The major objective of this paper is to propose the method of attacker and host modeling for cyber-attack simulation. In the security modeling and simulation for information assurance, it is essential the modeling of attacker that is able to generate various cyber-attack scenarios as well as the modeling of host, which is able to represent behavior on attack concretely The security modeling and simulation, which was announced by Cohen, Nong Ye and etc., is too simple to concretely analyze attack behavior on the host. And, the attacker modeling, which was announced by CERT, Laura and etc., is impossible to represent complex attack excepting fixed forms. To deal with this problem, we have accomplished attacker modeling by adopted the rule-based SES which integrates the existing SES with rule-based expert system for synthesis and performed host modeling by using the DEVS formalism. Our approach is to show the difference from others in that (ⅰ) it is able to represent complex and repetitive attack, (ⅱ) it automatically generates the cyber-attack scenario suitable on the target system, (ⅲ) it is able to analyze host's behavior of cyber attack concretely. Simulation tests performed on the sample network verify the soundness of proposed method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.3
• /
• pp.251-265
• /
• 2009

VoIP service is the transmission of voice data using SIP protocol on an IP-based network. The SIP protocol has many advantages, such as providing IP-based voice communication and multimedia service with low communication cost. Therefore, the SIP protocol disseminated quickly. However, SIP protocol exposes new forms of vulnerabilities to malicious attacks, such as message flooding attack. It also incurs threats from many existing vulnerabilities as occurs for IP-based protocol. In this paper, we propose a new virtual proxy to cooperate with the existing Proxy Server to provide state monitoring and detect SIP message flooding attack with IP/MAC authentication. Based on a proposed virtual proxy, the proposed system enhances SIP attack detection performance with minimal latency of SIP packet transmission.