• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.131-140
• /
• 2023

Network security situational awareness systems helps in better managing the security concerns of a network, by monitoring for any anomalies in the network connections and recommending remedial actions upon detecting an attack. An Intrusion Detection System helps in identifying the security concerns of a network, by monitoring for any anomalies in the network connections. We have proposed a CRF based IDS system using genetic search feature selection algorithm for network security situational awareness to detect any anomalies in the network. The conditional random fields being discriminative models are capable of directly modeling the conditional probabilities rather than joint probabilities there by achieving better classification accuracy. The genetic search feature selection algorithm is capable of identifying the optimal subset among the features based on the best population of features associated with the target class. The proposed system, when trained and tested on the bench mark NSL-KDD dataset exhibited higher accuracy in identifying an attack and also classifying the attack category.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.4
• /
• pp.425-434
• /
• 2010

This study shows a limit to attacks that the prevention system, which is used as the mutual third aggressive packet path between open heterogeneous networks and applies prevention techniques according to the trace like IP tracking and attack methods, can prevent. Therefore, the study aims to learn information of constant attack routing protocol and of the path in network, the target of attack and build a database by encapsulating networks information routing protocol operates in order to prevent source attack paths. In addition, the study is conducted to divide network routing protocols developed from the process of dividing the various attack characters and prevent various attacks. This study is meaningful in that it analyzes attack path network and attacks of each routing protocol and secure exact mechanism for prevention by means of 3D-Puzzle, Path, and Cube of the integrated security system which is an implementation method of integrated information protection for access network defense.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.560-573
• /
• 2019

Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.12
• /
• pp.1771-1779
• /
• 2016

In these days, the world is getting connected to the internet like a sophisticated net, such an environment gives a suitable environment for cyber attackers, so-called cyber-terrorists. As a result, a number of cyber attacks has significantly increased and researches to find cyber attack traffics in the field of network monitoring has also been proceeding. But cyber attack traffics have been appearing in new forms in every attack making it harder to monitor. This paper suggests a method of tracking down cyber attack traffic sources by defining relational information flow of traffic data from highest cascaded and grouped relational flow. The result of applying this cyber attack source tracking method to real cyber attack traffic, was found to be reliable with quality results.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.13-20
• /
• 2009

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.

• Proceedings of the KSRS Conference
• /
• 2005.10a
• /
• pp.678-682
• /
• 2005

IETF suggested AAA for safe and reliable user authentication on various network and protocol caused by development in internet and increase in users. Diameter standard authentication system does not provide mutual authentication and non-repudiation. AAA authentication system using public key was suggested to supplement such Diameter authentication but application in mobile service control nodes is difficult due to overhead of communication and arithmetic. ID based AAA authentication system was suggested to overcome such weak point but it still has the weak point against collusion attack or forgery attack. In this thesis, new ID based AAA authentication system is suggested which is safe against collusion attack and forgery attack and reduces arithmetic quantity of mobile nodes with insufficient arithmetic and power performance. In this thesis, cryptological safety and arithmetical efficiency is tested to test the suggested system through comparison and assessment of current systems. Suggested system uses two random numbers to provide stability at authentication of mobile nodes. Also, in terms of power, it provides the advantage of seamless service by reducing authentication executing time by the performance of server through improving efficiency with reduced arithmetic at nodes.

• Journal of Information Technology Services
• /
• v.15 no.2
• /
• pp.157-167
• /
• 2016

Task environment for enterprises and public institutions are moving into cyberspace-based environment and structing the LTE wireless network. The applications "App" operated in the LTE wireless network are mostly being developed with Android-based. But Android-based malwares are surging and they are the potential DDoS attacks. DDoS attack is a major information security threat and a means of cyber attacks. DDoS attacks are difficult to detect in advance and to defense effectively. To this end, a DMZ is set up in front of a network infrastructure and a particular server for defensive information security. Because There is the proliferation of mobile devices and apps, and the activation of android diversify DDoS attack methods. a DMZ is a limit to detect and to protect against DDoS attacks. This paper proposes an information security method to detect and Protect DDoS attacks from the terminal phase using a Preemptive military strategy concept. and then DDoS attack detection and protection app is implemented and proved its effectiveness by reducing web service request and memory usage. DDoS attack detection and protecting will ensure the efficiency of the mobile network resources. This method is necessary for a continuous usage of a wireless network environment for the national security and disaster control.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.2 no.4
• /
• pp.215-221
• /
• 2007

IPv6 is a protocol to solve the address space limitation of IPv4 by IETF. Many transition mechanism to communicate between IPv4 and IPv6 in mixed IPv4/IPv6 network are proposed. DSTM tunneling is a mechanism that dual stack in IPv6 network is able to communicate with node in IPv4 network by dynamic allocating the IPv4 address. This mechanism supports the execution of IPv4 dependent application without modification at IPv6 network. In this paper, we explain the security vulnerability at DSTM network for DHCP attack, TEP attack, and source spoofing attack then describe the result of attacks.

• Journal of Information Processing Systems
• /
• v.8 no.1
• /
• pp.175-190
• /
• 2012

Shuffling is an effective method to build a publicly verifiable mix network to implement verifiable anonymous channels that can be used for important cryptographic applications like electronic voting and electronic cash. One shuffling scheme by Groth is claimed to be secure and efficient. However, its soundness has not been formally proven. An attack against the soundness of this shuffling scheme is presented in this paper. Such an attack compromises the soundness of the mix network based on it. Two new shuffling protocols are designed on the basis of Groth's shuffling and batch verification techniques. The first new protocol is not completely sound, but is formally analyzed in regards to soundness, so it can be applied to build a mix network with formally proven soundness. The second new protocol is completely sound, so is more convenient to apply. Formal analysis in this paper guarantees that both new shuffling protocols can be employed to build mix networks with formally provable soundness. Both protocols prevent the attack against soundness in Groth's scheme. Both new shuffling protocols are very efficient as batch-verification-based efficiency-improving mechanisms have been adopted. The second protocol is even simpler and more elegant than the first one as it is based on a novel batch cryptographic technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.129-139
• /
• 2002

As internet expands, the possibility of attack through the network is increasing. So we need the technology which can detect the attack to the system or the network spontaneously. The purpose of this paper proposes the system to detect intrusion automatically using the Adaptive Resonance Theory2(ART2) which is one of artificial neural network The parameters of the system was tunned by ART2 algorithm using a lot of normal packets and various attack packets which were intentionally generated by attack tools. The results were compared and analyzed with conventional methods.