• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.939-946
• /
• 2023

In the hyper-connected network, which network equipment is diverse and network structure is complex, the attack surface has also increased. In this environment, MTD(Moving Target Defense) technology is being researched as a method to fundamentally defend against cyber attacks by actively changing the attack surface. network-based MTD technologies are being widely studied. However, in order for network address mutation technology to be applied within the existing fixed IP-based system, research is needed to determine what impact it will have. In this paper, we studied the impact of applying network address mutation technology to the existing network protection system. As a result of the study, factors to be considered when firewall, NAC, IPS, and network address mutation technologies are operated together were derived, and elements that must be managed in network address mutation technology for interoperability with the network analysis system were suggested.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.83-92
• /
• 2017

Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker's workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker's intelligence, the intended information scope, and the attacker's location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.57-64
• /
• 2018

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• Journal of Information Processing Systems
• /
• v.19 no.4
• /
• pp.450-464
• /
• 2023

To address the problems of large system overhead and low timeliness when dealing with task scheduling in mobile edge cloud computing, a task scheduling and resource management strategy for edge cloud computing based on an improved genetic algorithm was proposed. First, a user task scheduling system model based on edge cloud computing was constructed using the Shannon theorem, including calculation, communication, and network models. In addition, a multi-objective optimization model, including delay and energy consumption, was constructed to minimize the sum of two weights. Finally, the selection, crossover, and mutation operations of the genetic algorithm were improved using the best reservation selection algorithm and normal distribution crossover operator. Furthermore, an improved legacy algorithm was selected to deal with the multi-objective problem and acquire the optimal solution, that is, the best computing task scheduling scheme. The experimental analysis of the proposed strategy based on the MATLAB simulation platform shows that its energy loss does not exceed 50 J, and the time delay is 23.2 ms, which are better than those of other comparison strategies.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.526-538
• /
• 2021

Machine and deep learning-based models are emerging techniques that are being used to address prediction problems in biomedical data analysis. DNA sequence prediction is a critical problem that has attracted a great deal of attention in the biomedical domain. Machine and deep learning-based models have been shown to provide more accurate results when compared to conventional regression-based models. The prediction of the gene sequence that leads to cancerous diseases, such as prostate cancer, is crucial. Identifying the most important features in a gene sequence is a challenging task. Extracting the components of the gene sequence that can provide an insight into the types of mutation in the gene is of great importance as it will lead to effective drug design and the promotion of the new concept of personalised medicine. In this work, we extracted the exons in the prostate gene sequences that were used in the experiment. We built a Deep Neural Network (DNN) and Bi-directional Long-Short Term Memory (Bi-LSTM) model using a k-mer encoding for the DNA sequence and one-hot encoding for the class label. The models were evaluated using different classification metrics. Our experimental results show that DNN model prediction offers a training accuracy of 99 percent and validation accuracy of 96 percent. The bi-LSTM model also has a training accuracy of 95 percent and validation accuracy of 91 percent.

• Review of KIISC
• /
• v.28 no.2
• /
• pp.5-11
• /
• 2018

지능형 지속 위협(Advanced Persistent Threat) 공격은 Intrusion Kill Chain과 같은 일련의 단계로 구성되어 있기 때문에 특정 단계가 차단되면 공격은 실패하게 된다. Moving Target Defense(MTD)는 보호대상의 주요 속성(네트워크, 운영체제, 소프트웨어, 데이터)을 변화시켜 Intrusion Kill Chain을 구성하는 각 단계를 차단하는 능동적 사전 보안 기술이다. MTD 전략 중에서 네트워크 주소 변이(Network Address Mutation) 기술은 보호대상의 네트워크 주소(IP. Port)를 능동적으로 변이하는 기술로써, Intrusion Kill Chain의 첫 단계인 정찰(Reconnaissance) 행위에 소요되는 비용을 급격하게 증가시킬 수 있는 효율적인 보안 기술이다. 본 논문은 네트워크 주소 변이 기술 분야의 관련 연구들을 살펴보고 네트워크 주소 변이 기술 설계 시 고려해야하는 보안 요구사항과 기능 요구사항을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.431-433
• /
• 2020

4 차 산업혁명의 시대를 맞아 사물인터넷 및 5G 를 활용한 수많은 사물들이 인터넷을 기반으로 연결되고 있다. 또한 이러한 사물들을 관제 및 유지 보수하기 위해서 장비들에 보안 관제 시스템을 구축하고 모니터링을 하기 위한 많은 비용과 관리의 어려움을 겪고 있다. 만약, 장비들이 스스로 능동적인 방어를 하게 된다면 유지관리의 가장 큰 문제가 해결될 것이다. 이러한 능동적인 보안을 통해 보호대상 시스템의 다양한 특징들을 시간의 변화에 따라 역동적으로 변경하는 MTD(Moving Target Defense)기법들이 개발되고 있다. 본 논문에서는 네트워크 기반의 NMTD(Network-based MTD)를 이용하여 호스트 서버에 IP 와 PORT 로 접속하는 SSH 에 적용하여 능동적으로 보호하고, OTP 를 활용하여 사용자 식별을 통해 SSH 에 대한 내부자 접속에 대한 보안을 강화하는 시스템을 설계 및 구현하였다.

• Molecules and Cells
• /
• v.41 no.10
• /
• pp.881-888
• /
• 2018

During the cortical development, cells in the brain acquire somatic mutations that can be implicated in various neurodevelopmental disorders. There is increasing evidence that brain somatic mutations lead to sporadic form of epileptic disorders with previously unknown etiology. In particular, malformation of cortical developments (MCD), ganglioglioma (GG) associated with intractable epilepsy and non-lesional focal epilepsy (NLFE) are known to be attributable to brain somatic mutations in mTOR pathway genes and others. In order to identify such somatic mutations presenting as low-level in epileptic brain tissues, the mutated cells should be enriched and sequenced with high-depth coverage. Nevertheless, there are a lot of technical limitations to accurately detect low-level of somatic mutations. Also, it is important to validate whether identified somatic mutations are truly causative for epileptic seizures or not. Furthermore, it will be necessary to understand the molecular mechanism of how brain somatic mutations disturb neuronal circuitry since epilepsy is a typical example of neural network disorder. In this review, we overview current genetic techniques and experimental tools in neuroscience that can address the existence and significance of brain somatic mutations in epileptic disorders as well as their effect on neuronal circuitry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.8
• /
• pp.2774-2796
• /
• 2015

Quality-of-service (QoS) provisioning for a cognitive mesh network (CMN) with heterogeneous services has become a challenging area of research in recent days. Considering both real-time (RT) and non-real-time (NRT) traffic in a multihop CMN, [1] studied cross-layer resource management, including joint access control, route selection, and resource allocation. Due to the complexity of the formulated resource allocation problems, which are mixed-integer non-linear programming, a low-complexity yet efficient algorithm was proposed there to approximately solve the formulated optimization problems. In contrast, in this work, we present an application of genetic algorithm (GA) to re-address the hard resource allocation problems studied in [1]. Novel initialization, selection, crossover, and mutation operations are designed such that solutions with enough randomness can be generated and converge with as less number of attempts as possible, thus improving the efficiency of the algorithm effectively. Simulation results show the effectiveness of the newly proposed GA-based algorithm. Furthermore, by comparing the performance of the newly proposed algorithm with the one proposed in [1], more insights have been obtained in terms of the tradeoff among QoS provisioning for RT traffic, throughput maximization for NRT traffic, and time complexity of an algorithm for resource allocation in a multihop network such as CMN.