• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.105-112
• /
• 2014

The utilization of Wireless Ad Hoc Network which can build easily network using wireless device in difficult situation to build network is very good. However, it has security threat element because it transfers data by only forwarding of wireless devices. The measures against this should be prepared because damage by especially routing attack can affect the entire network. It is hard to distinguish malicious node and normal node among nodes composing network and it is not easy also to detect routing attack and respond to this. In this paper, we propose new method which detect routing attack and can respond to this. The amount of traffic in all nodes is measured periodically to judge the presence or absence of attack node on the path set. The technique that hides inspection packet to suspected node and transmits is used in order to detect accurately attack node in the path occurred attack. The experiment is performed by comparing SRAODA and SEAODV technique to evaluate performance of the proposed technique and the excellent performance can be confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.83-97
• /
• 2021

Wireless sensors that make up the Wireless Sensor Network generally have extremely limited power and resources. The wireless sensor enters the sleep state at a certain interval to conserve power. The Sleep deflation attack is a deadly attack that consumes power by preventing wireless sensors from entering the sleep state, but there is no clear countermeasure. Thus, in this paper, using clustering-based binary search tree structure, the Sleep deprivation attack detection model is proposed. The model proposed in this paper utilizes one of the characteristics of both attack sensor nodes and normal sensor nodes which were classified using machine learning. The characteristics used for detection were determined using Long Short-Term Memory, Decision Tree, Support Vector Machine, and K-Nearest Neighbor. Thresholds for judging attack sensor nodes were then learned by applying the SVM. The determined features were used in the proposed algorithm to calculate the values for attack detection, and the threshold for determining the calculated values was derived by applying SVM.Through experiments, the detection model proposed showed a detection rate of 94% when 35% of the total sensor nodes were attack sensor nodes and improvement of up to 26% in power retention.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.415-426
• /
• 2021

The implementation of iris biometrics on smartphone devices has recently become an emerging research topic. As the use of iris biometrics on smartphone devices becomes more widely adopted, it is to be expected that there will be similar efforts in the research community to beat the biometric by exploring new spoofing methods and this will drive a corresponding requirement for new liveness detection methods. In this paper we addresses the problem of presentation attacks (Spoofing) against the Iris Recognition System on mobile devices and propose novel Presentation Attack Detection (PAD) method which suitable for mobile environment.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.288-296
• /
• 2022

Side-channel attacks are a quiet mighty type of attack that targets specific physical implementations vulnerabilities. Even though several researchers have examined diverse means and methods of detecting side-channel attacks, at the present time a systematic review of these approaches does not exist. The purposes of this paper are to give an extensive analysis of literature on side-channel attack detection and offer intuitiveness from past research studies. In this study, a literature survey is conducted on articles related to side-channel attack detection between 2020 and 2022 from ACM and IEEE digital libraries. From the 10 publications included in the study, it appears they target either a single type of side-channel attacks or multiple types of side-channel attacks. Therefore, a vital review of each of the two categories is provided, as well as possible prospective research in this field of study.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.6
• /
• pp.151-158
• /
• 2019

FLUSH+RELOAD attack exposes the most serious security threat among cache side channel attacks due to its high resolution and low noise. This attack is exploited by a variety of malicious programs that attempt to leak sensitive information. In order to prevent such information leakage, it is necessary to detect FLUSH+RELOAD attack in real time. In this paper, we propose a novel run-time detection technique for FLUSH+RELOAD attack by utilizing PCM (Performance Counter Monitor) of processors. For this, we conducted four kinds of experiments to observe the variation of each counter value of PCM during the execution of the attack. As a result, we found that it is possible to detect the attack by exploiting three kinds of important factors. Then, we constructed a detection algorithm based on the experimental results. Our algorithm utilizes machine learning techniques including a logistic regression and ANN(Artificial Neural Network) to learn from different execution environments. Evaluation shows that the algorithm successfully detects all kinds of attacks with relatively low false rate.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2C
• /
• pp.208-218
• /
• 2006

In this paper, we introduce the creation methods of attack detection model using data mining technologies that can classify the latest attack types, and can detect the modification of existing attacks as well as the novel attacks. Also, we evaluate comparatively these attack detection models in the view of detection accuracy and detection time. As the important factors for creating detection models, there are data, attribute, and detection algorithm. Thus, we used NetFlow data gathered at the real network, and KDD Cup 1999 data for the experiment in large quantities. And for attribute selection, we used a heuristic method and a theoretical method using decision tree algorithm. We evaluate comparatively detection models using a single supervised/unsupervised data mining approach and a combined supervised data mining approach. As a result, although a combined supervised data mining approach required more modeling time, it had better detection rate. All models using data mining techniques could detect the attacks within 1 second, thus these approaches could prove the real-time detection. Also, our experimental results for anomaly detection showed that our approaches provided the detection possibility for novel attack, and especially SOM model provided the additional information about existing attack that is similar to novel attack.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.49-57
• /
• 2006

Firewall to block a network access of unauthorized IP system and IDS (Intrusion Detection System) to detect malicious code pattern to be known consisted the main current of the information security system at the past. But, with rapid growth the diffusion speed and damage of malicious code like the worm, study of the unknown attack traffic is processed actively. One of such method is detection technique using traffic statistics information on the network viewpoint not to be an individual system. But, it is very difficult but to reserve traffic raw data or statistics information. Therefore, we present extraction technique of a network traffic Raw data and a statistics information like the time series. Also, We confirm the validity of a mixing traffic and show the evidence which is suitable to the experiment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• Journal of Information Processing Systems
• /
• v.14 no.1
• /
• pp.56-78
• /
• 2018

Security issue in mobile ad hoc network (MANET) is a promising research. In 2011, we had accomplished a survey of black hole attacks in MANETs. However network technology is changing with each passing day, a vast number of novel schemes and papers have been proposed and published in recent years. In this paper, we survey the literature on malicious attacks in MANETs published during past 5 years, especially the black hole attack. Black hole attacks are classified into non-cooperative and collaborative black hole attacks. Except black hole attacks, other attacks in MANET are also studied, e.g., wormhole and flooding attacks. In addition, we conceive the open issues and future trends of black hole detection and prevention in MANETs based on the survey results of this paper. We summarize these detection schemes with three systematic comparison tables of non-cooperative black hole, collaborative black hole and other attacks, respectively, for a comprehensive survey of attacks in MANETs.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.3-8
• /
• 2014

Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamic topology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communication path and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposed attack detection technique using secure authentication infrastructure for efficient detection and prevention of internal attack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority and the public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity of data between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2 simulator is used to evaluate performance of proposed method and excellent performance can be performed through the experiment.