• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.43-52
• /
• 2008

We study the problem of search in which a server contains various multimedia contents and a user wishes to retrieve some multimedia items containing a specific without revealing to the server which items they are. Recently, Ogata and Kurosawa introduced a search scheme by using the notion of oblivious transfer. In their scheme, a user must inefficiently search and compare all the data stored in the seuer for each search query. In this paper, we propose an efficient oblivious search by using the oblivious transfer, in which a user needs not to search and compare all the data. We formally prove that the proposed scheme is secure under the hardness of RSA known target inversion problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.679-689
• /
• 2012

There were clear differences between the DDoS attack on 7th July 2009 and the rest of them prior to the attack. Despite It had emitted relatively small sized packets per infected PC, the attack was very successful making use of HTTP Flooding attack by aggregating small sized packets from the well sized zombie network. As the objective of the attack is not causing permanent damage to the target system but temporal service disruption, one should ensure the availability of the target server by deploying effective defense strategy. In this paper, a novel HTTP based DDoS defense mechanism is introduced with capacity based defense-in-depth strategy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3163-3181
• /
• 2023

Eavesdropping attacks have seriously threatened network security. Attackers could eavesdrop on target nodes and link to steal confidential data. In the traditional network architecture, the static routing path and the important nodes determined by the nature of network topology provide a great convenience for eavesdropping attacks. To resist monitoring attacks, this paper proposes a random routing mutation defense method based on dynamic path weight (DPW-RRM). It utilizes network centrality indicators to determine important nodes in the network topology and reduces the probability of important nodes in path selection, thereby distributing traffic to multiple communication paths, achieving the purpose of increasing the difficulty and cost of eavesdropping attacks. In addition, it dynamically adjusts the weight of the routing path through network state constraints to avoid link congestion and improve the availability of routing mutation. Experimental data shows that DPW-RRM could not only guarantee the normal algorithmic overhead, communication delay, and CPU load of the network, but also effectively resist eavesdropping attacks.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.57-64
• /
• 2023

In this study, we analyzed how to steal the target model without training data. Input data is generated using the generative model, and a similar model is created by defining a loss function so that the predicted values of the target model and the similar model are close to each other. At this time, the target model has a process of learning so that the similar model is similar to it by gradient descent using the logit (logic) value of each class for the input data. The tensorflow machine learning library was used as an experimental environment, and CIFAR10 and SVHN were used as datasets. A similar model was created using the ResNet model as a target model. As a result of the experiment, it was found that the model stealing method generated a similar model with an accuracy of 86.18% for CIFAR10 and 96.02% for SVHN, producing similar predicted values to the target model. In addition, considerations on the model stealing method, military use, and limitations were also analyzed.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.131-140
• /
• 2023

Network security situational awareness systems helps in better managing the security concerns of a network, by monitoring for any anomalies in the network connections and recommending remedial actions upon detecting an attack. An Intrusion Detection System helps in identifying the security concerns of a network, by monitoring for any anomalies in the network connections. We have proposed a CRF based IDS system using genetic search feature selection algorithm for network security situational awareness to detect any anomalies in the network. The conditional random fields being discriminative models are capable of directly modeling the conditional probabilities rather than joint probabilities there by achieving better classification accuracy. The genetic search feature selection algorithm is capable of identifying the optimal subset among the features based on the best population of features associated with the target class. The proposed system, when trained and tested on the bench mark NSL-KDD dataset exhibited higher accuracy in identifying an attack and also classifying the attack category.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.71-79
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, hey possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance supports and emergency measures. In order to solve these deficiencies, Wireless Remote Control System(W-RCS) was designed and implemented. W-RCS is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of W-RCS leads to these security problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to W-RCS. The security functions based on public key infrastructure include mobile device user authentication and target system access control. The W-RCS allows real-time user authentication, increases the flexibility of resource administrators and mobile device non, and provides not only uninterrupted services, but also safe mobile office environments.

• Korean Security Journal
• /
• no.40
• /
• pp.57-86
• /
• 2014

As the revision of Building Code including applying crime prevention design to buildings passed recently and target hardening ought to be evidence-based, we studied the Modus Operandi (MO) and intrusion tools of domestic burglary to earn basic data for improvement of crime prevention hardware in the future. To be specific, we reviewed related academic literature and police official statistics of domestic burglary critically and interviewed detectives in charge of burglary to specify and categorize MO and tools. We can derive some implications from research findings, including improvement of the statistical system for the MO of burglary, active sharing of the MO of burglary among the criminal justice agencies and related industries and experts. Also, crime prevention advice and education for the local residents focused on MO of burglary can be recommended. Based on this research, to enhance the level of community safety significantly, performance tests of crime prevention hardware such as security doors and windows etc. and the study on related certification system should be vitalized.