• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.165-168
• /
• 2005

The objects, which can be personal digital assistants, electronic rings, doors or even clothes, offer embedded chips with computation facilities and are generally called artifacts. I later realized that this was not so the real problem is actually authentication. Recent results indicate scalability problems for flat ad hoc networks. Sensor network achieves function that handle surrounding information perception through sensor and sensed information to network that is consisted of sensor nodes of large number. Research about new access control techniques and height administration techniques need authentication information persons' certification assurance level classification in sensor network environment which become necessary different view base with authentication information at node for application of AAA technology in USN environment that must do authentication process using information that is collected from various sensor mountings. So, get base authentication information in sensor type and present weight grant model by security strength about authentication information through information who draw. In this paper collected information of sensor nodes model who give weight drawing security reinforcement as authentication information by purpose present be going to. and Must be able to can grasp special quality of each sensor appliances in various side and use this and decide authentication assurance level for value estimation as authentication information elements. Therefore, do to define item that can evaluate Authentication information elements thus and give simple authentication assurance level value accordingly because applying weight. Present model who give authentication assurance level value and weight for quotation according to security strength.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.573-582
• /
• 2020

Fuzzing is a method of testing software by randomly generating test cases. Since its introduction, a variety of fuzzing techniques have been studied. Among them, mutation-based fuzzing is an efficient method that finds real-world bugs even though it uses a simple approach such as probabilistic bit-flipping and character substitution. However, the interpreter fuzzing has difficulty in applying general mutation techniques because the interpreter requires grammar and semantic correctness input values. In this paper, we present a novel mutation-based fuzzing on JavaScript interpreters with a dynamic data flow analysis. To this end, we implement JMFuzzer that can generate various types of mutated test cases that operate normally without runtime errors in JavaScript interpreter considering syntax and semantics. As a result, we found numerous unknown vulnerabilities in the latest JavaScript interpreters. We reported all of them to the vendors.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.117-128
• /
• 2012

There was a large scale of DDoS(Distributed Denial of Service) attacks mostly targeted at Korean government web sites and cooperations's on March 4, 2010(3.4 DDoS attack) after 7.7 DDoS on July 7, 2009. In these days, anyone can create zombie PCs to attack someone's website with malware development toolkits and farther more improve their knowledge of hacking skills as well as toolkits because it has become easier to obtain these toolkits on line, For that trend, it has been difficult for computer security specialists to counteract DDoS attacks. In this paper, we will introduce an essential control list to prevent malware infection with live forensics techniques after analysis of monitoring network systems and PCs. Hopefully our suggestion of how to coordinate a security monitoring system in this paper will give a good guideline for cooperations who try to build their new systems or to secure their existing systems.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.41-47
• /
• 2006

Spyware is any technology that aids in gathering information about a person or organization with-out their knowledge. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. A piece of spyware and adware affect computers which can rapidly become infected with large numbers of spyware and adware components. Users frequently notice from un-wanted behavior and degradation of system performance, such as significant unwanted CPU activity, disk usage, and network traffic which thereby slows down legitimate uses of these resources. The presence of situation will continue because of rapid expansion of Internet usages. Therefore, security solutions, such as anti-adware and anti-spyware, for recovering these malfunction due to the malicious programs must be developed. However, studies on the malicious programs are still not sufficient. Accordingly, this paper has studied the malicious program techniques, based on the results of analysis of present adware and spyware techniques by employing collected samples, and presents efficient measures for blocking and remedying the malicious programs.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.47-53
• /
• 2019

Network-based sharing of information has evolved into a cloud service environment today, increasing its number of users rapidly, but has become a major target for network-based illegal attackers.. In addition, IP spoofing among attackers' various attack techniques generally involves resource exhaustion attacks. Therefore, fast detection and response techniques are required. The existing detection method for IP spoofing attack performs the final authentication process according to the analysis and matching of traceback information of the client who attempted the connection request. However, the simple comparison method of traceback information may require excessive OTP due to frequent false positives in an environment requiring service transparency. In this paper, symmetric key cryptography based on traceback information is used as mutual authentication information to improve this problem. That is, after generating a traceback-based encryption key, mutual authentication is possible by performing a normal decryption process. In addition, this process could improve the overhead caused by false positives.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.9-15
• /
• 2012

With the rise of internet and e-commerce, this is more applicable now than ever. People rely on computer networks to provide them with news, stock prices, e-mail and online shopping. People's credit card details, medical records and other personal information are stored on computer systems. Many companies have a web presence as an essential part of their business. The research community uses computer systems to undertake research and to disseminate findings. The integrity and availability of all these systems have to be protected against a number of threats. Amateur hackers, rival corporations, terrorists and even foreign governments have the motive and capability to carry out sophisticated attacks against computer systems. Therefore, the field of information and communication security has become vitally important to the safety and economic well being of society as a whole. This paper provides an overview of IDS and IPS, their functions, detection and analysis techniques. It also presents comparison of security capability and characteristics of IDPS techniques. This will make basis of IDPS(Intrusion Detection and Protection System) technology integration for a broad-based IDPS solutions

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.14-23
• /
• 2006

Wireless Sensor Network(WSN) consists of huge number of sensor nodes which are small and inexpensive with very limited resources. The public key cryptography is undesirable to be used in WSN because of the limitations of the resources. A key management and predistribution techniques are required to apply the symmetric key cryptography in such a big network. Many key predistribution techniques and approaches have been proposed, but most of-them didn't consider the real WSN assumptions, In this paper, we propose a security framework that is based on a hierarchical grid for WSN considering the proper assumptions of the communication traffic and required connectivity. We apply simple keying material distribution scheme to measure the value of our framework. Finally, we provide security analysis for possible security threats in WSN.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.11-17
• /
• 2019

Recently, the abuse of Internet technology has caused economic and mental harm to society as a whole. Especially, malicious code that is newly created or modified is used as a basic means of various application hacking and cyber security threats by bypassing the existing information protection system. However, research on small-capacity executable files that occupy a large portion of actual malicious code is rather limited. In this paper, we propose a model that can analyze the characteristics of known small capacity executable files by using data mining techniques and to use them for detecting unknown malicious codes. Data mining analysis techniques were performed in various ways such as Naive Bayesian, SVM, decision tree, random forest, artificial neural network, and the accuracy was compared according to the detection level of virustotal. As a result, more than 80% classification accuracy was verified for 34,646 analysis files.