• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.165-171
• /
• 2018

The most threatening attack that has become a hot topic of recent IT security is APT Attack.. So far, there is no way to respond to APT attacks except by using artificial intelligence techniques. Here, we have implemented a machine learning algorithm for analyzing cyber threat data using machine learning method, using a data set that collects cyber attack cases using Scikit Learn, a big data machine learning framework. The result showed an attack classification accuracy close to 70%. This result can be developed into the algorithm of the security control system in the future.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.121-127
• /
• 2021

MANET, which does not have any infrastructure other than wireless nodes, has the advantage of being able to construct a fast network. However, the movement of nodes and wireless media are also the causes of security vulnerabilities of MANET. In particular, the damage caused by the attacking nodes existing on the network is considerably greater than that of other networks. Therefore, it is necessary to detection technique for attacking nodes and techniques to reduce damage caused by attacks. In this paper, we proposed a hierarchical structure technique to increase the efficiency of intrusion detection and collaboration-based intrusion detection technique applying a P2P mesh network configuration technique to reduce damage caused by attacks. There was excluded the network participation of the attacking node in advance through the reliability evaluation of the nodes in the cluster. In addition, when an attack by an attacking node is detected, this paper was applied a method of minimizing the damage of the attacking node by transmitting quickly the attack node information to the global network through the P2P mesh network between cluster heads. The ns-2 simulator was used to evaluate the performance of the proposed technique, and the excellent performance of the proposed technique was confirmed through comparative experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.9-21
• /
• 2008

In this paper, we revisit a generally accepted opinion: implementing Elliptic Curve Cryptosystem (ECC) over GF$(2^m)$ on sensor motes using small word size is not appropriate because partial XOR multiplication over GF$(2^m)$ is not efficiently supported by current low-powered microprocessors. Although there are some implementations over GF$(2^m)$ on sensor motes, their performances are not satisfactory enough due to the redundant memory accesses that result in inefficient field multiplication and reduction. Therefore, we propose some techniques for reducing unnecessary memory access instructions. With the proposed strategies, the running time of field multiplication and reduction over GF$(2^{163})$ can be decreased by 21.1% and 24.7%, respectively. These savings noticeably decrease execution times spent in Elliptic Curve Digital Signature Algorithm (ECDSA) operations (Signing and verification) by around $15{\sim}19%$.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.47-58
• /
• 2002

The access control techniques, which can control unauthorized members to access to multicast service, have not been studied very often while there are a lot of on-going study on secure multicast architecture, multicast key distribution and sender authentication scheme have been studied. Multi level access control scheme in multicast can be used in a remote secure conference or to provide graduated multimedia services to each customers. In fact, multicast network has its own virtual networks according to different security levels. However, Early schemes are not effective when it protects unauthorized access in multi-access network environment. Furthermore this scheme does not provide us with hierarchical access control mechanism. This paper, therefore, proposes hierarchical access control scheme to provide the effectiveness in network layer by security level comparison. And we also suggests hierarchical key distribution scheme for multi level access control in application layer and effective hierarchical key renewal scheme in dynamic multicast environment which is easy to join and leaving the multicast group.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.155-163
• /
• 2011

Rumor or abusive web postings in internet has become a social issue. Web postings may be proposed on evidence in form of a screenshot in libel suit, but a screenshot can be easily modified by computer programs. A person can make ill use of the screenshot which is modified deliberately original contents to opposite meaning in a lawsuit. That makes an innocent person to be punished because it can have difficulties to verify despite analyzing the server data. A screenshot of web postings is likely to fail to prove its authenticity and it is not able to reflect the fact. If notarization for web postings is offered, clear and convincing evidence can be submitted in a court. So, related techniques and policies should be established In this paper, we propose some technical and legal conditions and design for notarization and archive system of web postings for litigation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.869-882
• /
• 2012

With the growth of Web services and the development of web exploit toolkits, web-based malware has increased dramatically. Using Javascript Obfuscation, recent web-based malware hide a malicious URL and the exploit code. Thus, pattern matching for network intrusion detection systems has difficulty of detecting malware. Though various methods have proposed to detect Javascript malware on a users' web browser, the overall detection is needed to counter advanced attacks such as APTs(Advanced Persistent Treats), aimed at penetration into a certain an organization's intranet. To overcome the limitation of previous pattern matching for network intrusion detection systems, a novel deobfuscating method to handle obfuscated Javascript is needed. In this paper, we propose a framework for effective hidden malware detection through an automated deobfuscation regardless of advanced obfuscation techniques with overriding JavaScript functions and a separate JavaScript interpreter through to improve jsunpack-n.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.105-112
• /
• 2009

Nowadays, completely automated public turing tests to tell computers and humans apart(CAPTCHAs) are widely used to prevent various attacks by automated software agents such as creating accounts, advertising, sending spam mails, and so on. In early CAPTCHAs, the characters were simply distorted, so that users could easily recognize the characters. From that reason, using various techniques such as image processing, artificial intelligence, etc., one could easily break many CAPTCHAs, either. As an alternative, By adding noise to CAPTCHAs and distorting the characters in CAPTCHAs, it made the attacks to CAPTCHA more difficult. Naturally, it also made users more difficult to read the characters in CAPTCHAs. To improve the readability of CAPTCHAs, some CAPTCHAs used different colors for the characters. However, the usage of the different colors gives advantages to the adversary who wants to break CAPTCHAs. In this paper, we suggest a method of increasing the recognition ratio of CAPTCHAs based on colors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.15-21
• /
• 2010

In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, the research about the signal compression is not enough than a signal alignment and a noise reduction; even though that can reduce considerably the computation time for the power analysis. But, the existing compression method can sometimes reduce the performance of the power analysis because those are the unsophisticated method not considering the characteristic of the signal. In this paper, we propose the new PCA (principal component analysis)-based signal compression method, which can block the loss of the meaningful factor of the original signal as much as possible, considering the characteristic of the signal. Also, we prove the performance of our method by carrying out the experiment.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.103-112
• /
• 2020

Recently, the interest in hobby/leisure drones is increasing in the private sector, and the military also uses drones in various countries such as North Korea, the United States, and Iran for military purposes such as reconnaissance and destruction. A variety of drone related research is underway, such as establishing and operating drone units within the Korean military. Inparticular, recently, as the size of drone flight control source code increases and the number of functions increases, drone developers are getting accustomed to using open sources and using them without checking for separate security vulnerabilities. However, since these open sources are actually accessible to attackers, they are inevitably exposed to various vulnerabilities. In this paper, we propose an attack scenario for military drones using open sources in connection with these vulnerabilities using Telemetry Hijacking techniques.

• International Journal of Computer Science & Network Security
• /
• v.23 no.9
• /
• pp.55-64
• /
• 2023

The Internet of Things (IoT) is the combination of the internet and various sensing devices. IoT security has increasingly attracted extensive attention. However, significant losses appears due to malicious attacks. Therefore, intrusion detection, which detects malicious attacks and their behaviors in IoT devices plays a crucial role in IoT security. The intrusion detection system, namely IDS should be executed efficiently by conducting classification and efficient feature extraction techniques. To effectively perform Intrusion detection in IoT applications, a novel method based on a Conventional Neural Network (CNN) for classification and an improved Genetic Algorithm (GA) for extraction is proposed and implemented. Existing issues like failing to detect the few attacks from smaller samples are focused, and hence the proposed novel CNN is applied to detect almost all attacks from small to large samples. For that purpose, the feature selection is essential. Thus, the genetic algorithm is improved to identify the best fitness values to perform accurate feature selection. To evaluate the performance, the NSL-KDDCUP dataset is used, and two datasets such as KDDTEST²¹ and KDDTEST⁺ are chosen. The performance and results are compared and analyzed with other existing models. The experimental results show that the proposed algorithm has superior intrusion detection rates to existing models, where the accuracy and true positive rate improve and the false positive rate decrease. In addition, the proposed algorithm indicates better performance on KDDTEST⁺ than KDDTEST²¹ because there are few attacks from minor samples in KDDTEST⁺. Therefore, the results demonstrate that the novel proposed CNN with the improved GA can identify almost every intrusion.