• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.391-394
• /
• 2004

Change of paradigm of network attack technique was begun by fast extension of the latest Internet and new attack form is appearing. But, Most intrusion detection systems detect informed attack type because is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, visibilitys to apply human immunity mechanism are appearing. In this paper, we create self-file from normal behavior profile about network packet and embody self recognition algorithm to use self-nonself discrimination in the human immune system to detect anomaly behavior. Sense change because monitors self-file creating anomaly detector based on Negative Selection Algorithm that is self recognition algorithm's one and detects anomaly behavior. And we achieve simulation to use DARPA Network Dataset and verify effectiveness of algorithm through the anomaly detection rate.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.130-140
• /
• 2010

SIP (Session Initiation Protocol) is a signaling protocol to provide IP-based VoIP (Voice over IP) service. However, many security vulnerabilities exist as the SIP protocol utilizes the existing IP based network. The SIP Malformed message attacks may cause malfunction on VoIP services by changing the transmitted SIP header information. Additionally, there are several threats such that an attacker can extract personal information on SIP client system by inserting malicious code into SIP header. Therefore, the alternative measures should be required. In this study, we analyzed the existing research on the SIP anomaly message detection mechanism against SIP attack. And then, we proposed a Co-occurrence based SIP packet analysis mechanism, which has been used on language processing techniques. We proposed a association rule generation and an attack detection technique by using the actual SIP session state. Experimental results showed that the average detection rate was 87% on SIP attacks in case of using the proposed technique.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• Proceedings of the Korean Institute of IIIuminating and Electrical Installation Engineers Conference
• /
• 2008.10a
• /
• pp.217-219
• /
• 2008

SCADA(Supervisory Control and Data Acquisition) is popular control and monitor areas not only in critical infrastructures such as electric power, gas, oil but also industrial applications. Increasement of cyber attack technique and frequency threats secure operation of SCADA systems. Recently many researches have been studied for protecting SCADA system against cyber attacks. This paper introduces overall security technologies in SCADA systems.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.81-87
• /
• 2012

Intrusion Detection System that protects system safely is necessary as network technology is developed rapidly and application division is wide. Intrusion Detection System among others can construct system without participation of other severs. But it has weakness that big load in system happens and it has low efficient because every traffics are inspected in case that mass traffic happen. In this study, Distributed Intrusion Detection System based on protocol is proposed to reduce traffic of intrusion detection system and provide stabilized intrusion detection technique even though mass traffic happen. It also copes to attack actively by providing automatic update of using rules to detect intrusion in sub Intrusion Detection System.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.179-190
• /
• 2004

This paper describes the design of hacking prevention systems using a smart card. It consists of two parts, i.e., PC authentication and Keyboard-buffer hacking prevention. PC authentication function is a procedure to handle the access control to the target PC. The card's serial number is used for PIN(Personal Identification Number) and is converted into hash-code by SHA-1 hash-function to verify the valid users. The Keyboard-buffer hacking prevention function converts the scan codes into the encoded forms using RSA algorithm on the Java Card, and puts them into the keyboard-buffer to protect from illegal hacking. The encoded information in the buffer is again decoded by the RSA algorithm and displayed on the screen. in this paper, we use RSA_PKCS#1 algorithm for encoding and decoding. The reason using RSA technique instead of DES or Triple-DES is for the expansion to multi-functions in the future on PKI. Moreover, in the ubiquitous computing environment, this smart card security system can be used to protect the private information from the illegal attack in any computing device anywhere. Therefore, our security system can protect PC user's information more efficiently and guarantee a legal PC access authority against any illegal attack in a very convenient way.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.3-8
• /
• 2011

Advanced Persistent Threat (APT), aims a specific business or political targets, is rapidly growing due to fast technological advancement in hacking, malicious code, and social engineering techniques. One of the most important characteristics of APT is persistence. Attackers constantly collect information by remaining inside of the targets. Enterprise Security Management (EMS) system can misidentify APT as normal pattern of an access or an entry of a normal user as an attack. In order to analyze this misidentification, a new system development and a research are required. This study suggests the way of forecasting APT and the effective countermeasures against APT attacks by categorizing misidentified data in data-mining through threshold ratings. This proposed technique can improve the detection of future APT attacks by categorizing the data of long-term attack attempts.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.119-128
• /
• 2024

The moveable ad hoc networks are untrustworthy and susceptible to any intrusion because of their wireless interaction approach. Therefore the information from these networks can be stolen very easily just by introducing the attacker nodes in the system. The straight route extent is calculated with the help of hop count metric. For this purpose, routing protocols are planned. From a number of attacks, the wormhole attack is considered to be the hazardous one. This intrusion is commenced with the help of couple attacker nodes. These nodes make a channel by placing some sensor nodes between transmitter and receiver. The accessible system regards the wormhole intrusions in the absence of intermediary sensor nodes amid target. This mechanism is significant for the areas where the route distance amid transmitter and receiver is two hops merely. This mechanism is not suitable for those scenarios where multi hops are presented amid transmitter and receiver. In the projected study, a new technique is implemented for the recognition and separation of attacker sensor nodes from the network. The wormhole intrusions are triggered with the help of these attacker nodes in the network. The projected scheme is utilized in NS2 and it is depicted by the reproduction outcomes that the projected scheme shows better performance in comparison with existing approaches.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2101-2105
• /
• 2003

Recently the number of Internet users has very sharply increased, and the number of intrusions has also increased very much. Consequently, security products are being developed and adapted to prevent systems and networks from being hacked and intruded. Even if security products are adapted, however, hackers can still attack a system and get a special authorization because the security products cannot prevent a system and network from every instance of hacking and intrusion. Therefore, the researchers have focused on an active hacking prevention method, and they have tried to develop a traceback system that can find the real location of an attacker. At present, however, because of the characteristics of Internet - diversity, anonymity - the real-time traceback is very difficult. To over-come this problem the Network-based Real-Time Connection Traceback System (NRCTS) was proposed. But there is a security problem that the victim system can be hacked during the traceback. So, in this paper, we propose modified NRCTS with connection redirection technique. We call this traceback system as Connection Redirected Network-based Real-Time Connection Traceback System (CR-NRCTS).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.7
• /
• pp.1462-1470
• /
• 2003

According to the necessity about information security as well as the advance of IT system and the spread of the Internet, a variety of cryptography algorithms are being developed and put to practical use. In addition the technique about cryptography attack also is advanced, and the algorithms which are strong against its attack are being studied. If the linear transformation matrix in the block cipher algorithm such as Substitution Permutation Networks(SPN) produces the Maximum Distance Separable(MDS) code, it has strong characteristics against the differential attack and linear attack. In this paper, we propose a new algorithm which cm estimate that the linear transformation matrix produces the MDS code. The elements of input code of linear transformation matrix over GF$({2_n})$ can be interpreted as variables. One of variables is transformed as an algebraic formula with the other variables, with applying the formula to the matrix the variables are eliminated one by one. If the number of variables is 1 and the all of coefficient of variable is non zero, then the linear transformation matrix produces the MDS code. The proposed algorithm reduces the calculation time greatly by diminishing the number of multiply and reciprocal operation compared with the conventional algorithm which is designed to know whether the every square submatrix is nonsingular.