• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1091-1102
• /
• 2022

Robotic systems have developed very rapidly over the past decade. Robot Operating System is an open source-based software framework for the efficient development of robot operating systems and applications, and is widely used in various research and industrial fields. ROS applications may contain various vulnerabilities. Various studies have been conducted to monitor the excution of these ROS applications at runtime. In this study, we propose a real-time attack detection system using event-based runtime monitoring in ROS 2. Our attack detection system extends tracetools of ros2_tracing to instrument events into core libraries of ROS 2 middleware layer and monitors the events during runtime to detect attacks on the application layer through out-of-order execution of the APIs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.459-469
• /
• 2023

The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.1-7
• /
• 2016

As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

• The KIPS Transactions:PartC
• /
• v.13C no.5 s.108
• /
• pp.549-558
• /
• 2006

For activating home network, the security service is positively necessary and especially the access control supports secure home network services and differentiated services. But, the existing security technology for home network seldom consider access control or has a architecture to be dependent on specific middleware. Therefore, in this paper we propose a scheme to support integrated access control in home network to use XACML, access control standard of next generation, to have compatability and extensibility and we design and implement XACML access control system based on this. we also had m access control experiment about various policy to connect developed XACML access control system with the UPnP proxy based on OSGi in order to verify compatability with existing home network system.

• KEPCO Journal on Electric Power and Energy
• /
• v.2 no.4
• /
• pp.563-567
• /
• 2016

In this paper, the chaos-based secure scheme for power line communication is proposed for the first time. A digitalized chaotic generator based Lorenz system is utilized for generating nonlinear dynamic chaotic signal for masking the information signal instead of reported analog chaotic generators. A simple method of encryption and decryption is also given. In order to confirm the feasibility of the proposed scheme, the system is simulated using a simplified encryption/decryption method in Proteus. The gained results from simulation demonstrated that by using the chaos-based security method, the data can be encrypted and easily transmitted through the power line network efficiently.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.59-67
• /
• 2006

Recently the Personal Computer hacking and game hacking for the purpose of gaining an economic profit is increased in Windows system. Malicious code often uses methods which inject dll or code into memory in target process for using covert channel for communicating among them, bypassing secure products like personal firewalls and obtaining sensitive information in system. This paper analyzes the technique for injecting and executing code into memory area in target process. In addition, this analyzes the PE format and IMPORT table for extracting injected dll in running process in affected system and describes a method for extracting and analyzing explicitly loaded dll files related with running process. This technique is useful for finding and analyzing infected processes in affected system.

• The KIPS Transactions:PartD
• /
• v.10D no.7
• /
• pp.1197-1206
• /
• 2003

This paper describes the IPP (Internet Printing Protocol), a standard that makes network setup for printers potentially much easier and, not so incidentally, also user can print over the Internet and specifies an implementation of IPP client/server system. It allows the system administrator and operators to control IPP system users and printer devices. The focus of this effort is optimized capabilities the security features for authentication, authorization, and policies, also improved compatibility with existing WP devices. Finally this paper presents conclusions and further researches.

• KSCI Review
• /
• v.15 no.1
• /
• pp.53-64
• /
• 2007

Avoid at damage systems in order to avoid own IP address exposure, and an invader does not attack directly a system in recent hacking accidents at these papers, and use Stepping stone and carry out a roundabout attack. Use network audit Policy and use a CIS, AIAA technique and algorithm, the Sleep Watermark Tracking technique that used Thumbprints Algorithm, Timing based Algorithm, TCP Sequence number at network bases, and Presented a traceback system at TCP bases at log bases, and be at these papers Use the existing algorithm that is not one module in a system one harm for responding to invasion technology develop day by day in order to supplement the disadvantage where is physical logical complexity of configuration of present Internet network is large, and to have a fast technology development speed, and presentation will do an effective traceback system.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.35-41
• /
• 2018

The Army has developed the concept of terrestrial warfare in conjunction with the Joint Concept and has introduced TICN as the base communication system to support it. TICN has been used to improve the transmission speed and to increase the coverage distance. Through this, TICN is making efforts to create network-centered operation environment so that information can be distributed in real time or near real time from the monitoring system to the hitting system. However, TICN is not enough to overcome the network limitations that may arise from various contingencies in battlefield situations. Therefore, in this paper, we investigated the limitations of communication according to the situations that can occur in the battlefield situation and studied the considerations to overcome them.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.17-22
• /
• 2021

The attack trend on end-users via mobile devices is increasing in both the danger level and the number of attacks. Especially, mobile devices using the Android operating system are being recognized as increasingly being exploited and attacked strongly. In addition, one of the recent attack methods on the Android operating system is to take advantage of Android Package Kit (APK) files. Therefore, the problem of early detecting and warning attacks on mobile devices using the Android operating system through the APK file is very necessary today. This paper proposes to use the method of analyzing abnormal behavior of APK files and use it as a basis to conclude about signs of malware attacking the Android operating system. In order to achieve this purpose, we propose 2 main tasks: i) analyzing and extracting abnormal behavior of APK files; ii) detecting malware in APK files based on behavior analysis techniques using machine learning or deep learning algorithms. The difference between our research and other related studies is that instead of focusing on analyzing and extracting typical features of APK files, we will try to analyze and enumerate all the features of the APK file as the basis for classifying malicious APK files and clean APK files.