• ETRI Journal
• /
• v.37 no.2
• /
• pp.348-358
• /
• 2015

Mobile devices have been widespread and become very popular with connectivity to the Internet, and a lot of desktop PC applications are now aggressively ported to them. Unfortunately, mobile devices are often vulnerable to malicious attacks due to their common usage and connectivity to the Internet. Therefore, the demands on the development of mobile security systems increase in accordance with advances in mobile computing. However, it is very hard to run a security program on a mobile device all of the time due the device's limited computational power and battery life. To overcome these problems, we propose a novel mobile security scheme that migrates heavy computations on mobile devices to cloud servers. An efficient data transmission scheme for reducing data traffic between devices and servers over networks is introduced. We have evaluated the proposed scheme with a mobile device in a cloud environment, whereby it achieved a maximum speedup of 13.4 compared to a traditional algorithm.

• ETRI Journal
• /
• v.37 no.1
• /
• pp.77-87
• /
• 2015

In wireless networks, cooperation is necessary for many protocols, such as routing, clock synchronization, and security. It is known that cooperator nodes suffer greatly from problems such as increasing energy consumption. Therefore, rational nodes have no incentive to cooperatively forward traffic for others. A rational node is different from a malicious node. It is a node that makes the best decision in each state (cooperate or non-cooperate). In this paper, game theory is used to analyze the cooperation between nodes. An evolutionary game has been investigated using two nodes, and their strategies have been compared to find the best one. Subsequently, two approaches, one based on a genetic algorithm (GA) and the other on learning automata (LA), are presented to incite nodes for cooperating in a noisy environment. As you will see later, the GA strategy is able to disable the effect of noise by using a big enough chromosome; however, it cannot persuade nodes to cooperate in a noisefree environment. Unlike the GA strategy, the LA strategy shows good results in a noise-free environment because it has good agreement in cooperation-based strategies in both types of environment (noise-free and noisy).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Journal of the Korean Society of Systems Engineering
• /
• v.12 no.2
• /
• pp.101-114
• /
• 2016

A model-based systems engineering (MBSE) approach to implementing hardware-based network cybersecurity controls for APR1400 non-safety data network is presented in this work. The proposed design was developed by implementing packet filtering and deep packet inspection functions to control the unauthorized traffic and malicious contents. Denial-of-Service (DoS) attack was considered as a potential cybersecurity issue that may threaten the data availability and integrity of DCS gateway servers. Logical design architecture was developed to simulate the behavior of functions flow. HDL-based physical architecture was modelled and simulated using Xilinx ISE software to verify the design functionality. For effective modelling process, enhanced function flow block diagrams (EFFBDs) and schematic design based on FPGA technology were together developed and simulated to verify the performance and functional requirements of network security controls. Both logical and physical design architectures verified that hardware-based cybersecurity controls are capable to maintain the data availability and integrity. Further works focus on implementing the schematic design to an FPGA platform to accomplish the design verification and validation processes.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.639-642
• /
• 2015

As attack to routing function on MANET(Mobile Ad-Hoc Network), hole attack make cause some critical effects. MANET is easily influenced with hole attack and can be critically effected on transmission performance, because it is configured with terminal device as temporary network and dose not have effective means for malicious attack. In this paper, effects of grayhole attack to network performance on MANTE is analyzed with computer simulation. Voice traffic is used in simulation, effects of grayhole attack is compaerd with blackhole attack. The method and result of this paper can be used for data to study grayhoke attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2512-2531
• /
• 2014

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.105-112
• /
• 2014

The utilization of Wireless Ad Hoc Network which can build easily network using wireless device in difficult situation to build network is very good. However, it has security threat element because it transfers data by only forwarding of wireless devices. The measures against this should be prepared because damage by especially routing attack can affect the entire network. It is hard to distinguish malicious node and normal node among nodes composing network and it is not easy also to detect routing attack and respond to this. In this paper, we propose new method which detect routing attack and can respond to this. The amount of traffic in all nodes is measured periodically to judge the presence or absence of attack node on the path set. The technique that hides inspection packet to suspected node and transmits is used in order to detect accurately attack node in the path occurred attack. The experiment is performed by comparing SRAODA and SEAODV technique to evaluate performance of the proposed technique and the excellent performance can be confirmed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.783-786
• /
• 2015

Hole attack, which is disturbed transmission function through change of routing information, can cause critical results for MANET as non-infrastructure network. Backhole attack, as a typical hole attack, is one malicious attack which is disabled network transmission function by assumption of transmission data through modification of routing information. It is very important to evaluate transmission performance caused by blackhole attack, because transmission performance of MANET is affective with blackhole attack. In this paper, transmission performance is analyzed with MANET under multiple blackhole attacks caused multiple blackhole nodes. Computer simulation based on NS-2 is used as analysis tool and voice traffic is considered ad application service on MANET.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.578-581
• /
• 2014

Blackhole attack, a kinds of attacks to routing function, can cause critical effects to network transmission function, Especially, on MANET(Mobile Ad-hoc Network) which it is not easy to prepare functions to respond malicious intrusion, transmission functions of entire networks could be degraded. In this paper, effects of blackhole attack to network transmission performance is analyzed on lattice structured MANET. Specially, performance is measured for various location of blackhole attack on lattice MANET, and compared with the performance of random structured MANET. This paper is done with computer simulation, VoIP(Voice over Internet Protocol) traffic is used in simulation. The results of this paper can be used for data to deal with blackhole attack.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.