• 대한전자공학회논문지TC
• /
• 제42권9호
• /
• pp.85-96
• /
• 2005

"인터넷을 기반으로 하는 VPN(Virt at Private Network)"은 비용과 운용측면에서 효율적이다 하지만 광 대역폭 그리고 신뢰성 있는 서비스에 대한 요구의 증가는 IP/GMPLS over DWDM 기반의 백본 네트워크가 차세대 OVPN (Optical VPN)을 위하여 가장 적합한 백본 네트워크로 간주되게 하였다. 그러나, 높은 데이터 전송율을 가지는 OVPN망에서 광 소자의 일시적인 fault/attack에 의해서 일어나는 서비스 파괴는 순식간에 막대한 트래픽 손실을 야기 할 수 있으며, 비 인가된 physical attack 으로 인하여 물리적인 구성소자를 통해 정보가 도청 될 수 있다 또한 데이터 전송을 관리하는 제어 메시지가 변조되거나 복사되어 조작될 경우 데이터가 전송도중 실패하더라도 망의 생존성을 보장할수가 없게 된다. 따라서, OVPN에서는 생존성 문제 (i.e. fault/attack에 대한 물리적인 구조와 광 소자를 고려한 최적의 복구 매커니즘, 그리고 GMPLS 제어메시지의 보안성 있는 전송) 가 중요한 이슈로 대두되고 있다. 본 논문에서는 fault/attack을 관리하기 위해 광 소자들과 공통된 위험 요소를 포함하는 소자들을 분류하고, SRLG (Shared Risk Link Group)를 고려한 경로 설립 스킴과 GMPLS의 RSVP-TE+(Reservation Protocol-Traffic Engineering Extension)와 LMP(Link Management Protocol)의 보안성 제공 메커 니즘을 제안하여, OVPN에서의 생존성을 보장한다. 끝으로 시뮬레이션 결과를 통하여 제안된 알고리즘이 망 생존성을 위하여 더욱 효율적임을 증명하였다.

• 한국통신학회논문지
• /
• 제29권4C호
• /
• pp.550-558
• /
• 2004

본 연구에서는 네트워크 기반 서비스 거부 공격에 대응하여 허용된 서비스 거부확률을 보장할 수 있는 적합한 네트워크 노드를 설계하기 위해, 보호 대상 시스템 상위 노드 단의 상위 준위와 하위 준위의 물리적인 전송 대역, 버퍼 용량, 네트워크 기반 서비스 거부 공격에 소모된 자원, 허웅 가능한 공격 소스 수 및 손실 확률에 대한 관계를 분석한 제한 조건을 도출하였고 이에 대한 네트워크 노드의 자원과 비용의 관계를 분석하여 보장된 가용성을 유지할 수 있는 경제적 노드의 자원 구성을 설계하였다. 따라서 본 연구 결과는 네트워크 기반 서비스 거부 공격에 대응할 수 있는 효율적인 보안 네트워크 구조 설계에 기여할 것으로 기대된다.

• International Journal of Computer Science & Network Security
• /
• 제23권4호
• /
• pp.69-78
• /
• 2023

With the global rise of digital data, the uncontrolled quantity of data is susceptible to cyber warfare or cyber attacks. Therefore, it is necessary to improve cyber security systems. This research studies the behavior of malicious acts and uses Higuchi Fractal Dimension (HFD), which is a non-linear mathematical method to examine the intricacy of the behavior of these malicious acts and anomalies within the cyber physical system. The HFD algorithm was tested successfully using synthetic time series network data and validated on real-time network data, producing accurate results. It was found that the highest fractal dimension value was computed from the DoS attack time series data. Furthermore, the difference in the HFD values between the DoS attack data and the normal traffic data was the highest. The malicious network data and the non-malicious network data were successfully classified using the Receiver Operating Characteristics (ROC) method in conjunction with a scaling stationary index that helps to boost the ROC technique in classifying normal and malicious traffic. Hence, the suggested methodology may be utilized to rapidly detect the existence of abnormalities in traffic with the aim of further using other methods of cyber-attack detection.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권2호
• /
• pp.221-242
• /
• 2020

Purpose This study collects data of the recently activated online black market and analyzes it to present a specific method for preparing for a hacking attack. This study aims to make safe from the cyber attacks, including hacking, from the perspective of individuals and businesses by closely analyzing hacking methods and tools in a situation where they are easily shared. Design/methodology/approach To prepare for the hacking attack through the online black market, this study uses the routine activity theory to identify the opportunity factors of the hacking attack. Based on this, text mining and social network techniques are applied to reveal the most dangerous areas of security. It finds out suitable targets in routine activity theory through text mining techniques and motivated offenders through social network analysis. Lastly, the absence of guardians and the parts required by guardians are extracted using both analysis techniques simultaneously. Findings As a result of text mining, there was a large supply of hacking gift cards, and the demand to attack sites such as Amazon and Netflix was very high. In addition, interest in accounts and combos was in high demand and supply. As a result of social network analysis, users who actively share hacking information and tools can be identified. When these two analyzes were synthesized, it was found that specialized managers are required in the areas of proxy, maker and many managers are required for the buyer network, and skilled managers are required for the seller network.

• ETRI Journal
• /
• 제33권5호
• /
• pp.770-779
• /
• 2011

Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events.

• International Journal of Computer Science & Network Security
• /
• 제21권7호
• /
• pp.159-168
• /
• 2021

Detecting cyber-attacks using machine learning or deep learning is being studied and applied widely in network intrusion detection systems. We noticed that the application of deep learning algorithms yielded many good results. However, because each deep learning model has different architecture and characteristics with certain advantages and disadvantages, so those deep learning models are only suitable for specific datasets or features. In this paper, in order to optimize the process of detecting cyber-attacks, we propose the idea of building a new deep learning network model based on the association and combination of individual deep learning models. In particular, based on the architecture of 2 deep learning models: Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM), we combine them into a combined deep learning network for detecting cyber-attacks based on network traffic. The experimental results in Section IV.D have demonstrated that our proposal using the CNN-LSTM deep learning model for detecting cyber-attacks based on network traffic is completely correct because the results of this model are much better than some individual deep learning models on all measures.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.49-57
• /
• 2017

IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.

• 융합보안논문지
• /
• 제11권6호
• /
• pp.25-30
• /
• 2011

MANET은 이동 노드로만 구성되어 있고 중앙 관리 시스템이 존재하지 않기 때문에 보안에 더욱 취약한 구조를 가지고 있다. 이러한 무선 네트워크를 위협하는 공격들 중에 그 피해가 가장 심각한 공격이 바로 DDoS 공격이다. 최근 들어 DDoS 공격은 목표 대상과 수법이 다양해지고 지능화 되어가고 있다. 본 논문에서는 비정상 트래픽을 정확히 분류하여 DDoS 탐지율을 높이기 위한 기법을 제안하였다. MANET을 구성하는 노드들을 클러스터로 형성한 후 클러스터 헤드가 감시 에이젼트 기능을 수행하게 하였다. 그리고 감시 에이젼트가 모든 트래픽을 수집한 후 비정상 트래픽 패턴을 탐지하기 위하여 결정트리 기법을 적용하였으며 트래픽 패턴을 판단하여 공격을 탐지하였다. 실험을 통해 본 논문에서 제안한 탐지 기법의 높은 공격 탐지율을 확인하였다.

• 한국정보과학회논문지:정보통신
• /
• 제30권1호
• /
• pp.97-116
• /
• 2003

최근 웹 서비스의 증가와 한께 엘 서비스에 대한 공격과 피 피해 규모는 증가하고 있다. 그러나 웹 서비스에 대한 공격은 다른 인터넷 공격들과 성격이 다르고 그에 대한 연구 또한 부족한 현실이다. 더욱이 기존의 침입 탐지 시스템들도 낄 서비스를 보호하는데 적합하지 않다. 이 연구에서는 먼저 웹 공격들을 공격 발생 원인과 공격 탐지 관점에서 분류하고, 마지막으로 위험성 분석을 통하여 웹 공격들을 분류하였다. 이를 통해 엘 서비스를 보호하기 적합한 웹 서비스 특화된 침입 탐지 시스템을 설계, 개발하는데 도움을 주고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.264-271
• /
• 2021

From an information security perspective, protecting sensitive data requires utilizing algorithms which resist theoretical attacks. However, treating an algorithm in a purely mathematical fashion or in other words abstracting away from its physical (hardware or software) implementation opens the door to various real-world security threats. In the modern age of electronics, cryptanalysis attempts to reveal secret information based on cryptosystem physical properties, rather than exploiting the theoretical weaknesses in the implemented cryptographic algorithm. The correlation power attack (CPA) is a Side-Channel Analysis attack used to reveal sensitive information based on the power leakages of a device. In this paper, we present a power Hacking technique to demonstrate how a power analysis can be exploited to reveal the secret information in AES crypto-core. In the proposed case study, we explain the main techniques that can break the security of the considered crypto-core by using CPA attack. Using two cryptographic devices, FPGA and 8051 microcontrollers, the experimental attack procedure shows that the AES hardware implementation has better resistance against power attack compared to the software one. On the other hand, we remark that the efficiency of CPA attack depends statistically on the implementation and the power model used for the power prediction.