• Journal of KIISE:Information Networking
• /
• v.31 no.5
• /
• pp.438-449
• /
• 2004

With the growing deployment of network and internet, the importance of security is also increased. But, recent intrusion detection systems which have an important position in security countermeasure can't provide proper analysis and effective defence mechanism. Instead, they have overwhelmed human operator by large volume of intrusion detection alerts. In this paper, we propose an efficient alert analysis system that can produce high level information by analyzing and processing the large volume of alerts and can detect large-scale attacks such as DDoS in early stage. And we have measured processing rate of each elementary module and carried out a scenario-based test in order to analyzing efficiency of our proposed system.

• International Journal of Naval Architecture and Ocean Engineering
• /
• v.8 no.6
• /
• pp.563-576
• /
• 2016

The flight deck of an aircraft carrier is relatively vulnerable compared to its hull, as the damage of some subsystems on the flight deck may cause the carrier losing its operational capability. Therefore, this work aims to represent a simulative method for evaluating the resistance of the flight deck's operational capability in the condition that the aircraft carrier is together with its strike group and the enemy uses the anti-ship missiles with the cluster warheads to attack. In the simulations, the susceptibility of the carrier and the vulnerability of the aircraft guarantee resources are gained. Then, with the help of the closed queuing network, the residual sortie generation rate can be solved, which reflects the flight deck's residual operational capability. The results have proven that the flight deck is of strong resistance to these attacks while it is very sensitive to the loss of some key aircraft guarantee resources.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.1-7
• /
• 2020

With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

• The Journal of Korean Association of Computer Education
• /
• v.9 no.5
• /
• pp.77-84
• /
• 2006

In this paper, we propose an adaptive image watermarking algorithm in DWT domain by using HVS(human Visual system) and SOM(Self-Organizing Map) among neural networks. HVS can be described in terms of two properties of HVS: brightness and texture sensitivity. The SOM is used to obtain the local characteristics of image, Therefore, the suitable strength and length of embedded watermark is determined by using HVS and SOM. The experimental results show that proposed method provides a suitable strength and length of watermark and has good perceptual invisibility and robustness for various attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.3
• /
• pp.1785-1801
• /
• 2017

In recent years, image encryption algorithms have been developed rapidly in order to ensure the security of image transmission. With the assistance of our previous work, this paper proposes a novel chaotic image encryption algorithm based on self-adaptive model and feedback mechanism to enhance the security and improve the efficiency. Different from other existing methods where the permutation is performed by the self-adaptive model, the initial values of iteration are generated in a novel way to make the distribution of initial values more uniform. Unlike the other schemes which is on the strength of the feedback mechanism in the stage of diffusion, the piecewise linear chaotic map is first introduced to produce the intermediate values for the sake of resisting the differential attack. The security and efficiency analysis has been performed. We measure our scheme through comprehensive simulations, considering key sensitivity, key space, encryption speed, and resistance to common attacks, especially differential attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.303-311
• /
• 2015

DNS amplification is a new type of DDoS Attack and nowadays the attack occurs frequently. The previous studies showed the several detection ways such as the traffic analysis based on DNS queries and packet size. However, those methods have some limitations such as the uncertainty of packet size which depends on IP address type and vulnerabilities against distributed amplification attack. Therefore, we proposed a novel traffic analyzing algorithm using Success Rate and implemented the query analyzing system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.10
• /
• pp.2192-2198
• /
• 2012

VANET is a network environment which provides the communication between vehicles and between vehicle and RSU using wireless communication. VANET is very important to protect safety and life of people. Because of that, security is considered enough and certification is very important when messages exchanged between vehicles. Recently, Zhang proposed using Diffie-Hellman key exchange protocol that is method exchanging messages in VANET system through RAISE. But this is many problems on weakness from various attacks. In this paper, proposed the method that establish symmetric key using ECDH key exchange protocol and confirm safety and time spending that generate key and exchange through comparison.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.151-157
• /
• 2010

Rapid technological advances in the area of micro electro-mechanical systems (MEMS) have spurred the development of small inexpensive sensors capable of intelligent sensing. A significant amount of research has been done in the area of connecting large numbers of these sensors to create robust and scalable Wireless Sensor Networks (WSNs). The resource scarcity, ad-hoc deployment, and immense scale of WSNs make secure communication a particularly challenging problem. Since the primary consideration for sensor networks is energy efficiency, security schemes must balance their security features against the communication and computational overhead required to implement them. In this paper, we combine location information and probability to create a new security aware multipath geographic routing protocol. The implemented result in network simulator (ns-2) showed that our protocol has a better performance under attacks.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.55-61
• /
• 2019

This paper studied security measures to protect the SCADA network from the increasingly sophisticated threats. Currently, SCADA system security uses methods that are almost like regular IT security systems. While there may be some common security techniques, security techniques are needed only for SCADA systems that are different from typical IT systems. Therefore, this paper will explore the security techniques currently used in SCADA systems, and the problems that arise when the current security techniques are used will be identified through the damage cases resulting from attacks in SCADA systems. Finally, as a new solution to ensure the availability and integrity required for current SCADA systems, we proposed linking Blockchain and SCADA systems.