• Title/Summary/Keyword: network threat detection

Search Result 128, Processing Time 0.023 seconds

Determination Method of Security Threshold using Fuzzy Logic for Statistical Filtering based Sensor Networks (통계적 여과 기법기반의 센서 네트워크를 위한 퍼지로직을 사용한 보안 경계 값 결정 기법)

  • Kim, Sang-Ryul;Cho, Tae-Ho
    • Journal of the Korea Society for Simulation
    • /
    • v.16 no.2
    • /
    • pp.27-35
    • /
    • 2007
  • When sensor networks are deployed in open environments, all the sensor nodes are vulnerable to physical threat. An attacker can physically capture a sensor node and obtain the security information including the keys used for data authentication. An attacker can easily inject false reports into the sensor network through the compromised node. False report can lead to not only false alarms but also the depletion of limited energy resource in battery powered sensor networks. To overcome this threat, Fan Ye et al. proposed that statistical on-route filtering scheme(SEF) can do verify the false report during the forwarding process. In this scheme, the choice of a security threshold value is important since it trades off detection power and energy, where security threshold value is the number of message authentication code for verification of false report. In this paper, we propose a fuzzy rule-based system for security threshold determination that can conserve energy, while it provides sufficient detection power in the SEF based sensor networks. The fuzzy logic determines a security threshold by considering the probability of a node having non-compromised keys, the number of compromised partitions, and the remaining energy of nodes. The fuzzy based threshold value can conserve energy, while it provides sufficient detection power.

  • PDF

Comparison and Analysis of Anomaly Detection Methods for Detecting Data Exfiltration (데이터 유출 탐지를 위한 이상 행위 탐지 방법의 비교 및 분석)

  • Lim, Wongi;Kwon, Koohyung;Kim, Jung-Jae;Lee, Jong-Eon;Cha, Si-Ho
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.17 no.9
    • /
    • pp.440-446
    • /
    • 2016
  • Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.

The Comparative Study on Performance Analysis of Windows 7 and Ubuntu Applying Open Source IDS/IPS Suricata (오픈소스 IDS/IPS Suricata를 적용한 Windows7과 Ubuntu 성능 비교 분석)

  • Seok, Jinug;Kim, Jimyung;Choi, Moonseok
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.4
    • /
    • pp.141-151
    • /
    • 2017
  • Nowadays, It is undeniable that the threat of network security is growing as time flows due to worldwide development of wire/wireless, various Internet platform and sophisticated hacking techniques. The amount of traffics that Network security solution has to handle is increasing and recently many occurrence of explosive traffic attacks from PulseWave are being observed which has many similar characteristics to New DDos. Medium and small sized firms abroad have developed and distributed Snort and Suricata that are based on open-source Intrusion Detection System(IDS) / Intrusion Prevention System (IPS). The goal of this study is to compare between Windows7 by applying suicata 4.0.0 32bit version and Ubuntu 16.04.3 LTS by applying suicata 4.0.0 version which is an open source Intrusion Detection System / Intrusion Protection System that uses multi threads method. This experiment's environment was set as followed C1100 server model of Dell, Intel Xeon CPU L5520 2.27GHz*2 with 8 cores and 16 threads, 72GB of RAM, Samsung SSD 250GB*4 of HDD which was set on RAID0. According to the result, Suricata in Ubuntu is superior to Suricata in Windows7 in performance and this result indicates that Ubuntu's performance is far advanced than Windows7. This meaningful result is derived because Ubuntu that applied Suricata used multi core CPU and RAM more effectively.

Analysis & defence of detection technology in network Attacker (네트워크 침입자탐지기법 분석과 대응)

  • Yun, Dong Sic
    • Convergence Security Journal
    • /
    • v.13 no.2
    • /
    • pp.155-163
    • /
    • 2013
  • Connection hijacking attack using the vulnerability of the TCP protocol to redirect TCP stream goes through your machine actively (Active Attack). The SKEY such as one-time password protection mechanisms that are provided by a ticket-based authentication system such as Kerberos or redirection, the attacker can bypass.Someone TCP connection if you have access on TCP packet sniffer or packet generator is very vulnerable. Sniffer to defend against attacks such as one-time passwords and token-based authentication and user identification scheme has been used. Active protection, but these methods does not sign or encrypt the data stream from sniffing passwords over insecure networks, they are still vulnerable from attacks. For many people, an active attack is very difficult and so I think the threat is low, but here to help break the illusion successful intrusion on the UNIX host, a very aggressive attack is presented. The tools available on the Internet that attempt to exploit this vulnerability, known as the recent theoretical measures is required. In this paper, we propose analysis techniques on a wireless network intruder detection.

A SIP INVITE Flooding Detection algorithm Considering Upperbound of Possible Number of SIP Messages (발생 메시지의 상한값을 고려한 SIP INVITE 플러딩 공격 탐지 기법연구)

  • Ryu, Jea-Tek;Ryu, Ki-Yeol;Roh, Byeong-Hee
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.8B
    • /
    • pp.797-804
    • /
    • 2009
  • Recently, SIP(Session Initiation Protocol) is used to set up and manage sessions for multimedia applications such as VoIP(Voice over IP) and IMS(IP Multimedia Subsystem). However, because SIP operates over the Internet, it is exposed to pre-existed internet security threats such as service degradation or service disruptions. Multimedia applications which are delay sensitive even suffers more from the threats mentioned above. The proposed methods so far to detect SIP INVITE flooding are CUSUM(Cumulative Sum), Hellinger distance and adaptive threshold, but among methods only take normal state into consideration. So, it is not capable of adapting the condition of the network congestion which are dynamically changing. In this paper, SIP INVITE flooding detection algorithm considering network congestion which enables efficient detections of such attacks is proposed. The proposed algorithm is expected to detect other types of attacks such as BYE and CANCEL more precisely compared to other methods.

A DDoS Attack Detection of private mobile network using Time Series Analysis (시계열 분석을 적용한 사설 모바일 네트워크의 DDoS 공격 탐지)

  • Kim, Dae Hwan;Lee, Soo Jin;Pyo, Sang Ho
    • Convergence Security Journal
    • /
    • v.16 no.4
    • /
    • pp.17-24
    • /
    • 2016
  • Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

A Fuzzy Logic-Based False Report Detection Method in Wireless Sensor Networks (무선 센서 네트워크에서 퍼지 로직 기반의 허위 보고서 탐지 기법)

  • Kim, Mun-Su;Lee, Hae-Young;Cho, Tae-Ho
    • Journal of the Korea Society for Simulation
    • /
    • v.17 no.3
    • /
    • pp.27-34
    • /
    • 2008
  • Wireless sensor networks are comprised of sensor nodes with resource-constrained hardware. Nodes in the sensor network without adequate protection may be compromised by adversaries. Such compromised nodes are vulnerable to the attacks like false reports injection attacks and false data injection attacks on legitimate reports. In false report injection attacks, an adversary injects false report into the network with the goal of deceiving the sink or the depletion of the finite amount of energy in a battery powered network. In false data injection attacks on legitimate reports, the attacker may inject a false data for every legitimate report. To address such attacks, the probabilistic voting-based filtering scheme (PVFS) has been proposed by Li and Wu. However, each cluster head in PVFS needs additional transmission device. Therefore, this paper proposes a fuzzy logic-based false report detection method (FRD) to mitigate the threat of these attacks. FRD employs the statistical en-route filtering scheme as a basis and improves upon it. We demonstrate that FRD is efficient with respect to the security it provides, and allows a tradeoff between security and energy consumption, as shown in the simulation.

  • PDF

Real-time security Monitroing assessment model for cybersecurity vulnera bilities in network separation situations (망분리 네트워크 상황에서 사이버보안 취약점 실시간 보안관제 평가모델)

  • Lee, DongHwi;Kim, Hong-Ki
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.45-53
    • /
    • 2021
  • When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

A Survey on Defense Mechanism against Distributed Denial of Service (DDoS) Attacks in Control System

  • Kwon, YooJin
    • KEPCO Journal on Electric Power and Energy
    • /
    • v.1 no.1
    • /
    • pp.55-59
    • /
    • 2015
  • Denial of Service (DoS) attack is to interfere the normal user from using the information technology services. With a rapid technology improvements in computer and internet environment, small sized DoS attacks targeted to server or network infrastructure have been disabled. Thus, Distributed Denial of Service (DDoS) attacks that utilizes from tens to several thousands of distributed computers as zombie PC appear to have as one of the most challenging threat. In this paper, we categorize the DDoS attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS attacks. Then we propose a comprehensive defense mechanism against DDoS attacks in Control System to detect attacks efficiently.

Simulation of Fault-Arc using EMTP (EMTP를 이용한 아크 사고의 모의)

  • Byun, S.H.;Choi, H.S.;Chae, J.B.;Kim, C.H.;Han, K.N.;Kim, I.D.;Kim, Y.H.
    • Proceedings of the KIEE Conference
    • /
    • 1996.07b
    • /
    • pp.850-852
    • /
    • 1996
  • High impedance fault (HIF) is defined as fault that general overcurrent relay can't detect or interrupt, Especially when HIF occur under 15 kV, energized high voltage conductor results in fire hazard, equipment damage or personal threat. Because most HIF occur arc, HIF detection using arc is to increase. Numerical arc model can be applied in an electromagnetic transients program (EMTP) to reproduce the dynamic and random characteristic of arcs for any insulator arrangement, current and system voltage. It allows the representation of any network configuration to be investigated, so the digital simulation of arc faults through air can be substitute for demanding power arc test.

  • PDF