• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.125-132
• /
• 2011

A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.241-245
• /
• 2006

Recent studies show that fingerprint recognition technology is confronted with spoofing of artificial fingers. In order to overcome this problem, the fingerprint recognition system needs to distinguish a fake finger from a live finger. This paper examines existing software-based approaches for fingerprint liveness detection through experiments. Implemented and tested in this paper are the approaches based on deformation, wavelet, and perspiration. These approaches will be analyzed and compared based on experimental results.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.355-358
• /
• 2005

Fingerprint recognition systems are the most widely used in biometrics for personal authentication. As they become more familiar, the security weaknesses of fingerprint sensors are becoming better known. In this paper, we propose a liveness detection method that applies correlation filter to the fingerprint recognition systems. The physiological characteristic of sweat pore, observed only in live people, is used as a measure to classify 'live' fingers from 'spoof' fingers. Previous works show that detection of sweat pores and perspiration patterns in fingerprint images can be used as an anti-spoofing measure. These methods don't consider the characteristic of pores in each individual. We construct the correlation filters of each individual which are composed of their pore information. We make the final decision about the "livens" of fingerprint using correlation output. The proposed algorithm was applied to a data set of 110 live, 110 spoof fingerprint images from optical fingerprint scanner and achieved classification rate of 80%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5023-5038
• /
• 2017

Big data is an emerging technology which deals with wide range of data sets with sizes beyond the ability to work with software tools which is commonly used for processing of data. When we consider a huge network, we have to process a large amount of network information generated, which consists of both normal and abnormal activity logs in large volume of multi-dimensional data. Intrusion Detection System (IDS) is required to monitor the network and to detect the malicious nodes and activities in the network. Massive amount of data makes it difficult to detect threats and attacks. Sequential Pattern mining may be used to identify the patterns of malicious activities which have been an emerging popular trend due to the consideration of quantities, profits and time orders of item. Here we propose a sequential pattern mining algorithm with fuzzy logic feature selection and fuzzy weighted support for huge volumes of network logs to be implemented in Apache Hadoop YARN, which solves the problem of speed and time constraints. Fuzzy logic feature selection selects important features from the feature set. Fuzzy weighted supports provide weights to the inputs and avoid multiple scans. In our simulation we use the attack log from NS-2 MANET environment and compare the proposed algorithm with the state-of-the-art sequential Pattern Mining algorithm, SPADE and Support Vector Machine with Hadoop environment.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.544-555
• /
• 2009

This work continues a trend of developments aimed at exploiting the physical layer of the open systems interconnection (OSI) model to enhance wireless network security. The goal is to augment activity occurring across other OSI layers and provide improved safeguards against unauthorized access. Relative to intrusion detection and anti-spoofing, this paper provides details for a proof-of-concept investigation involving "air monitor" applications where physical equipment constraints are not overly restrictive. In this case, RF fingerprinting is emerging as a viable security measure for providing device-specific identification (manufacturer, model, and/or serial number). RF fingerprint features can be extracted from various regions of collected bursts, the detection of which has been extensively researched. Given reliable burst detection, the near-term challenge is to find robust fingerprint features to improve device distinguishability. This is addressed here using wavelet domain (WD) RF fingerprinting based on dual-tree complex wavelet transform (DT-$\mathbb{C}WT$) features extracted from the non-transient preamble response of OFDM-based 802.11a signals. Intra-manufacturer classification performance is evaluated using four like-model Cisco devices with dissimilar serial numbers. WD fingerprinting effectiveness is demonstrated using Fisher-based multiple discriminant analysis (MDA) with maximum likelihood (ML) classification. The effects of varying channel SNR, burst detection error and dissimilar SNRs for MDA/ML training and classification are considered. Relative to time domain (TD) RF fingerprinting, WD fingerprinting with DT-$\mathbb{C}WT$ features emerged as the superior alternative for all scenarios at SNRs below 20 dB while achieving performance gains of up to 8 dB at 80% classification accuracy.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.5
• /
• pp.47-55
• /
• 2019

As the damage caused by GPS jamming has been increased, researches for detecting and preventing GPS jamming is being actively studied. This paper deals with a GPS jamming detection method using multiple GPS receiving channels and three-types machine learning techniques. Proposed multiple GPS channels consist of commercial GPS receiver with no anti-jamming function, receiver with just anti-noise jamming function and receiver with anti-noise and anti-spoofing jamming function. This system enables user to identify the characteristics of the jamming signals by comparing the coordinates received at each receiver. In this paper, The five types of jamming signals with different signal characteristics were entered to the system and three kinds of machine learning methods(AB: Adaptive Boosting, SVM: Support Vector Machine, DT: Decision Tree) were applied to perform jamming detection test. The results showed that the DT technique has the best performance with a detection rate of 96.9% when the single machine learning technique was applied. And it is confirmed that DT technique is more effective for GPS jamming detection than the binary classifier techniques because it has low ambiguity and simple hardware. It was also confirmed that SVM could be used only if additional solutions to ambiguity problem are applied.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.63-66
• /
• 2019

Recently, as the technology of drones develops, a malicious attack using a drones becomes a problem, and an anti-drone technology for detecting an attack dron for a malicious attack is required. However, currently used drone detection systems are expensive and require a lot of manpower. Therefore, in this paper, we propose an anti - drone method using the analysis and algorithms of the anti - drone that can monitor the attack drones. In this paper, we identify and detect attack drones using sniffing, and propose capture and deception algorithm through spoofing using current GPS based detection system.

• ETRI Journal
• /
• v.36 no.5
• /
• pp.865-875
• /
• 2014

Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. In a vishing attack, a scammer often modifies the telephone number that appears on the victim's phone to mislead the victim into believing that the phone call is coming from a trusted source, since people typically judge a caller's legitimacy by the displayed phone number. We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall call setup time.

• Journal of Industrial Technology
• /
• v.27 no.B
• /
• pp.77-82
• /
• 2007

A novel DDoS (Distributed Denial-of-Service) defense technique, Exaustiveness-Based Detection, is proposed in this work. It dispenses with the network congestion and the unfairness between users of the Defense-by-Offense technique by incorporating a kind of simple Detect-and-Block scheme (user identification), still improving the effectiveness of the defense in comparison to the original Defense-by-Offense technique. It uses SYN cookies to identify users in the granularity of ip address and to prevent ip address spoofing by the attacker. There can be, however, some probability of false negative (denying service to good clients), if the attacker wisely adapt to the new technique by saving some portion of its bandwidth resource and later mimicking good clients. Quantitative analysis the requirement for the good clients to be safe from the false negative is provided and a procedure to design the server capacity is explained.