• Title/Summary/Keyword: top attack

Search Result 62, Processing Time 0.024 seconds

A Weapon Effectiveness Evaluation Model for Top-Attack Smart Munitions (상부공격 지능탄 무기효과 평가모델)

  • Kang, Min-Ah
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.15 no.4
    • /
    • pp.458-466
    • /
    • 2012
  • We have developed a weapon effectiveness evaluation model for top-attack smart munitions(WEEM/TASM), which is a many on many Monte Carlo Model evaluating the effectiveness of top-attack smart munitions against armoured ground vehicles. In this model the battle is reduced to a one-sided battle situation in that the target vehicles are regarded as being stationary and passive. It can simulate the whole attack process of smart munitions from firing artillery dispenser to sensing and hitting processes after dispense. It can also calculate the probability of kill of each target and the numbers of rounds required to fulfill the degree of damage in statistical manners. In this paper, we describe the basis for our design concepts reflected in the model to simulate the weapon effectiveness of top-attack smart munitions and provide simulation results for an example case.

Vulnerable Path Attack and its Detection

  • She, Chuyu;Wen, Wushao;Ye, Quanqi;Zheng, Kesong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.4
    • /
    • pp.2149-2170
    • /
    • 2017
  • Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user's session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.

A DDoS Attack Test, Analysis and Mitigation Method in Real Networks (DDoS 공격 실험 결과, 분석 및 피해 완화 방안)

  • Yang, Jin-Seok;Kim, Hyoung-Chun;Chung, Tai-Myoung
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.3
    • /
    • pp.125-132
    • /
    • 2013
  • In this paper, We send DDoS(Distributed Denial of Service) attack traffic to real homepages in real networks. We analyze the results of DDoS attack and propose mitigation method against DDoS Attacks. In order to analyze the results of DDoS Attacks, We group three defense level by administrative subjects: Top level defense, Middle level defense, Bottom level defense. Also We group four attack methods by feature. We describe the results that average of attack success rate on defense level and average of attack success rate on attack categories about 48ea homepages and 2ea exceptional cases. Finally, We propose mitigation method against DDoS attack.

A Phishing Attack using Website Fingerprinting on Android Smartphones (안드로이드 스마트폰에서 웹사이트 핑거프린팅을 통한 피싱 공격)

  • Ahn, Woo Hyun;Oh, Yunseok;Pyo, Sang-Jin;Kim, Tae-Soon;Lim, Seung-Ho;Oh, Jaewon
    • Convergence Security Journal
    • /
    • v.15 no.7
    • /
    • pp.9-19
    • /
    • 2015
  • The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.

A Robust Multiple Set-Top Box Authentication Scheme for IPTV Against Smart Card Cloning Attack (IPTV 환경에서 스마트카드 복제에 강건한 다중 셋톱박스 인증기법)

  • Lim, Ji-Hwan;Oh, Hee-Kuck;Kim, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.17C no.1
    • /
    • pp.37-46
    • /
    • 2010
  • In an IPTV system, the rights of the content and service provider can be protected by using Conditional Access System (CAS) and Digital Right Management (DRM). In case of the CAS, only the authorized user who has structured authentication keys can decrypt the encrypted content. However, since the CAS establishes a secure channel only between content provider and Smart Card (SC), it cannot protect the system against McCormac Hack attack which eavesdrops on unsecure channel between SC and Set-Top Box (STB) and SC cloning attack. In this paper, we propose a robust multi-STB assisted SC / STB authentication protocol which can protect the IPTV system against not only McCormac Hack attack, but also SC cloning attack. The previous works which bind a STB and a SC during the SC registration phase against the SC cloning attack does not support multi-STB environments. The proposed system which dynamically updates the STB information in subscriber management system using the bi-directional channel characteristic of IPTV system can support the user's multi-STB device effectively.

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

  • Nagpal, Bharti;Chauhan, Naresh;Singh, Nanhay
    • Journal of Information Processing Systems
    • /
    • v.13 no.4
    • /
    • pp.689-702
    • /
    • 2017
  • The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

A Trade Study of the Top Attack Smart Tank Ammunition (상부공격 전차 지능탄에 대한 상쇄연구)

  • Hong, Jong Tai;Choi, Sang Kyung;Kim, Ki Pyo
    • Journal of the Korean Society of Systems Engineering
    • /
    • v.2 no.1
    • /
    • pp.42-47
    • /
    • 2006
  • Advanced military nations have developed anti-tank smart munitions to maximize the effectiveness of the tank combat. In this paper we introduced new munition models (KSTAM) for arrack on the top of the tank and analyzed those operation research. To understand the adaptation to the future tank munition we have performed a trade-off study using the proposed models for smart tank munitions which have been developed or are being developed in advanced nations.

  • PDF

Cyber attack group classification based on MITRE ATT&CK model (MITRE ATT&CK 모델을 이용한 사이버 공격 그룹 분류)

  • Choi, Chang-hee;Shin, Chan-ho;Shin, Sung-uk
    • Journal of Internet Computing and Services
    • /
    • v.23 no.6
    • /
    • pp.1-13
    • /
    • 2022
  • As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

A Security Model Analysis Adopt to Authentication State Information in IPTV Environment (IPTV 환경에서 가입자의 인증 상태정보를 이용한 인증보안 모델 설계)

  • Jeong, Yoon-Su;Jung, Yoon-Sung;Kim, Yong-Tae;Park, Gil-Cheol;Lee, Sang-Ho
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.35 no.3B
    • /
    • pp.421-430
    • /
    • 2010
  • Now a days, as a communications network is being broadband, IPTV(Internet Protocol Television) service which provides various two-way TV service is increasing. But as the data which is transmitted between IPTV set-top box and smart card is almost transmitted to set-top box, the illegal user who gets legal authority by approaching to the context of contents illegally using McComac Hack Attack is not prevented perfectly. In this paper, set-top box access security model is proposed which is for the protection from McComac Hack Attack that tries to get permission for access of IPTV service illegally making data line which is connected from smart card to set-top box by using same kind of other set-top box which illegal user uses. The proposed model reports the result of test which tests the user who wants to get permission illegally by registration the information of a condition of smart card which is usable in set-top box in certification server so that it prevents illegal user. Specially, the proposed model strengthen the security about set-top box by adapting public key which is used for establishing neighbor link and inter-certification process though secret value and random number which is created by Pseudo random function.

Derivation of Critical Functions of the Future Attack Helicopter Using QFD (QFD를 이용한 미래 공격헬기의 핵심기능 도출)

  • Lee, Jae-Won;Kwon, Yong-Soo;Ko, Nam-Kyoung
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.16 no.3
    • /
    • pp.348-357
    • /
    • 2013
  • This work describes an approach that contributes to derive from mission to critical functions of the attack helicopter under future battle space environment. An existing mission of the attack helicopter is limited to the only shooter oriented functions. In the future environment, mission and its functions of the helicopter might be much expanded. The functions should be derived by the top down approach based on systems engineering approach. In this point of view, this work describes network based future battle environment. From this environment, the missions of the attack helicopter are identified and optimized functions are derived through sequential procedures like from missions to tasks, tasks to activities, and activities to functions. The selected activities are obtained from the tasks using QFD. The weighting scores of the QFD are calculated by the AHP computational procedure. Finally the critical functions are presented through the similar procedure.