• Journal of the military operations research society of Korea
• /
• v.33 no.2
• /
• pp.115-127
• /
• 2007

The army developed the ATCIS(Army Tactical Command Information System) for the battlefield information system with share the command control information through the realtime. The using the public key and the encryption equipment in the ATCIS is enough to the confidentiality, integrity. but, it is vulnerable about the availability with the zero day attack. In this paper, we implement the worm propagation simulation on the ATCIS infrastructure through the modelling on the ATCIS operation environment. We propose the countermeasures based on the results from the simulation.

• ETRI Journal
• /
• v.28 no.5
• /
• pp.692-695
• /
• 2006

Recently, there has been a constant barrage of worms over the Internet. Besides threatening network security, these worms create an enormous economic burden in terms of loss of productivity not only for the victim hosts, but also for other hosts, as these worms create unnecessary network traffic. Further, measures taken to filter these worms at the router level incur additional network delays because of the extra burden placed on the routers. To develop appropriate tools for thwarting the quick spread of worms, researchers are trying to understand the behavior of worm propagation with the aid of epidemiological models. In this study, we present an optimization model that takes into account infection and treatment costs. Using this model we can determine the level of treatment to be applied for a given rate of infection spread.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.2
• /
• pp.191-204
• /
• 2010

There is a well-defined propagation model, named the random constant spread (RCS) model, which explains worms that spread their clones with a random scanning strategy. This model uses the number of infected hosts in a domain as a factor in the worms' propagation. However, there are difficulties in explaining the characteristics of new Internet worms because they have several considerable new features: the denial of service by network saturation, the utilization of a faster scanning strategy, a smaller size in the worm's propagation packet, and to cause maximum damage before human-mediated responses are possible. Therefore, more effective factors are required instead of the number of infected hosts. In this paper, the network bandwidth usage rate is found to be an effective factor that explains the propagations of the new Internet worms with the random scanning strategy. The analysis and simulation results are presented using this factor. The simulation results show that the scan rate is more sensitive than the propagation packet for detecting worms' propagations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.57-66
• /
• 2007

Scanning worms increase network traffic load because they randomly scan network addresses to find hosts that are susceptible to infection. Since propagation speed is faster than human reaction, scanning worms cause severe network congestion. So we need to build an early detection system which can automatically detect and quarantine such attacks. We propose algorithms to detect scanning worms using network traffic characteristics such as variance, variance to mean ratio(VMR) and correlation coefficient. The proposed algorithm have been verified by computer simulation. Compared to existing algorithm, the proposed algorithm not only reduced computational complexity but also improved detection accuracy.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.138-141
• /
• 2007

네트워크 상에서 활동하는 윔을 모델링하는 연구는 특정 윔에 한정되어 있다. 따라서 기존에 발표된 웜의 확산 모델링 연구는 그 범위를 다른 수많은 윔으로 확장하기에 어려움이 따르며, 이를 위한 표준화 연구도 부족한 실정이다 따라서 본 연구에서는 Non-fuction requrirement(NFR)의 개념을 이용하여 웜의 속성을 정의하고 이 정의를 바탕으로 자체 전파되는 웜의 표현 기법을 제안한다. 현재로서는 사용자의 추가적인 작동을 요구하지 않는 자체 전파 웜에 대하여 한정하고 있으나, 이를 확장하면 다양한 형태의 웜을 표현할 수 있는 도구가 될 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.389-396
• /
• 2020

WannaCryptor is a type of ransomware which encrypts users' personal data or files and demands ransom payment in order to regain access. But it peculiarly spreads by itself like a Internet worm using Windows vulnerabilities of shared folder. In this paper, we analyzed and estimated the spread of WannaCryptor focusing on the wormable spread features different from the existed ransomware. Thus we observed its behaviors in virtual environments, and experimented the various spreads of WannaCryptor based on our prediction modeling.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.214-216
• /
• 2005

현재 인터넷 웜에 관한 관심과 연구가 활발해 지면서 인터넷 웜 전파 특성 시뮬레이션 방법에 관한 연구가 많이 진행 되고 있다. 하지만, 연구 되어온 기법들은 대부분 웜의 스캔기법과 같은 웜 자체에 전파 되는 알고리즘에 대해서만 고려한 시뮬레이션 환경을 제시 하였다. 웜의 특성 상 좀더 실제 네트워크 환경과 비슷한 환경을 제공 하려면, 웜의 전파 알고리즘 외에, 각 호스트들에 취약점 패치 유무, 타깃 호스트들의 Computing Power, 각 네트워크의 밴드위스 & 지연시간, 네트워크 별 보안 장비(방화벽, IPS)의 유무 등 여러 가지 웜 전파에 영향을 미치는 요소들이 존재한다. 따라서 본 연구에서는 먼저 웜의 전파에 영향을 미치는 요소를 특성에 따라 크게 4가지로 분류 해보고, 이를 효율적으로 시뮬레이션 환경에 적용 할 수 있는 방안을 제안한다.

• Journal of the Korean Society for Industrial and Applied Mathematics
• /
• v.11 no.4
• /
• pp.19-38
• /
• 2007

Graph theory is becoming increasingly significant as it is applied of mathematics, science and technology. It is being actively used in fields as varied as biochemistry(genomics), electrical engineering(communication networks and coding theory), computer science(algorithms and computation) and operations research(scheduling). The powerful results in other areas of pure mathematics. Rhis paper, besides giving a general outlook of these facts, includes new graph theoretical proofs of Fermat's Little Theorem and the Nielson-Schreier Theorem. New applications to DNA sequencing (the SNP assembly problem) and computer network security (worm propagation) using minimum vertex covers in graphs are discussed. We also show how to apply edge coloring and matching in graphs for scheduling (the timetabling problem) and vertex coloring in graphs for map coloring and the assignment of frequencies in GSM mobile phone networks. Finally, we revisit the classical problem of finding re-entrant knight's tours on a chessboard using Hamiltonian circuits in graphs.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.16-18
• /
• 2005

2003년 1.25 대란을 통해 우리나라와 같이 초고속 인터넷망의 인프라를 갖춘 국가는 웜에 의한 DDoS공격 등에 취약하다는 것이 입증되었다. 이러한 취약성을 극복하기 위해서는 웜의 공격에 대해 웜 코드 자체에 대한 세부적인 분석과 전파 특성을 관찰하는 것이 중요하다. 하지만 웜의 전파 특성이나 취약점을 확인할 수 있는 방법으로는 소스코드 디어셈블러, 웜이 전파된 후 감염된 호스트들을 분석하는 방법이외에는 타당한 기법들이 제시되지 않고 있다. 웜 코드를 실제 네트워크 환경에서 테스트하기 위한 환경을 구축하기 위해서는 많은 시간과 비용이 소요되며 , 제도나 법률에 반하는 비현실적인 방법이라 할 수 있다. 이에 본 논문에서는 심각한 피해를 유발할 수 있는 치명적인 웜들의 시뮬레이션을 통해 웜의 전파 과정에서 발생하는 트래픽을 분석, 확인할 수 있는 시뮬레이터를 제시하고자 한다.

• Journal of Communications and Networks
• /
• v.12 no.4
• /
• pp.382-394
• /
• 2010

Cross-domain event information sharing is a topic of great interest in the area of event based network management. In this work we use data sets which represent actual attacks in the operational Internet. We analyze the data sets to understand the dynamics of the attacks and then go onto show the effectiveness of sharing incident related information to contain these attacks. We describe universal data acquisition system for event based management (UniDAS), a novel system for secure and automated cross-domain event information sharing. The system uses a generic, structured data format based on a standardized incident object description and exchange format (IODEF). IODEF is an XML-based extensible data format for security incident information exchange. We propose a simple and effective security model for IODEF and apply it to the secure and automated generic event information sharing system UniDAS. We present the system we have developed and evaluate its effectiveness.