Cheolwon Lee

A machine learning framework for network anomaly detection using SVM and GA

In todays world of computer security, Internet attacks such as Dos/DDos, worms, and spyware continue to evolve as detection techniques improve. It is not easy, however, to distinguish such new attacks using only knowledge of pre-existing attacks. In this paper the authors focused on machine learning techniques for detecting attacks from Internet anomalies. The machine learning framework consists of two major components: genetic algorithm (GA) for feature selection and support vector machine (SVM) for packet classification. By experiment it is also demonstrated that the proposed framework outperforms currently employed real-world NIDS.

Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis

Recently, most of malicious web pages include obfuscated codes in order to circumvent the detection of signature-based detection systems. It is difficult to decide whether the sting is obfuscated because the shape of obfuscated strings are changed continuously. In this paper, we propose a novel methodology that can detect obfuscated strings in the malicious web pages. We extracted three metrics as rules for detecting obfuscated strings by analyzing patterns of normal and malicious JavaScript codes. They are N-gram , Entropy , and Word Size . N-gram checks how many each byte code is used in strings. Entropy checks distributed of used byte codes. Word size checks whether there is used very long string. Based on the metrics, we implemented a practical tool for our methodology and evaluated it using read malicious web pages. The experiment results showed that our methodology can detect obfuscated strings in web pages effectively.

An Efficient Message Authentication for Non-repudiation of the Smart Metering Service

This paper proposes an efficient message authentication scheme providing non-repudiation of the smart metering service in Smart Grid. One of the main challenges in securing Advanced Meter Infrastructure is to accomplish message authentication and non-repudiation services in the metering service. Low power consumption of cryptographic operations in smart meter devices is another critical issue. The proposed scheme utilizes authentication values generated using linked two keys to reduce the number of signature operations. Our scheme provides the assurance of the integrity and origin of metering data. These features prevent either consumers or utilities from denying their authenticated metering data. Furthermore, the proposed scheme achieves low power consumption in the viewpoint of significant cryptographic operations.

Intrusion-tolerant system design for web server survivability

Internet becomes more and more popular, and most companies and institutes use web services for e-business to promote their business. As results, Internet and web services become core infrastructure for a business and become more and more important, but attacks against web services increase as the popularity of web services grows. Therefore, there are increasing needs of undisrupted web services despite of attacks. In this paper, contrast to previous approaches that detect and filter known attacks using known vulnerabilities and patterns, we proposed an intrusion tolerant system that can tolerate known vulnerabilities as well as unknown vulnerabilities by providing adaptation, redundancy and diversity. After detecting attacks, the system provides continuous web services using server adaptation and request filtering.

The Green Defenders

The Smart Grid System will Deliver Electricity from producers to consumers using digital communications technology in order to conserve energy and increase reliability. Since the power grid system is one of the critical infrastructures in each country, however, the damage from various types of cyberattacks would result in tremendous disasters. Several cases of cyberattacks against power grids have been reported in various media and research conferences, and it is probable that the main target in the next cyberwar would be the smart grid system. In this article, we will look at the various cyberthreats and at efforts to enhance the cybersecurity of the smart grid system.

Changes of cyber-terrorism: autonomous terrors and counter-measures

Recently many autogenous terrors are occurred in many countries, and this kind of terrors are spread mostly through the Internet. Therefore, there should be regulations and tools to monitor suspicious Internet activities. Recently, due to the increased number of cyber terrors, many countries try to enact regulations against web server misuses. But, the establishment of such laws is slowed by the concerns of privacy of web users. This paper proposed legislative measures against cyber terrors as well as the proposed scheme to collect terror-related information from web servers. The result of this research can reduce overall costs of anti-terror activities in the Internet.

Vulnerability analysis and evaluation within an intranet

Recently computer incidents have increased rapidly and their ripple effects have also grown. Since computer systems become critical infrastructures in various areas, it is more and more important to protect the network and computer system assets from malicious incidents. Attackers try to search the vulnerabilities of the network and system, and penetrate to the network and system to do some malicious actions.

Study on the way of Institutionalized Budget for Information Security

US is strengthening the information security by managing federal agency`s information and information system systematically. For this purpose. US government put the Federal Information Security Management Act into the E Government Act of 2002. According to the FISMA, it is required to have information securitv management plan for all federal agencies. In addition that, OMB Circular A II requires all federal agencies to identity the ratio of information security investment. That is the basis of strengthening the information security of federal agency, This paper will compare the budget status and information security mechanism of Korea and US.

A Secure Patch Distribution Architecture

Patch distribution is one of important processes to fix vulnerabilities of softwares and to ensure security of systems. Since an institute or a company has various operating systems or applications, it is not easy to update patches promptly. In this paper, we will propose a secure and consolidated patch distribution architecture with an authentication mechanism, a security assurance mechanism, a patch integrity assurance mechanism, and an automatic patch installation mechanism. We argue that the proposed architecture can allow prompt updates of patches and improve security of patch distribution processes within a domain.

Internet Attack Representation using a Hierarchical State Transition Graph

Internet attacking tools become automated and advance quickly, so an attacker can easily deploy attacks from distributed hosts to acquire resources as well as to disrupt services of a target host. One of the best feasible ways to study internet attacks and their consequences is to simulate attacks. In this paper, we introduced a new approach to express attack scenarios for simulation. Our approach allows relations between states to be expressed in graphs, so that users can identify relations between states and find new scenarios.