Hwankuk Kim

Design and implementation of SIP-aware DDoS attack detection system

SIP is a signaling protocol used for establishing, modifying, terminating sessions in multimedia services such as VoIP, instant messaging, and video conferencing. Existing IP network security solutions can not detect new SIP specified network threats because they can not reflect characteristics of SIP. In this paper, we propose SIP-aware DDoS Attack Detection System that can monitor SIP signaling flow and detect SIP-aware DDoS attack. The proposed system collects attributes of SIP traffic, and executes anlaysing and detecting based on statistic and behavior.

A Study on Structure for Monitoring and Detecting VoIP Abnormal Traffic

With the development of VoIP (Voice over IP) service, new security threats are expected to be appeared. However, existing IP network security solutions can not detect new VoIP specified network threats because they can not reflect characteristics of VoIP. In this paper, we propose a novel system that can monitor VoIP service and detect VoIP network threats practically. The proposed system collects attributes of VoIP traffic based on NetFlow, and executes monitoring and detecting based on statistic and behavior.

A system for detection of abnormal behavior in BYOD based on web usage patterns

Many companies have recently introduced the concept of BYOD (Bring Your Own Device) for private mobile devices used at work. Accordingly, they are also introducing NAC and MDM systems to prevent the leak of business information, control access and manage users efficiently. As the access control policy of NAC and MDM is uniformly applied to the users, however, security threats remain due to the frequent loss or theft of devices and low security level. This is why BYOD has not yet been actively introduced. A flexible policy is thus needed by collecting personalized status information and detecting/controlling abnormal users. In this paper, the potential weak points of the BYOD environment are classified, and a behavior-oriented detection method for abnormal activities is proposed by patterning the information use status of various users.

Attacks on Web browsers with HTML5

The new Web standard HTML5 makes a webpage provide dynamic functions to users without additional plug-ins such as ActiveX, Flash and Silverlight. Most attacks on web browsers uses such plug-ins. HTML5 provides the abilities that can be substituted to plug-ins, so hackers focus their attacks with HTML5. This paper surveys 16 attacks with HTML5 presented and shows their effects. Additionally, three new attacks with HTML5 are also discussed.

A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes

National Vulnerability Database (NVD) provides publicly known security vulnerabilities called Common Vulnerabilities and Exposures (CVE). There are a number of CVE entries, although, some of them cannot provide sufficient information, such as vulnerability type. In this paper, we propose a classification method of categorizing CVE entries into vulnerability type using naive Bayes classifier. The classification ability of the method is evaluated by a set of testing data. We can analyze CVE entries that are not yet classified as well as uncategorized vulnerability documents.

Management platform of threats information in IoT environment

Recently, the use of IoT devices in living environments has increased due to the development of various wireless communication technologies. As the number of types of IoT devices has grown exponentially, many kinds of insecure operating systems and open source software programs are being used. As they run with security vulnerabilities, IoT devices using such OS and software can be targeted by malicious attackers. In addition, due to the operating characteristics of IoT devices, it is difficult to apply security patches immediately when vulnerabilities are found. Accordingly, there is an increasing need for managing and sharing cyber security threat information in order to prevent security threats and accidents. This paper suggests a platform structure and application method for collecting, analyzing and sharing vulnerability information about IoT devices.

Behavior-Based Detection for Malicious Script-Based Attack

Several DoS attacks have occurred through web browsers, not from malicious executable files. Most tools used in web attacks are downloaded malware. As the dynamic functions of HTML5 can be performed on a web browser, however, the latter can be abused as an attack tool. The features of web browser-based attacks are different from those of previous attacks, so a different detection method is needed for malicious behavior on web browsers. This paper introduces script-based attacks made through web browsers, and proposes a detection method based on a web browser’s behavior.

The Behavior-Based Analysis Techniques for HTML5 Malicious Features

HTML5 announced in October 2014 contains many more functions than previous HTML versions. It includes the media controls of audio, video, canvas, etc., and it is designed to access the browser file system through the Java Script API such as the web storage and file reader API. In addition, it provides the powerful functions to replace existing active X. As the HTML5 standard is adopted, the conversion of web services to HTML5 is being carried out all over the world. The browser developers particularly have high expectation for HTML5 as it provides many mobile functions. However, as there is much expectation of HTML5, the damage of malicious attacks using HTML5 is also expected to be large. The script, which is the key to HTML5 functions, is a different type from existing malware attacks as a malicious attack can be generated merely by only a user accessing a browser. The existing known attacks can also be reused by bypassing the detection systems through the new HTML5 elements. This paper intends to define the unique HTML5 behavior data through the browser execution data and to propose the detection of malware by categorizing the malicious HTML5 features.

The Protection Technology of Script-Based Cyber Attack

Recent web-based cyber attacks are evolving into a new form of attacks such as private information theft and DDoS attack exploiting JavaScript within a web page. These attacks can be made just by accessing a web site without distribution of malicious codes and infection. Script-based cyber attacks are hard to detect with traditional security equipments such as Firewall and IPS because they inject malicious scripts in a response message for a normal web request. Furthermore, they are hard to trace because attacks such as DDoS can be made just by visiting a web page. Due to these reasons, it is expected that they could result in direct damages and great ripple effects. To cope with these issues, in this article, a proposal is made for techniques that are used to detect malicious scripts through real-time web content analysis and to automatically generate detection signatures for malicious JavaScript.

A study on the improvement of MIKEY PKE mode using TLS Handshake Protocol

VoIP is becoming more popular service around the world because of its low cost. Nowadays, security has become a major issue in VoIP service because many incidents are happen due to VoIP security threats. VoIP security threats are both inherent in data networks and unique to VoIP. Especially, eavesdropping could violate users privacy therefore we have to adopt VoIP security protocol to counter eavesdropping‥ This paper analyzes MIKEY as the key management protocol for SRTP and proposes a novel scheme that improves the MIKEY PKE mode using TLS Handshake Protocol.