Jungtaek Seo

A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine

Nowadays, threats of information security have become a big issue in internet environments. Various security solutions are used as such problems’ countermeasure; IDS, Firewall and VPN. However, a TCP/IP protocol based Internet basically has great vulnerability of protocol itself. It is especially possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledgement number, timestamp and so on [3]. In this paper, we focus on the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, our approach uses a Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using a Support Vector Machine.

SVM approach with a genetic algorithm for network intrusion detection

Due to the increase in unauthorized access and stealing of internet resources, internet security has become a very significant issue. Network anomalies in particular can cause many potential problems, but it is difficult to discern these from normal traffic. In this paper, we focus on a Support Vector Machine (SVM) and a genetic algorithm to detect network anomalous attacks. We first use a genetic algorithm (GA) for choosing proper fields of traffic packets for analysis. Only the selected fields are used, and a time delay processing is applied to SVM for considering temporal relationships among packets. In order to verify our approach, we tested our proposal with the datasets of MIT Lincoln Lab, and then analyzed its performance. Our SVM approach with selected fields showed excellent performance.

An Approach for Spam E-mail Detection with Support Vector Machine and n-Gram Indexing

Many solutions have been deployed to prevent harmful effects from spam mail. Typical methods are either pattern matching using the keyword or method using the probability such as naive Bayesian method. In this paper, we proposed a classification method of spam mail from normal mail using support vector machine, which has excellent performance in binary pattern classification problems. Especially, the proposed method efficiently practices a learning procedure with a word dictionary by the n-gram. In the conclusion, we showed our proposed method being superior to others in the aspect of comparing performance.

A new DDoS detection model using multiple SVMs and TRA

Recently, many attack detection methods adopts machine learning algorithm to improve attack detection accuracy and automatically react to the attacks. However, the previous mechanisms based on machine learning have some disadvantages such as high false positive rate and computing overhead. In this paper, we propose a new DDoS detection model based on multiple SVMs (Support Vector Machine) in order to reduce the false positive rate. We employ TRA (Traffic Rate Analysis) to analyze the characteristics of network traffic for DDoS attacks. Experimental results show that the proposed model is a highly useful classifier for detecting DDoS attacks.

Rate alteration attacks in smart grid

Smart Grid addresses the problem of existing power grids increasing complexity, growing demand and requirement for greater reliability, through two-way communication and automated residential load control among others. These features also makes the Smart Grid a target for a number of cyber attacks. In the paper, we study the problem of rate alteration attack (RAA) through fabrication of price messages which induces changes in load profiles of individual users and eventually causes major alteration in the load profile of the entire network. Combining with cascading failure, it ends up with a highly damaging attack. We prove that the problem is NP-Complete and provide its inapproximability. We devise two approaches for the problem, former deals with maximizing failure of lines with the given resource and then extending the effect with cascading failure while the later takes cascading potential into account while choosing the lines to fail. To get more insight into the impact of RAA, we also extend our algorithms to maximize number of node failures. Empirical results on both IEEE Bus data and real network help us evaluate our approaches under various settings of grid parameters.

Defending DDoS attacks using network traffic analysis and probabilistic packet drop

This research presents Traffic Rate Analysis (TRA) to efficiently analyze network traffic and a defense mechanism for DDoS attacks. TRA is defined as the ratio of a specific type of packets among the total amount of network packets, and divided into TCP flag rate and Protocol rate. By using the TRA for the network traffic, the normal and abnormal network traffic can be obviously distinguished from each other. Furthermore, to defense DDoS attacks, we probabilistically drop the network packets if their occurrence rates exceed the normal traffic rates. We expect that our proposed mechanism for analyzing network traffic and defending DDoS attacks will be very useful to early detect DDoS attacks and to protect TCP-based servers (e.g. Web servers) against DDoS attacks.

A Novel Approach to Analyzing for Detecting Malicious Network Activity Using a Cloud Computing Testbed

Recent developments have caused the expansion of various cloud computing environments and services. Cloud computing environments have led to research in the areas of data processing, virtual environments, and access control. Information security is the most important research area for these environments security. In this study, we analyzed typical example of network testbeds, which have been used for malicious activity data collection and its subsequent analysis. Further, we propose an effective malicious network application testbed, which is based on a cloud system. We also verified the performance of our new testbed by comparing real malicious activity with the cloud-based testbed results.

An Efficient Message Authentication for Non-repudiation of the Smart Metering Service

This paper proposes an efficient message authentication scheme providing non-repudiation of the smart metering service in Smart Grid. One of the main challenges in securing Advanced Meter Infrastructure is to accomplish message authentication and non-repudiation services in the metering service. Low power consumption of cryptographic operations in smart meter devices is another critical issue. The proposed scheme utilizes authentication values generated using linked two keys to reduce the number of signature operations. Our scheme provides the assurance of the integrity and origin of metering data. These features prevent either consumers or utilities from denying their authenticated metering data. Furthermore, the proposed scheme achieves low power consumption in the viewpoint of significant cryptographic operations.

PBF: A New Privacy-Aware Billing Framework for Online Electric Vehicles with Bidirectional Auditability

Recently an online electric vehicle (OLEV) concept has been introduced, where vehicles are propelled through the wirelessly transmitted electrical power from the infrastructure installed under the road while moving. The absence of secure-and-fair billing is one main hurdle to widely adopt this promising technology. This paper introduces a secure and privacy-aware fair billing framework for OLEV on the move through the charging plates installed under the road. We first propose two extreme lightweight mutual authentication mechanisms, a direct authentication and a hash chain-based authentication between vehicles and the charging plates that can be used for different vehicular speeds on the road. Second we propose a secure and privacy-aware wireless power transfer on move for the vehicles with bidirectional auditability guarantee by leveraging game-theoretic approach. Each charging plate transfers a fixed amount of energy to the vehicle and bills the vehicle in a privacy-aware way accordingly. Our protocol guarantees secure, privacy-aware, and fair billing mechanism for the OLEVs while receiving electric power from the road. Moreover our proposed framework can play a vital role in eliminating the security and privacy challenges in the deployment of power transfer technology to the OLEVs.

A novel approach to detection of mobile rogue access points

Rogue access points APs have been used in several attacks such as packet sniffing and man-in-the-middle attacks. It is becoming a serious security threat to users in public and enterprise networks. Moreover, it is easy to install malicious APs using mobile devices and networks, and existing solutions do not effectively detect these rogue APs. In this paper, we propose a method to detect rogue APs over mobile networks using round-trip time measurements, without relying on information from authorized lists of APs or users. Through experiments, we proved that our proposed method could detect rogue APs successfully. Copyright