As the density of wireless networks increases globally, the vulnerability of overlapped dense wireless communications to interference by hidden nodes and denial-of-service (DoS) attacks is becoming more apparent. Ther...As the density of wireless networks increases globally, the vulnerability of overlapped dense wireless communications to interference by hidden nodes and denial-of-service (DoS) attacks is becoming more apparent. There exists a gap in research on the detection and response to attacks on Medium Access Control (MAC) mechanisms themselves, which would lead to service outages between nodes. Classifying exploitation and deceptive jamming attacks on control mechanisms is particularly challengingdue to their resemblance to normal heavy communication patterns. Accordingly, this paper proposes a machine learning-based selective attack mitigation model that detects DoS attacks on wireless networks by monitoring packet log data. Based on the type of detected attack, it implements effective corresponding mitigation techniques to restore performance to nodes whose availability has been compromised. Experimental results reveal that the accuracy of the proposed model is 14% higher than that of a baseline anomaly detection model. Further, the appropriate mitigation techniques selected by the proposed system based on the attack type improve the average throughput by more than 440% compared to the case without a response.展开更多
With the introduction of 5G technology,the application of Internet of Things(IoT)devices is expanding to various industrial fields.However,introducing a robust,lightweight,low-cost,and low-power security solution to t...With the introduction of 5G technology,the application of Internet of Things(IoT)devices is expanding to various industrial fields.However,introducing a robust,lightweight,low-cost,and low-power security solution to the IoT environment is challenging.Therefore,this study proposes two methods using a data compression technique to detect malicious traffic efficiently and accurately for a secure IoT environment.The first method,compressed sensing and learning(CSL),compresses an event log in a bitmap format to quickly detect attacks.Then,the attack log is detected using a machine-learning classification model.The second method,precise re-learning after CSL(Ra-CSL),comprises a two-step training.It uses CSL as the 1st step analyzer,and the 2nd step analyzer is applied using the original dataset for a log that is detected as an attack in the 1st step analyzer.In the experiment,the bitmap rule was set based on the boundary value,which was 99.6%true positive on average for the attack and benign data found by analyzing the training data.Experimental results showed that the CSL was effective in reducing the training and detection time,and Ra-CSL was effective in increasing the detection rate.According to the experimental results,the data compression technique reduced the memory size by up to 20%and the training and detection times by 67%when compared with the conventional technique.In addition,the proposed technique improves the detection accuracy;the Naive Bayes model with the highest performance showed a detection rate of approximately 99%.展开更多
As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficu...As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.展开更多
With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks ...With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks have improved industrial productivity and convenience,they are highly dependent on nonstandard protocol stacks and open-source-based,poorly validated software,resulting in several security vulnerabilities.How-ever,conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and com-puting power.This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy.Experimental results using a software vulnerability classification dataset showed that different optimal data sizes did not affect the learning performance of the learning models.Moreover,the minimal data size required to train a model without performance degradation could be determined in advance.For example,the random forest model saved 85.18%of memory and improved latency by 97.82%while maintaining a learning accuracy similar to that achieved when using 100%of data,despite using only 1%.展开更多
With the advancement of wireless network technology,vast amounts of traffic have been generated,and malicious traffic attacks that threaten the network environment are becoming increasingly sophisticated.While signatu...With the advancement of wireless network technology,vast amounts of traffic have been generated,and malicious traffic attacks that threaten the network environment are becoming increasingly sophisticated.While signature-based detection methods,static analysis,and dynamic analysis techniques have been previously explored for malicious traffic detection,they have limitations in identifying diversified malware traffic patterns.Recent research has been focused on the application of machine learning to detect these patterns.However,applying machine learning to lightweight devices like IoT devices is challenging because of the high computational demands and complexity involved in the learning process.In this study,we examined methods for effectively utilizing machine learning-based malicious traffic detection approaches for lightweight devices.We introduced the suboptimal feature selection model(SFSM),a feature selection technique designed to reduce complexity while maintaining the effectiveness of malicious traffic detection.Detection performance was evaluated on various malicious traffic,benign,exploits,and generic,using the UNSW-NB15 dataset and SFSM sub-optimized hyperparameters for feature selection and narrowed the search scope to encompass all features.SFSM improved learning performance while minimizing complexity by considering feature selection and exhaustive search as two steps,a problem not considered in conventional models.Our experimental results showed that the detection accuracy was improved by approximately 20%compared to the random model,and the reduction in accuracy compared to the greedy model,which performs an exhaustive search on all features,was kept within 6%.Additionally,latency and complexity were reduced by approximately 96%and 99.78%,respectively,compared to the greedy model.This study demonstrates that malicious traffic can be effectively detected even in lightweight device environments.SFSM verified the possibility of detecting various attack traffic on lightweight devices.展开更多
With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrus...With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrusion detection methods.Signature-based intrusion detection methods can be used to detect attacks;however,they cannot detect new malware.Endpoint detection and response(EDR)tools are attracting attention as a means of detecting attacks on endpoints in real-time to overcome the limitations of signature-based intrusion detection techniques.However,EDR tools are restricted by the continuous generation of unnecessary logs,resulting in poor detection performance and memory efficiency.Machine learning-based intrusion detection techniques for responding to advanced cyberattacks are memory intensive,using numerous features;they lack optimal feature selection for each attack type.To overcome these limitations,this study proposes a memory-efficient intrusion detection approach incorporating multi-binary classifiers using optimal feature selection.The proposed model detects multiple types of malicious attacks using parallel binary classifiers with optimal features for each attack type.The experimental results showed a 2.95%accuracy improvement and an 88.05%memory reduction using only six features compared to a model with 18 features.Furthermore,compared to a conventional multi-classification model with simple feature selection based on permutation importance,the accuracy improved by 11.67%and the memory usage decreased by 44.87%.The proposed scheme demonstrates that effective intrusion detection is achievable with minimal features,making it suitable for memory-limited mobile and Internet of Things devices.展开更多
The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managin...The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managing and governing IoT devices is imperative.Secure authentication for IoT devices in resource-constrained environments remains challenging due to the limitations of conventional complex protocols.Prior methodologies enhanced mutual authentication through key exchange protocols or complex operations,which are impractical for lightweight devices.To address this,our study introduces the privacy-preserving software-defined range proof(SDRP)model,which achieves secure authentication with low complexity.SDRP minimizes the overhead of confidentiality and authentication processes by utilizing range proof to verify whether the attribute information of a user falls within a specific range.Since authentication is performed using a digital ID sequence generated from indirect personal data,it can avoid the disclosure of actual individual attributes.Experimental results demonstrate that SDRP significantly improves security efficiency,increasing it by an average of 93.02%compared to conventional methods.It mitigates the trade-off between security and efficiency by reducing leakage risk by an average of 98.7%.展开更多
Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticu...Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats.In particular,because telecommuting,telemedicine,and teleeducation are implemented in uncontrolled environments,attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information,and reports of endpoint attacks have been increasing considerably.Advanced persistent threats(APTs)using various novel variant malicious codes are a form of a sophisticated attack.However,conventional commercial antivirus and anti-malware systems that use signature-based attack detectionmethods cannot satisfactorily respond to such attacks.In this paper,we propose a method that expands the detection coverage inAPT attack environments.In this model,an open-source threat detector and log collector are used synergistically to improve threat detection performance.Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks,as defined by MITRE Adversarial Tactics,Techniques,and Common Knowledge(ATT&CK).We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response(GRR),an open-source threat detection tool,and Graylog,an open-source log collector.The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11%compared with that conventional methods.展开更多
基金supported by the Ministry of Trade,Industry and Energy(MOTIE)under Training Industrial Security Specialist for High-Tech Industry(RS-2024-00415520)supervised by the Korea Institute for Advancement of Technology(KIAT)the Ministry of Science and ICT(MSIT)under the ICT Challenge and Advanced Network of HRD(ICAN)Program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As the density of wireless networks increases globally, the vulnerability of overlapped dense wireless communications to interference by hidden nodes and denial-of-service (DoS) attacks is becoming more apparent. There exists a gap in research on the detection and response to attacks on Medium Access Control (MAC) mechanisms themselves, which would lead to service outages between nodes. Classifying exploitation and deceptive jamming attacks on control mechanisms is particularly challengingdue to their resemblance to normal heavy communication patterns. Accordingly, this paper proposes a machine learning-based selective attack mitigation model that detects DoS attacks on wireless networks by monitoring packet log data. Based on the type of detected attack, it implements effective corresponding mitigation techniques to restore performance to nodes whose availability has been compromised. Experimental results reveal that the accuracy of the proposed model is 14% higher than that of a baseline anomaly detection model. Further, the appropriate mitigation techniques selected by the proposed system based on the attack type improve the average throughput by more than 440% compared to the case without a response.
基金supported by a Korea Institute for Advancement of Technology(KIAT)Grant funded by theKorean Government(MOTIE)(P0008703,The Competency Development Program for Industry Specialists)the MSIT under the ICAN(ICT Challenge and Advanced Network ofHRD)program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information Communication Technology Planning and Evaluation(IITP).
文摘With the introduction of 5G technology,the application of Internet of Things(IoT)devices is expanding to various industrial fields.However,introducing a robust,lightweight,low-cost,and low-power security solution to the IoT environment is challenging.Therefore,this study proposes two methods using a data compression technique to detect malicious traffic efficiently and accurately for a secure IoT environment.The first method,compressed sensing and learning(CSL),compresses an event log in a bitmap format to quickly detect attacks.Then,the attack log is detected using a machine-learning classification model.The second method,precise re-learning after CSL(Ra-CSL),comprises a two-step training.It uses CSL as the 1st step analyzer,and the 2nd step analyzer is applied using the original dataset for a log that is detected as an attack in the 1st step analyzer.In the experiment,the bitmap rule was set based on the boundary value,which was 99.6%true positive on average for the attack and benign data found by analyzing the training data.Experimental results showed that the CSL was effective in reducing the training and detection time,and Ra-CSL was effective in increasing the detection rate.According to the experimental results,the data compression technique reduced the memory size by up to 20%and the training and detection times by 67%when compared with the conventional technique.In addition,the proposed technique improves the detection accuracy;the Naive Bayes model with the highest performance showed a detection rate of approximately 99%.
基金supplemented by a paper presented at the 6th International Symposium on Mobile Internet Security(MobiSec 2022).
文摘As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.
基金supported by a National Research Foundation of Korea (NRF)grant funded by the Ministry of Science and ICT (MSIT) (No.2020R1F1A1061107)the Korea Institute for Advancement of Technology (KIAT)grant funded by the Korean Government (MOTIE) (P0008703,The Competency Development Program for Industry Specialists)the MSIT under the ICAN (ICT Challenge and Advanced Network of HRD)program (No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning and Evaluation (IITP).
文摘With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks have improved industrial productivity and convenience,they are highly dependent on nonstandard protocol stacks and open-source-based,poorly validated software,resulting in several security vulnerabilities.How-ever,conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and com-puting power.This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy.Experimental results using a software vulnerability classification dataset showed that different optimal data sizes did not affect the learning performance of the learning models.Moreover,the minimal data size required to train a model without performance degradation could be determined in advance.For example,the random forest model saved 85.18%of memory and improved latency by 97.82%while maintaining a learning accuracy similar to that achieved when using 100%of data,despite using only 1%.
基金supported by the Korea Institute for Advancement of Technology(KIAT)Grant funded by the Korean Government(MOTIE)(P0008703,The Competency Development Program for Industry Specialists)MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)Program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning and Evaluation(IITP).
文摘With the advancement of wireless network technology,vast amounts of traffic have been generated,and malicious traffic attacks that threaten the network environment are becoming increasingly sophisticated.While signature-based detection methods,static analysis,and dynamic analysis techniques have been previously explored for malicious traffic detection,they have limitations in identifying diversified malware traffic patterns.Recent research has been focused on the application of machine learning to detect these patterns.However,applying machine learning to lightweight devices like IoT devices is challenging because of the high computational demands and complexity involved in the learning process.In this study,we examined methods for effectively utilizing machine learning-based malicious traffic detection approaches for lightweight devices.We introduced the suboptimal feature selection model(SFSM),a feature selection technique designed to reduce complexity while maintaining the effectiveness of malicious traffic detection.Detection performance was evaluated on various malicious traffic,benign,exploits,and generic,using the UNSW-NB15 dataset and SFSM sub-optimized hyperparameters for feature selection and narrowed the search scope to encompass all features.SFSM improved learning performance while minimizing complexity by considering feature selection and exhaustive search as two steps,a problem not considered in conventional models.Our experimental results showed that the detection accuracy was improved by approximately 20%compared to the random model,and the reduction in accuracy compared to the greedy model,which performs an exhaustive search on all features,was kept within 6%.Additionally,latency and complexity were reduced by approximately 96%and 99.78%,respectively,compared to the greedy model.This study demonstrates that malicious traffic can be effectively detected even in lightweight device environments.SFSM verified the possibility of detecting various attack traffic on lightweight devices.
基金supported by MOTIE under Training Industrial Security Specialist for High-Tech Industry(RS-2024-00415520)supervised by the Korea Institute for Advancement of Technology(KIAT),and by MSIT under the ICT Challenge and Advanced Network of HRD(ICAN)Program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP)。
文摘With the rise of remote work and the digital industry,advanced cyberattacks have become more diverse and complex in terms of attack types and characteristics,rendering them difficult to detect with conventional intrusion detection methods.Signature-based intrusion detection methods can be used to detect attacks;however,they cannot detect new malware.Endpoint detection and response(EDR)tools are attracting attention as a means of detecting attacks on endpoints in real-time to overcome the limitations of signature-based intrusion detection techniques.However,EDR tools are restricted by the continuous generation of unnecessary logs,resulting in poor detection performance and memory efficiency.Machine learning-based intrusion detection techniques for responding to advanced cyberattacks are memory intensive,using numerous features;they lack optimal feature selection for each attack type.To overcome these limitations,this study proposes a memory-efficient intrusion detection approach incorporating multi-binary classifiers using optimal feature selection.The proposed model detects multiple types of malicious attacks using parallel binary classifiers with optimal features for each attack type.The experimental results showed a 2.95%accuracy improvement and an 88.05%memory reduction using only six features compared to a model with 18 features.Furthermore,compared to a conventional multi-classification model with simple feature selection based on permutation importance,the accuracy improved by 11.67%and the memory usage decreased by 44.87%.The proposed scheme demonstrates that effective intrusion detection is achievable with minimal features,making it suitable for memory-limited mobile and Internet of Things devices.
基金funding from the Korea Institute for Advancement of Technology(KIAT)through a grant provided by the Korean Government Ministry of Trade,Industry,and Energy(MOTIE)(RS-2024-00415520,Training Industrial Security Specialist for High-Tech Industry)Additional support was received from the Ministry of Science and ICT(MSIT)under the ICAN(ICT Challenge and Advanced Network of HRD)program(No.IITP-2022-RS-2022-00156310)overseen by the Institute of Information&Communication Technology Planning and Evaluation(IITP).
文摘The Internet of Things(IoT)is extensively applied across various industrial domains,such as smart homes,factories,and intelligent transportation,becoming integral to daily life.Establishing robust policies for managing and governing IoT devices is imperative.Secure authentication for IoT devices in resource-constrained environments remains challenging due to the limitations of conventional complex protocols.Prior methodologies enhanced mutual authentication through key exchange protocols or complex operations,which are impractical for lightweight devices.To address this,our study introduces the privacy-preserving software-defined range proof(SDRP)model,which achieves secure authentication with low complexity.SDRP minimizes the overhead of confidentiality and authentication processes by utilizing range proof to verify whether the attribute information of a user falls within a specific range.Since authentication is performed using a digital ID sequence generated from indirect personal data,it can avoid the disclosure of actual individual attributes.Experimental results demonstrate that SDRP significantly improves security efficiency,increasing it by an average of 93.02%compared to conventional methods.It mitigates the trade-off between security and efficiency by reducing leakage risk by an average of 98.7%.
基金This study is the result of a commissioned research project supported by the affiliated institute of ETRI(No.2021-026)partially supported by the NationalResearch Foundation of Korea(NRF)grant funded by the Korean government(MSIT)(No.2020R1F1A1061107)+2 种基金the Korea Institute for Advancement of Technology(KIAT)grant funded by the Korean government(MOTIE)(P0008703,The Competency Development Program for Industry Specialist)the MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)program[grant number IITP-2022-RS-2022-00156310]supervised by the Institute of Information&Communication Technology Planning and Evaluation(IITP).
文摘Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats.In particular,because telecommuting,telemedicine,and teleeducation are implemented in uncontrolled environments,attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information,and reports of endpoint attacks have been increasing considerably.Advanced persistent threats(APTs)using various novel variant malicious codes are a form of a sophisticated attack.However,conventional commercial antivirus and anti-malware systems that use signature-based attack detectionmethods cannot satisfactorily respond to such attacks.In this paper,we propose a method that expands the detection coverage inAPT attack environments.In this model,an open-source threat detector and log collector are used synergistically to improve threat detection performance.Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks,as defined by MITRE Adversarial Tactics,Techniques,and Common Knowledge(ATT&CK).We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response(GRR),an open-source threat detection tool,and Graylog,an open-source log collector.The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11%compared with that conventional methods.
