사물인터넷 환경에서 안전성과 신뢰성 향상을 위한 Dual-IDS 기법에 관한 연구

양환석,Yang, Hwanseok 디지털산업정보학회 2017 디지털산업정보학회논문지 Vol.13 No.1

IoT can be connected through a single network not only objects which can be connected to existing internet but also objects which has communication capability. This IoT environment will be a huge change to the existing communication paradigm. However, the big security problem must be solved in order to develop further IoT. Security mechanisms reflecting these characteristics should be applied because devices participating in the IoT have low processing ability and low power. In addition, devices which perform abnormal behaviors between objects should be also detected. Therefore, in this paper, we proposed D-IDS technique for efficient detection of malicious attack nodes between devices participating in the IoT. The proposed technique performs the central detection and distribution detection to improve the performance of attack detection. The central detection monitors the entire network traffic at the boundary router using SVM technique and detects abnormal behavior. And the distribution detection combines RSSI value and reliability of node and detects Sybil attack node. The performance of attack detection against malicious nodes is improved through the attack detection process. The superiority of the proposed technique can be verified by experiments.

신뢰도와 키를 이용한 보안 라우팅 기법에 관한 연구

양환석,Yang, Hwanseok 디지털산업정보학회 2015 디지털산업정보학회논문지 Vol.11 No.3

MANET is composed of only the mobile nodes have a limited transmission range. The dynamic topology by the frequent movement of nodes makes routing difficult and is also cause exposed to security vulnerabilities. In this paper, we propose the security routing technique consisted of mechanism of two steps in order to respond effectively to attack by the modification of the routing information and transmit secure data. The hierarchical structure is used and the authentication node that issues the key of the nodes within each cluster is elected in this proposed method. The authentication node manages key issues and issued information for encrypting the routing information from the source node. The reliability value for each node is managed to routing trust table in order to secure data transmission. In the first step, the route discovery is performed using this after the routing information is encrypted using the key issued by the authentication node. In the second step, the average reliability value of the node in the found path is calculated. And the safety of the data transmission is improved after the average reliability value selects the highest path. The improved performance of the proposed method in this paper was confirmed through comparative experiments with CBSR and SEER. It was confirmed a better performance in the transmission delay, the amount of the control packet, and the packet transmission success ratio.

ZCN과 N2N 인증 기법을 이용한 패킷 전송에 대한 신뢰성 향상에 관한 연구

양환석,Yang, Hwanseok 디지털산업정보학회 2015 디지털산업정보학회논문지 Vol.11 No.4

MANET has various vulnerability in wireless network and is more vulnerable in security because central management is not performed. In particular, routing attack may decrease performance of the overall network because the mobile node acts as a router. In this paper, we proposed authentication technique for improving the reliability of the network by increasing the integrity of the routing control packet and blocking effectively attacks that occur frequently in the inside. The proposed technique is consisted of two authentication methods of ZCN and N2N. ZCN authentication method is to elect CA nodes and monitor the role of the CA nodes. N2N authentication method is for an integrity check on the routing packets between nodes. Index key is determined by combining the hop count value to shared key table issued from CA in order to increase the robustness of the internal attack. Also, the overhead of key distribution was reduced by distributing a shared key to nodes certificated from CA. The excellent performance of the proposed method was confirmed through the comparison experiments.

MANET에서 멀티캐스트 보안을 위한 효율적인 그룹 멤버 인증 및 키 관리 기법 연구

양환석 (사)디지털산업정보학회 2017 디지털산업정보학회논문지 Vol.13 No.4

The mutual cooperation among nodes is very important because mobile nodes participating in MANET communicate with limited resources and wireless environment. This characteristic is important especially in environment that supports group communication. In order to support the secure multicast environment, it is important enough to affect performance to provide accurate authentication method for multicast group members and increase the integrity of transmitted data. Therefore, we propose a technique to provide the multicast secure communication by providing efficient authentication and group key management for multicast member nodes in this paper. The cluster structure is used for authentication of nodes in the proposed technique. In order to efficient authentication of nodes, the reliability is measured using a combination of local trust information and global trust information measured by neighboring nodes. And issuing process of the group key has two steps. The issued security group key increases the integrity of the transmitted data. The superiority of the proposed technique was confirmed by comparative experiments.

데이터 전달 성능 향상을 위한 공유 그룹 구성 기법에 관한 연구

양환석 (사)디지털산업정보학회 2015 디지털산업정보학회논문지 Vol.11 No.1

The various services applied internet have been provided by the rapid development of wireless networks and providing multimedia contents are also increasing. It is caused a number of problems such as increasing of network traffic rapidly. P2P technique is gaining popularity for solving these problems. In particular, P2P technique in a wireless network environment has gained much popularity. Among them, MANET-based P2P techniques has been studied actively. It is not easy to be applied the existing technique as it is due to the dynamic topology and low bandwidth by moving nodes in MANET that is consisted of only mobile nodes. In this paper, we proposed sharing group construction technique for providing a stable connection between mobile nodes and reducing the load of network traffic and overhead of sharing group reconfiguration in order to improve data transmission performance between mobile nodes. The sharing group member nodes applied virtual sharing group generation technique with neighboring nodes of 1-hop distance in order to reduce traffic for file sharing. We performed comparative experiments with DHT technique to evaluate the performance of the proposed technique in this paper and the excellent performance is confirmed through experiments.

UV-LED 경화형 PDLC의 경화성 및 상분리 거동에 관한 연구

양환석,김현경,홍진후 한국공업화학회 2009 한국공업화학회 연구논문 초록집 Vol.2009 No.-

프로파일 기반 다단계 공격 탐지 기법에 관한 연구

양환석 (사)디지털산업정보학회 2014 디지털산업정보학회논문지 Vol.10 No.4

MANET has been applied to a wide variety of areas because it has advantages which can build a network quickly in a difficult situation to build a network. However, it is become a victim of malicious nodes because of characteristics such as mobility of nodes consisting MANET, limited resources, and the wireless network. Therefore, it is required to lightweight attack detection technique which can accurately detect attack without causing a large burden to the mobile node. In this paper, we propose a multistage attack detection techniques that attack detection takes place in routing phase and data transfer phase in order to increase the accuracy of attack detection. The proposed attack detection technique is composed of four modules at each stage in order to perform accurate attack detection. Flooding attack and packet discard or modify attacks is detected in the routing phase, and whether the attack by modification of data is detected in the data transfer phase. We assume that nodes have a public key and a private key in pairs in this paper.

Mobile Ad Hoc Network에서 분산 모니터링을 이용한 향상된 침입탐지 기법 연구

양환석,Yang, Hwanseok 디지털산업정보학회 2018 디지털산업정보학회논문지 Vol.14 No.1

MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.

가상화 기술의 취약점을 이용한 공격 대응에 관한 연구

양환석 (사)디지털산업정보학회 2012 디지털산업정보학회논문지 Vol.8 No.3

Computing environment combined with development of internet and IT technology is changing to cloud computing environment. In addition, cloud computing is revitalized more because of propagation of LTE and suggestion of N-screen Service. Virtualization is the point technology for suggest IT resource to service form to users in this cloud computing. This technology combines other system physically or divides one system logically and uses resource efficiently. Many users can be provided application and hardware as needed using this. But, lately various attack using weak point of virtualization technology are increasing rapidly. In this study, we analyze type and weak point of virtualization technology, the point of cloud computing. And we study about function and the position which intrusion detection system has to prepare in order to detect and block attack using this.

클러스터를 기반으로 한 인증 기법에 관한 연구

양환석,김종민,이웅기 朝鮮大學校 統計硏究所 2006 統計硏究所論文誌 Vol.8 No.1

본 논문에서는 ad hoc network에서 클러스터를 기반으로 노드들의 인증을 통한 안전한 데이터 전송 방법을 제안하였다. 클러스터를 관리하는 클러스터 헤드 노드는 클러스터가 형성될 때 멤버 노드들의 이웃 노드들에 대한 신뢰 정보를 받는다. 클러스터 헤드는 이러한 신뢰 정보와 자신의 정보를 조합하여 보다 정확하고 효율적으로 다른 노드를 평가한다. 이렇게 함으로써 네트워크에 새롭게 참여하는 노드에 대해서도 보다 정확한 인증을 수행할 수 있게 된다. 그리고 무선망의 제한된 대역폭을 고려하여 네트워크 상의 제어 패킷의 양을 줄여 데이터 전송의 효율성을 증가시키기 위해 제한된 broadcast 메커니즘을 이용하였다. 실험을 통해 제안한 방법의 효율성을 확인하기 위해 클러스터 헤드의 수, 경로 길이, 그리고 제어 패킷의 양을 측정하였다.