KR101806310B1 - Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same - Google Patents

Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same Download PDF

Info

Publication number
KR101806310B1
KR101806310B1 KR1020150185368A KR20150185368A KR101806310B1 KR 101806310 B1 KR101806310 B1 KR 101806310B1 KR 1020150185368 A KR1020150185368 A KR 1020150185368A KR 20150185368 A KR20150185368 A KR 20150185368A KR 101806310 B1 KR101806310 B1 KR 101806310B1
Authority
KR
South Korea
Prior art keywords
host
attack
packet
data packet
generating
Prior art date
Application number
KR1020150185368A
Other languages
Korean (ko)
Other versions
KR20170075557A (en
Inventor
최현상
Original Assignee
주식회사 시큐아이
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 시큐아이 filed Critical 주식회사 시큐아이
Priority to KR1020150185368A priority Critical patent/KR101806310B1/en
Publication of KR20170075557A publication Critical patent/KR20170075557A/en
Application granted granted Critical
Publication of KR101806310B1 publication Critical patent/KR101806310B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network

Abstract

The eavesdropping prevention method using the eavesdropping attack module of the first host including the eavesdropping attack module for generating an attack packet in response to the eavesdropping attack of the present invention is characterized in that the first host receives a query packet from the second host through the network The first host generating a data packet in response to the query packet; generating the attack packet by the first host; and transmitting the attack packet to the first host, And transmitting an attack packet to the second host.

Description

TECHNICAL FIELD [0001] The present invention relates to an eavesdropping attack module, an eavesdropping prevention method using the eavesdropping attack module, and a security system including the eavesdropping attack module,

An embodiment according to the concept of the present invention relates to an eavesdropping attack module, an eavesdropping prevention method using the same, and a security system including the same.

An attacker can connect to a wired or wireless network and it is possible to eavesdrop on traffic of a specific target. In particular, when a wired or wireless network is not encrypted to be eavesdropped, data packets transmitted and received through each channel can be more easily exposed to an attacker.

Typically, attackers use a network traffic sniffing tool or a traffic analyzer to wiretap. Typical examples of network traffic sniffing tools or traffic analyzers include wireshark or tshark.

Network traffic sniffing tools or traffic analyzers are used by attackers, but they are vulnerable because they are a kind of software. Vulnerabilities in these network traffic sniffing tools and traffic analyzers are constantly being discovered every year.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide an attack packet generating apparatus and a method for generating an attack packet in order to protect an external attacker who accesses a network unauthorizedly and intercepts a data packet, A wiretap attack module for attacking a vulnerability, a method for preventing eavesdropping using the same, and a security system including the same.

The eavesdropping prevention method using the eavesdropping attack module of the first host, which includes the eavesdropping attack module for generating an attack packet in response to the eavesdropping attack according to the embodiment of the present invention, The method comprising the steps of: receiving a query packet; generating a data packet in response to the query packet by the first host; generating the attack packet by the first host; And transmitting the data packet and the attack packet to the second host.

According to an embodiment, the attack packet may be a protocol that attacks a vulnerability of an attacker's network traffic analyzer that analyzes the data packet.

According to an embodiment, the network traffic analyzer may be at least one of wireshark and tshark.

According to an embodiment, the attack packet may be generated in one of a control and provisioning of wireless access points (CAPWAP) protocol and a moving picture experts group phase 1 (MPEG-1) protocol.

According to an embodiment, the step of generating the attack packet may generate the attack packet every time the data packet is generated.

The generating of the attack packet may further include: determining a security level of the data packet; and generating the attack packet when the security level is higher than a reference level.

The generating of the attack packet may further include selecting either the security mode or the general mode of the first host and generating the attack packet in the secure mode according to the embodiment .

 According to an embodiment, a computer-readable recording medium storing a computer program for implementing the eavesdropping prevention method using the eavesdropping module may be implemented.

The eavesdropper attack module according to another embodiment of the present invention includes a data packet generator for generating a data packet in response to a query packet received from an external host, an attack packet generator for generating an attack packet attacking a vulnerability of the network traffic analyzer, A transmitting and receiving unit for receiving the query packet from the external host and transmitting at least one of the attack packet and the data packet to the external host under the control of the controller, .

According to an embodiment, the attack packet may be generated in a format of either the CAPWAP protocol or the MPEG-1 protocol.

According to an embodiment, the network traffic analyzer may be at least one of wire shark and tee shark.

According to an embodiment, the control unit may determine whether to generate the attack packet whenever the data packet is generated.

According to an embodiment, the controller may determine whether to generate the attack packet at predetermined intervals.

According to an embodiment, the controller may determine the security level of the data packet, and may determine to generate the attack packet when the security level is higher than the reference level.

According to another aspect of the present invention, there is provided a security system including a first host for generating a data packet and an attack packet, and a second host for transmitting a query packet to the first host through a network, May insert the attack packet into the data packet and attack an attacker's network traffic analyzer that analyzes the data packet through the network.

According to the eavesdropping attack module, the eavesdropping prevention method using the eavesdropping module, and the security system including the eavesdropping attack module according to the embodiment of the present invention, even if an attacker unauthorizedly accesses the network and taps data packets, Or network traffic analyzer to attack the attacker's eavesdropping attack.

1 shows a block diagram of a security system according to an embodiment of the present invention.
2 is a block diagram illustrating an operation of the eavesdropping module shown in FIG.
3 is a conceptual diagram for explaining a data packet and an attack packet transmitted from the first host to the second host shown in FIG.
4 is a flowchart illustrating an operation of the eavesdropping attack module shown in FIG.
5 shows a block diagram of a security system according to another embodiment of the present invention.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

As used herein, a module may refer to a functional or structural combination of hardware to perform the method according to an embodiment of the present invention or software that can drive the hardware. Accordingly, the module may refer to a logical unit or a set of hardware resources capable of executing the program code and the program code, and does not necessarily mean a physically connected code or a kind of hardware.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto.

1 shows a block diagram of a security system according to an embodiment of the present invention.

Referring to FIG. 1, a security system 10 according to an embodiment of the present invention includes a first host 100, a second host 200, a third host 300, and a network 400.

The first host 100 and the second host 200 can transmit and receive packets to / from each other via the network 400.

The first host 100 may generate a data packet in response to the query packet received from the second host 200. [

For example, the first host 100 may be a PC, a smart phone, a tablet PC, a mobile internet device (MID), an internet tablet, an Internet of things (IoT) but are not limited to, any of the above devices, a desktop computer, a laptop computer, a workstation computer, or a personal digital assistant (PDA).

The first host 100 may include a wiretap attack module 110 to prevent traffic from being eavesdropped by an attacker (e.g., the third host 300) connected to the network 400. [

The eavesdropping attack module 110 may generate an attack packet for attacking the third host 300. [ The first host 100 may transmit the attack packet to the second host 200 together with the data packet.

At this time, even if the traffic of the first host 100 is intercepted by the third host 300 connected to the network 400, since the attack packet can attack the third host 300 in reverse, 100 can prevent eavesdropping attacks of the third host 300.

Generally, the third host 300 can generate procedures, commands, scripts, programs, or specific pieces of data using security vulnerabilities (e.g., bugs) present in software, hardware, and computer- have.

Here, a vulnerability exploit means that an attacker uses the procedure, command, script, program, or a specific piece of data to cause the electronic product or the like to perform an intended operation of the attacker. For example, a buffer overflow, which is a kind of vulnerability attack, can acquire the privilege of the object having the vulnerability or take the stored personal information.

The eavesdropping attack module 110 may attack the vulnerability of the attacker using the attack packet to attack the eavesdropper.

That is, the attacker module 110 can attack the network traffic sniffing tool or the network traffic analyzer using the attack packet. These attack packets are designed to attack only specific network traffic sniffing tools or network traffic analyzers, and not attack other programs or service providers.

The second host 200 may transmit the query packet to the first host 100.

For example, the second host 200 may be a DNS server, a web server, an NTP server, an SSDP server, a P2P server, or an SNMP server, but is not limited thereto.

The third host 300 refers to an attacker who connects to the network 400 and analyzes the traffic between the first host 100 and the second host 200 to perform a worm attack.

The third host 300 may analyze the traffic between the first host 100 and the second host 200 using a network traffic sniffing tool or a network traffic analyzer.

For example, the third host 300 may perform a wiretap attack using wireshark or tshark.

This network traffic sniffing tool or network traffic analyzer can be vulnerable because it is software. For example, wire shark includes a dissector that is a module for analyzing network traffic, which has a vulnerability (e.g., CVE-2014-6423).

Accordingly, even if the third host 300 sniffs traffic between the first host 100 and the second host 200, the attack packet attacks the vulnerability of the third host 300 to disable the eavesdropping attack .

The network 400 may refer to a wired Internet network, a wireless Internet network, or a WiFi network.

2 is a block diagram illustrating an operation of the eavesdropping module shown in FIG.

Although the controller 112, the attack packet generator 114, the data packet generator 116, and the transmitter / receiver 118 are included in the eavesdropping attack module 110 for the convenience of description of the present invention, Each of the control unit 112, the attack packet generation unit 114, the data packet generation unit 116, and the transmission / reception unit 118 may operate as a separate configuration in the first host 100.

Referring to FIG. 2, the eavesdropping attack module 110 may include a controller 112, an attack packet generator 114, a data packet generator 116, and a transmitter / receiver 118.

The control unit 112 can determine whether to generate the attack packet AP and generate the control signal CI. At this time, the control unit 112 may determine to generate an attack packet (AP) every predetermined period.

According to the embodiment, the control unit 112 can determine to generate an attack packet (AP) every time a data packet DP is generated.

According to another embodiment, the control unit 112 may determine the security level of the data packet DP and determine to generate an attack packet (AP) when the security level is higher than a preset reference level.

According to yet another embodiment, the controller 112 may select either the secure mode or the normal mode of the first host 100. [

For example, when the first host 100 is in security mode, the control unit 112 may determine to generate an attack packet (AP).

For example, when the second host 100 is in the normal mode, the controller 112 may determine not to generate an attack packet (AP).

The attack packet generation unit 114 may generate an attack packet AP that attacks the vulnerability of the network traffic analyzer according to the control signal CI.

Here, the attack packet AP may be one of a control and provisioning of wireless access points (CAPWAP) protocol and a moving picture experts group phase 1 (MPEG-1) protocol, but is not limited thereto.

The data packet generator 116 may generate the data packet DP in response to the control signal CI and the query packet received from the second host 200. [

The transmitting and receiving unit 118 may receive the query packet from the second host 200 and may transmit at least one of the attack packet AP and the data packet DP to the second host 200 under the control of the controller 112. [ Lt; / RTI >

3 is a conceptual diagram for explaining a data packet and an attack packet transmitted from the first host to the second host shown in FIG.

Referring to FIG. 3, the first host 100 may transmit attack packets AP1, AP2,... Together with data packets DP1, DP2, ... to the second host 200. At this time, the first host 100 inserts attack packets AP1, AP2, ... between the data packets DP1, DP2, AP1, AP2, ...) to the second host 200 alternately.

If the third host 300 sniffs the attack packets AP1, AP2, ... and the data packets DP1, DP2, ... transmitted from the first host 100 by connecting to the network 400 , The third host 300 can be vulnerable attacked by the attack packets AP1, AP2, ....

For example, when the third host 300 uses wire shark as a network traffic analyzer, the first host 100 generates a first attack packet AP1 in a control and provisioning of wireless access points (CAPWAP) protocol The third host 300 can attack the vulnerability of the network traffic analyzer. For example, the first attack packet AP1 may be the next 61 bytes packet.

First attack packet (AP1): D4 C3 B2 A1 02 00 04 00 00 00 00 00 00 00 00 00 00 04 00 01 00 00 00 5A 6D 66 56 8A 77 02 00 3D 00 00 00 3D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 00 2F FF 18 40 00 40 11 3D A3 7F 00 00 01 7F 00 00 01 ED 46 14 7F 00 1B FE 2E B8 72 06 90 7A BF BD 47 89 03 CE F6 58 E2 7F BA B4 2B 84 5A 6D 66 56 D4 77 02 00 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 C0 00 4B 83 4A 00 00 40 01 F8 A5 7F 00 00 01 7F 00 00 01 03 03 9D 1F 00 00 00 00 00 00 00 2F FF 18 40 00 40 11 3D A3 7F 00 00 01 7F 00 00 01 ED 46 14 7F 00 1B FE 2E B8 72 06 90 7A BF BD 47 89 03 CE F6 58 E2 7F BA B4 2B 84

Here, the first attack packet AP1 can be used to attack a specific network traffic analyzer (e.g., wire shark), but does not attack the second host 200 or any other object.

However, since the first host 100 can not know what type of network traffic analyzer the third host 300 uses, the attack packets AP1, AP2, ... corresponding to vulnerabilities of various types of network traffic analyzers can be detected. , And transmits different attack packets AP1, AP2, ... to the second host 200 at predetermined intervals.

Thus, the first host 100 transmits various types of attack packets AP1, AP2, ... to the second host 200 together with the data packets DP1, DP2, ... so that unauthorized attackers The attack of the eavesdropping can be prevented.

FIG. 4 is a conceptual diagram for explaining the operation of the eavesdropping attack module shown in FIG. 2. FIG.

Referring to FIGS. 1 and 4, the first host 100 may include an eavesdropping attack module 110. When the first host 100 receives the query packet QP from the second host 200 via the network 400 in step S100, the first host 100 transmits the data packet in response to the query packet QP DP) (S110).

The first host 100 may generate an attack packet AP to prevent a risk that a data packet is eavesdropped by an external attacker on the network 400 in operation S120.

The first host 100 inserts an attack packet AP into the data packet DP at step S130 and transmits the data packet DP and the attack packet AP to the second host 200 through the network 400 (S140).

5 shows a block diagram of a security system according to another embodiment of the present invention.

The second host and the third host shown in FIG. 5 perform substantially the same or similar functions as the second host and the third host shown in FIGS. 1 and 3, The internal network performs substantially the same or similar function as the network shown in FIG. 1 and FIG. 3, so that redundant description will be omitted.

5, the security system 10 'includes a first host 100', a second host 200, a third host 300, a nebu network 410, an external network 420, (500).

The security device 500 may be connected to the first host 100 'through the internal network 410 and may be connected to the second host 200 through the external network 420.

The security device 500 can manage packets transmitted and received between the first host 100 'and the second host 200. [ The packet may be a downlink packet transmitted from the second host 200 to the security device 500 through the external network 420 or may be transmitted from the first host 100 ' Lt; RTI ID = 0.0 > 500 < / RTI >

The security device 500 may include an eavesdropping module 510 to prevent eavesdropping by the attacker (e.g., the third host 300) connected to the external network 420.

The eavesdropping attack module 510 may generate attack packets AP1, AP2, ... for attacking the third host 300. [ The security device 500 may transmit the attack packets AP1, AP2, ... to the second host 200 together with the data packets DP1, DP2, ... received from the first host 100 '.

At this time, even if the traffic of the first host 100 'is intercepted by the third host 300 connected to the external network 420, the attack packets AP1, AP2, The security device 500 can prevent the third host 300 from eavesdropping attacks.

In addition, the eavesdropping prevention method using the eavesdropping attack module 110 according to the embodiment of the present invention shown in Figs. 1 to 5 can be implemented as a computer-readable code on a computer-readable recording medium.

A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. For example, the recording medium may be a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, or an optical data storage device, but is not limited thereto.

The computer-readable recording medium may also be distributed over a networked computer system to store and execute computer readable code in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: security system 100: first host
200: Second host 300: Third host
400: network 410: internal network
420: Internal network

Claims (15)

A method of preventing eavesdropping using a eavesdropping module of a first host,
The first host receiving a query packet from a second host over a network;
The first host generating a data packet in response to the query packet;
The first host generating an attack packet corresponding to the data packet;
The first host transmitting traffic including the data packet and the attack packet to the second host,
The attack packet includes:
A network traffic analyzer configured to attack only a vulnerability of a network traffic analyzer of an attacker host that intercepts packets transmitted and received between the first host and the second host,
The attack packet includes:
Wherein when the attacker host analyzes the traffic using the network traffic analyzer to eavesdrop the traffic transmitted from the first host to the second host,
Wherein the network traffic analyzer comprises:
At least one of wireshark and tshark,
The attack packet includes:
Wherein the eavesdropping attack module is generated according to the security level of the data packet or whenever the data packet is generated. delete delete The method according to claim 1,
Wherein the attack packet is generated in one of a control and provisioning of wireless access points (CAPWAP) protocol and a moving picture experts group phase 1 (MPEG-1) protocol. The method of claim 1, wherein generating the attack packet comprises:
And generating the attack packet every time the data packet is generated. The method of claim 1, wherein generating the attack packet comprises:
Determining the security class of the data packet; And
And generating the attack packet when the security level is higher than the reference level. The method of claim 1, wherein generating the attack packet comprises:
Selecting either the secure mode or the normal mode of the first host; And
And generating the attack packet in the secure mode. A computer-readable recording medium having recorded thereon a computer program for executing a method for preventing eavesdropping using a wiretap attack module according to claim 1. A data packet generating unit for generating a data packet in response to a query packet received from an external host;
An attack packet generating unit generating an attack packet corresponding to the data packet;
A controller for determining whether to generate the attack packet; And
And a transmitting and receiving unit receiving the query packet from the external host and transmitting traffic including the attack packet and the data packet to the external host under the control of the controller,
The attack packet includes:
A network traffic analyzer configured to attack only a vulnerability of an attacker host's network traffic analyzer that eavesdrops on packets transmitted to and received from the external host,
The attack packet includes:
Wherein when the attacker host analyzes the traffic using the network traffic analyzer to eavesdrop the traffic transmitted from the first host to the second host,
Wherein the network traffic analyzer comprises:
At least one of wireshark and tshark,
Wherein,
And to generate the attack packet every time the data packet is generated or according to the security level of the data packet. 10. The method of claim 9,
Wherein the attack packet is generated in one of a CAPWAP protocol and an MPEG-1 protocol. delete 10. The method of claim 9,
Wherein the control unit determines whether to generate the attack packet every time the data packet is generated. 10. The method of claim 9,
Wherein the control unit determines whether to generate the attack packet every predetermined period. 10. The method of claim 9,
Wherein the controller determines the security level of the data packet and determines to generate the attack packet when the security level is higher than the reference level. delete
KR1020150185368A 2015-12-23 2015-12-23 Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same KR101806310B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150185368A KR101806310B1 (en) 2015-12-23 2015-12-23 Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150185368A KR101806310B1 (en) 2015-12-23 2015-12-23 Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same

Publications (2)

Publication Number Publication Date
KR20170075557A KR20170075557A (en) 2017-07-03
KR101806310B1 true KR101806310B1 (en) 2017-12-08

Family

ID=59357542

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150185368A KR101806310B1 (en) 2015-12-23 2015-12-23 Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same

Country Status (1)

Country Link
KR (1) KR101806310B1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150096035A1 (en) * 2013-09-30 2015-04-02 Juniper Networks, Inc. Polluting results of vulnerability scans

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150096035A1 (en) * 2013-09-30 2015-04-02 Juniper Networks, Inc. Polluting results of vulnerability scans

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Nicolas Darchis, "Sniffing Wireless traffic", Cisco Support Community (2014.04.05.)

Also Published As

Publication number Publication date
KR20170075557A (en) 2017-07-03

Similar Documents

Publication Publication Date Title
Nobakht et al. A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow
Sivanathan et al. Low-cost flow-based security solutions for smart-home IoT devices
Acar et al. Web-based attacks to discover and control local IoT devices
US20180159894A1 (en) Automatic threshold limit configuration for internet of things devices
US9954820B2 (en) Detecting and preventing session hijacking
US20140283062A1 (en) Apparatus, system and method for suppressing erroneous reporting of attacks on a wireless network
US10505967B1 (en) Sensor-based wireless network vulnerability detection
WO2016086763A1 (en) Wireless access node detecting method, wireless network detecting system and server
US11316861B2 (en) Automatic device selection for private network security
Kumar et al. Review on security and privacy concerns in Internet of Things
TWI506472B (en) Network device and method for avoiding arp attacks
US10498758B1 (en) Network sensor and method thereof for wireless network vulnerability detection
Lei et al. SecWIR: Securing smart home IoT communications via wi-fi routers with embedded intelligence
Park et al. Session management for security systems in 5g standalone network
US9444845B2 (en) Network security apparatus and method
US11689928B2 (en) Detecting unauthorized access to a wireless network
CN110753014B (en) Threat perception method, equipment and device based on flow forwarding and storage medium
US9686311B2 (en) Interdicting undesired service
KR20110022816A (en) System and method for protecting ddos attack using ap
KR101593897B1 (en) Network scan method for circumventing firewall, IDS or IPS
KR101806310B1 (en) Eavesdropping attack module, preventing method for eavesdropping using the same, and security system including the same
Guo et al. IoTSTEED: Bot-side Defense to IoT-based DDoS Attacks (Extended)
Habibi Gharakheili et al. Cyber‐Securing IoT Infrastructure by Modeling Network Traffic
Patel et al. Security Issues, Attacks and Countermeasures in Layered IoT Ecosystem.
Cao et al. Covert Channels in SDN: Leaking Out Information from Controllers to End Hosts

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant