• The Journal of Bigdata
• /
• v.6 no.2
• /
• pp.99-108
• /
• 2021

Recently, unexpected and more advanced cyber medical treat attacks are on the rise. However, in responding to various patterns of cyber medical threat attack, rule-based security methodologies such as physical blocking and replacement of medical devices have the limitations such as lack of the man-power and high cost. As a way to solve the problems, the medical community is also paying attention to artificial intelligence technology that enables security threat detection and prediction by self-learning the past abnormal behaviors. In this study, there has collecting and learning the medical information data from integrated Medical-Information-Systems of the medical center and introduce the research methodology which is to develop the AI-based Net-Working Behavior Adaptive Information data. By doing this study, we will introduce all technological matters of rule-based security programs and discuss strategies to activate artificial intelligence technology in the medical information business with the various restrictions.

• The KIPS Transactions:PartA
• /
• v.15A no.3
• /
• pp.181-188
• /
• 2008

Nowadays, most web sites are developed using dynamic web pages where web pages are generated and transmitted by web application programs. Therefore, the ratio of attacks injecting malevolent strings to vulnerable web applications is increasing. In this paper, we present a static program analyzer which analyzes whether a web application program has vulnerabilities to the SQL injection attack and the cross site scripting(XSS) attack. To analyze programs using abstract interpretation framework, we designed an abstract domain which models potential string set along with excluded strings and developed an abstract interpreter for the PHP language. Also, based on them, we implemented a static analyzer. According to our experiments, our analyzer has competitive analysis speed and accuracy compared with related research results.

• Journal of the Korea Convergence Society
• /
• v.9 no.6
• /
• pp.33-38
• /
• 2018

In this study, we try to detect new attacks for vehicle by learning only one class. We use Car-Hacking dataset, an intrusion detection dataset, which is used to evaluate classification performance. The dataset are created by logging CAN (Controller Area Network) traffic through OBD-II port from a real vehicle. The dataset have four attack types. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve high efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data, which are new attacks. In this study, we use one class classifier to detect new attacks that are difficult to detect using signature-based rules on network intrusion detection system. The proposed method suggests a combination of parameters that detect all new attacks and show efficient classification performance for normal dataset.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.787-799
• /
• 2023

As IoT devices are widely used at home, IoT automation system that is integrate IoT devices for users' demand are gaining populrity. There is automation rule in IoT automation system that is collecting event and command action. But attacker delay the packet and make time that real state is inconsistent with state recongnized by the system. During the time, the system does not work correctly by predefined automation rule. There is proposed some detection method for delay attack, they have limitations for application to IoT systems that are sensitive to traffic volume and battery consumption. This paper proposes a practical packet delay attack detection technique that can be applied to IoT systems. The proposal scheme in this paper can recognize that, for example, when a sensor transmits an message, an broadcast packet notifying the transmission of a message is sent to the Server recognized that event has occurred. For evaluation purposes, an IoT system implemented using Raspberry Pi was configured, and it was demonstrated that the system can detect packet delay attacks within an average of 2.2 sec. The experimental results showed a power consumption Overhead of an average of 2.5 mA per second and a traffic Overhead of 15%. We demonstrate that our method can detect delay attack efficiently compared to preciously proposed method.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2007.11a
• /
• pp.292-295
• /
• 2007

센서 네트워크에서 공격자는 훼손된 노드들 이용하여 위조 보고서를 네트워크에 주입할 수 있다. Yang과 Lu는 이러한 위조 보고서를 전달 중에 여과하기 위하여 가환 암호 기반 여과 기법을 제안하였다. 그러나 이 기법에서는 클러스터 헤드가 훼손된 경우에 위조 보고서를 전달 중에 여과할 수 없는 문제가 있다. 본 논문에서는 클러스터 헤드 훼손 여부에 관계없이 보고서를 전달 중에 여과할 수 있는 퍼지 로직 및 가환 암호 기반 위조 보고서 여과기법을 제안한다. 기본적으로 제안된 방법은 가환 암호를 기반으로 감지 보고서를 생성 및 검증하며, 보조 검증 수단으로 대칭 암호를 사용한다. 에너지 소비 절감을 위하여 퍼지 규칙 기반 시스템이 계산 비용이 큰 가환 암호 검증의 확률과 보조 검증 수단 사용 여부를 결정한다.

• Korean Journal of Child Studies
• /
• v.26 no.4
• /
• pp.85-100
• /
• 2005

The 299(162 female and 137 male) participants in this study listened to six stories designed to elicit prosocial or self-protective rules. The Aggression Scale is composed of verbal and physical aggression and expression of anger. The Quality of Peer Relationships scale has both positive and negative components. Results showed girls used more appropriate emotional regulation strategies for managing negative emotions and more prosocial motives than boys. In the regression analysis emotional display rules and gender positive strategies accounted for 6%, 9%, and 5% of the variance in verbal aggression, physical aggression and anger expression of anger. Children with prosocial motives for emotional regulation and many strategies showed lower levels of egocentricity and peer rejection.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.874-876
• /
• 2003

전산 시스템에 대한 침입에 대응하기 위하여 시스템 호출 감사자료 척도를 사용하여 은닉 마르코프 모델(HMM)에 적용하는 비정상행위 기반 침입탐지 시스템에 대한 연구가 활발하다. 하지만, 이는 일정한 임계간 이하의 비정상행위만을 감지할 뿐, 어떠한 유형의 침입인지를 판별하지 못한다. 이에 Viterbi 알고리즘을 이용하여 상태 시퀀스를 분석하고, 공격 유형별 표준 상태시퀀스와의 유사성을 측정하여 유형을 판별할 수 있는데, 외부 혹은 내부 환경에 따라 상태 시퀀스가 항상 규칙적으로 추출될 수 없기 때문에, 단순 매칭으로 침입 유형을 판별하기가 어렵다. 본 논문에서는 이러한 문제를 해결하기 위하여 시퀀스의 변형을 효과적으로 고려하는 편집거리(Edit distance)를 이용하여 어떠한 유형의 침입이 발생하였는지를 판별하는 방법을 제안한다. 본 논문에서는 루트권한을 취득하기 위한 대표적인 침입유형으로 가장 널리 쓰이는 버퍼오버플로우 공격에 대해 실험하였는데, 그 결과 세부적인 침입 유형을 잘 판별할 수 있음을 확인하였다.

• Review of KIISC
• /
• v.23 no.6
• /
• pp.76-89
• /
• 2013

최근의 사이버 위협은 공격자에 의해 지속적이고 지능화된 위협으로 진화하고 있다. 이러한 위협은 장기간에 걸쳐 이루어지기 때문에 보안체계를 잘 갖추고 있는 회사라 하더라도 탐지하는데 한계가 있다. 본 논문에서는 차세대 보안관제 프레임워크의 지향점을 네트워크 가시성 강화, 상황인식 기반 지능형 보안관제, 관련 업무조직과의 정보 통합 및 협업 강화로 제시하고 있으며 구조적, 수집 파싱, 검색 분석, 이상 탐지 등 총 9개 관점에서 이를 지원하는 필요 기술들을 분류하였다. 아울러 침투 경로 및 공격 단계와 내부 자원 간 연관성 분석을 통한 수집 정보 범위 설정, 사례 기반 상관분석 규칙 생성 적용, 정보연동, 업무처리, 컴플라이언스, 조사 분석 등 지원 기능의 연계를 보안관제 모델링의 필요 요소로 도출하였다.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.7
• /
• pp.1867-1876
• /
• 1999

In this paper, we ropose formalized method to create detection rules for known intrusion method and the fuzzy Petri-net using fuzzy theory to cope with varied attack. On producing the detection module for using intrusion detection, we can add new found pattern. And also, we use system call logging for increasing correctness of detection.