• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.105-115
• /
• 2019

Recently, intelligent Android malicious codes have become difficult to detect malicious behavior by static analysis alone. Malicious code with SO file, dynamic loading, and string obfuscation are difficult to extract information about original code even with various tools for static analysis. There are many dynamic analysis methods to solve this problem, but dynamic analysis requires rooting or emulator environment. However, in the case of dynamic analysis, malicious code performs the rooting and the emulator detection to bypass the analysis environment. To solve this problem, this paper investigates a variety of root detection schemes and builds an environment for bypassing the rooting detection in real devices. In addition, SDK code hooking module for Android malicious code analysis is designed using Xposed, and intent tracking for code flow, dynamic loading file information, and various API information extraction are implemented. This work will contribute to the analysis of obfuscated information and behavior of Android Malware.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.5
• /
• pp.451-457
• /
• 2020

Format recognition and OCR techniques are widely used as methods for detecting and protecting personal information from electronic documents. However, due to the poor recognition rate of the OCR engine, personal information cannot be detected or false positives commonly occur. It also takes a long time to analyze a large amount of electronic documents. In this paper, we propose a method to improve the speed of image analysis of electronic documents, character recognition rate of the OCR engine, and detection rate of personal information by improving the existing method. The analysis speed was increased using the format recognition method while the analysis speed and character recognition rate of the OCR engine was improved by image correction. An algorithm for analyzing personal information from images was proposed to increase the reconnaissance rate of personal information. Through the experiments, 1755 image format recognition samples were analyzed in an average time of 0.24 seconds, which was 0.5 seconds higher than the conventional PAID system format recognition method, and the image recognition rate was 99%. The proposed method in this paper can be used in various fields such as public, telecommunications, finance, tourism, and security as a system to protect personal information in electronic documents.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.583-588
• /
• 2009

Network intrusion detection system (NIDS) monitors all incoming packets in the network and detects packets that are malicious to internal system. The NIDS should also have ability to update detection rules because new attack patterns are unpredictable. Incorporating FPGAs into the NIDS is one of the best solutions that can provide both high performance and high flexibility comparing with other approaches such as software solutions. In this paper we propose and design a novel approach, prefix sharing parallel pattern matcher, that can not only minimize additional resources but also maximize the processing performance. Experimental results showed that the throughput for 16-bit input is twice larger than for 8-bit input but the used LEs/Char in FPGA increases only 1.07 times.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.5
• /
• pp.13-22
• /
• 2011

Network Intrusion Detection Systems use regular expression to represent malicious packets and hardware-based pattern matching is required for fast deep packet inspection. Although hardware architectures for implementing constraint repetition operators such as {10} were recently proposed, they have some limitation. In this paper, we propose hardware architecture supporting constraint repetitions of general regular expression sub-patterns with lower logic complexity. The subpatterns supported by the proposed contraint repetition architecture include general regular expression patterns as well as a single character and fixed length patterns. With the proposed building block, we can implement more efficiently regular expression pattern matching hardwares.

• Korean Journal of Cognitive Science
• /
• v.33 no.1
• /
• pp.1-22
• /
• 2022

Lavie's perceptual load theory (Lavie, 1995) proposes that the influence of distractors would be blocked as the load gets higher. Studies of perceptual load have usually adopted the flanker task, developed by Eriksen and Eriksen (1974), which measures reaction time on the target flanked by distractors. In the post-cueing forced task, participants should report the identity of the target cued later, and negative repetition effect (NRE) has often been observed. NRE means the effect that the accuracy of identification is worse when the target is flanked by the same nontargets than when flanked by different nontargets. This study has tried to check whether perceptual load has an effect on identification rate and NRE. Experiment 1 manipulated the similarity between targets and a distractor, and observed a tendency of NRE, but not the effect of perceptual load. Experiment 2 used 4, 2 (in two kinds of diagonal arrangement), or none distractors of the same identity to burden more perceptual load. NRE was significant and perceptual load showed significance but not a linear trend. Experiment 3 checked again whether NRE would be varied according to two levels of perceptual load strengthened by positional variability of load stimuli, but did not find the effect of perceptual load. It is concluded that perceptual load might have a limited effect on the early stage of perceptual processing due to divided attentional processing of the targets briefly exposed. Implications of this study were discussed.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.3
• /
• pp.129-134
• /
• 2015

Since automatic social engineering based spam attacks induce for users to click or receive the short message service (SMS), e-mail, site address and make a relationship with an unknown friend, it is very easy for them to active in online social networks. The previous spam detection schemes only apply manual filtering of the system managers or labeling classifications regardless of the features of social networks. In this paper, we propose the spam detection metric after reflecting on a couple of features of social networks followed by analysis of real social network data set, Twitter spam. In addition, we provide the online social networks based unsupervised scheme for automated social engineering spam with self organizing map (SOM). Through the performance evaluation, we show the detection accuracy up to 90% and the possibility of real time training for the spam detection without the manager.

• Journal of KIISE:Software and Applications
• /
• v.37 no.2
• /
• pp.137-147
• /
• 2010

A blog is a website, usually maintained by an individual, with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in reverse chronological order. Blog search engines, like web search engines, seek information for searchers on blogs. Blog search engines sometimes output unsatisfactory results, mainly due to spam blogs or splogs. Splogs are blogs hosting spam posts, plagiarized or auto-generated contents for the sole purpose of hosting advertizements or raising the search rankings of target sites. This thesis focuses on splog detection. This thesis proposes a new splog detection method, which is based on blog post structure similarity and posting count per day. Experiments based on methods proposed a day show excellent result on splog detection tasks with over 90% accuracy.

• Journal of Korea Multimedia Society
• /
• v.11 no.11
• /
• pp.1601-1614
• /
• 2008

The number of web service users has been increased rapidly as existing services are changed into the web-based internet applications. Therefore, it is necessary for us to use web log pre-processing technique to detect attacks on diverse web service transactions and it is also possible to extract web mining information. However, existing mechanisms did not provide efficient pre-processing procedures for a huge volume of web log data. In this paper, we proposed both a field based parsing and a high-speed log indexing mechanism based on the suggested B-tree Index Vector structure for performance enhancement. In experiments, the proposed mechanism provides an efficient web log pre-processing and search functions with a session classification. Therefore it is useful to enhance web attack detection function.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06b
• /
• pp.382-384
• /
• 2006

본 논문에서는 저해상도 한글 영상을 자소 단위로 분리하는 방법을 제안한다. 비디오 자막이나 저해상도 스캔 영상의 경우 자소간 획이 접촉되거나 잡영이 많이 포함되어 기존의 자소 분할 방법으로는 한계가 있다. 한자 문자열을 문자 단위로 분할하는데 사용된 비선형 분할 경로 알고리즘을 한글 낱자 영상에 적용하여 자소 단위로 분할한다. 기존의 분할 경로 알고리즘을 한글 자소 분할에 효과적으로 적용하기 위해서 우세점 탐지 알고리즘을 이용하여 자소간 접촉점을 찾고 이를 바탕으로 생성된 분할 경로에 따라 여러 개의 자소 후보 영상이 생성된다. 자소 영상을 자소 인식기로 인식한 결과 높은 인식률을 보이는 것을 실험을 통하여 확인하였다.

• The Journal of Bigdata
• /
• v.5 no.1
• /
• pp.29-39
• /
• 2020

Purpose The atmosphere of respect for individual tastes that have spread throughout society has changed the consumption trend. As a result, the travel industry is also seeing customized travel as a new trend that reflects consumers' personal tastes. In particular, there is a growing interest in 'film-induced tourism', one of the areas of travel industry. We hope to satisfy the individual's motivation for traveling while watching movies with customized travel proposals, which we expect to be a catalyst for the continued development of the 'film-induced tourism industry'. Design/methodology/approach In this study, we implemented a methodology through 'OCR' of extracting and suggesting film location information that viewers want to visit. First, we extract a scene from a movie selected by a user by using 'OpenCV', a real-time image processing library. In addition, we detected the location of characters in the scene image by using 'EAST model', a deep learning-based text area detection model. The detected images are preprocessed by using 'OpenCV built-in function' to increase recognition accuracy. Finally, after converting characters in images into recognizable text using 'Tesseract', an optical character recognition engine, the 'Google Map API' returns actual location information. Significance This research is significant in that it provides personalized tourism content using fourth industrial technology, in addition to existing film tourism. This could be used in the development of film-induced tourism packages with travel agencies in the future. It also implies the possibility of being used for inflow from abroad as well as to abroad.