• Journal of the Korea Society of Computer and Information
• /
• v.7 no.2
• /
• pp.53-58
• /
• 2002

the popularity of uses for internet has been needed to information security. thereforce, intrusion, information leakage and modification, change or intentional efflux to computer system aspects of information security have been resulted in requirement of intrusion detection from outer at user authentication. this problem Presents design of PUM(Processing Unit Module) which analyze both the host log generated by sever host systems that various case for intellectualized intrusion method and network_packet on networks in large scale network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.12
• /
• pp.3063-3068
• /
• 2014

Since the RCS(Radar Cross Section) of target is important factor to determine radar performance, it is important to locate radar where large RCS is observed. However, the distance between the target and the radar is an important factor of the received power, as well as RCS. In this paper, it is calculated that received power from ballistic missile to radar based on different observed position and it is studied that to place radar for high detection efficiency.

• Electronics and Telecommunications Trends
• /
• v.23 no.1 s.109
• /
• pp.145-152
• /
• 2008

공격자의 주요 목적은 원격 호스트의 제어 권한을 얻는 것이다. 이것은 공격자가 원격호스트의 컨트롤 플로를 변경시켜 악의적인 코드를 임의로 실행시킬 수 있는 취약한 서비스가 존재하기 때문에 가능하다. 공격자들이 원격 호스트의 제어 권한을 얻기 위한 일반적인 방법은 취약한 서비스를 대상으로 쉘코드(shellcode) 전송을 통해서이다. 네트워크 기반 최신의 공격 탐지 기술들이 점점 사용영역을 넓혀가면서 이를 회피하기 위해 쉘코드들도 진화를 계속하고 있으며, 최근 2~3년 전부터 폴리몰픽(polymorphism)과 메타몰픽(metamorphism) 기법의 사용이 활발해지고 있다. 본 고에서는 이중, 쉽게 이용할 수 있는 엔진들이 많이 알려져 있어 그 예상 피해가 심각하리라 생각되는 폴리몰픽 형태의 쉘코드가 가지는 특징 및 이를 탐지하기 위한 최신 기술들을 소개한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.691-693
• /
• 2002

유연성 있고 확장성 있는 분산 어플리케이션을 작성하기 위해서는 다음과 같은 요건을 만족하는 서비스 개발 및 관리를 위한 프레임워크이 필요하다. 첫 번째 서비스들은 외부적인 어떤 정책이나 어플리케이션 구동 시 다양한 제한 등의 요인으로 인하여 선택적으로 서비스 사용이 가능해야 한다. 둘째로 서비스에 대해서 초기화, 구동, 임시정지, 정지 등과 같은 제어를 중앙 집중형태로 관리 콘솔에서 관리 할 수 있어야 한다. 세 번째로 서비스를 제어할 때 각 서비스들 사이의 의존관계를 반영할 수 있어야 한다. 네 번째로 이러한 분산어플리케이션의 서비스에 대한 환경 설정 부분에 대한 변경을 실시간으로 탐지를 해서 이러한 변경과 관계가 있는 서비스에게 통지를 할 수 있어야 한다. 다섯 번째로 한 어플리케이션 안에서 구동되고 있는 의존관계가 있는 각 서비스들 사이의 이벤트 기반의 통신을 메커니즘이 필요하다. 여섯번째로 환경 설정 변경에 대해서 분산 상황에서 다른 어플리케이션과 동기화를 맞출 수 있어야 한다. 본 논문은 이러한 유연하고 확장성 있는 어플리케이션을 개발하는데 필요한 자바 기반의 동적 서비스 관리 프레임워크에 대한 설계와 구현을 제시한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.948-949
• /
• 2016

In this study, we perform the structure change of the shielding this is applied for gamma-ray detectors for imaging of gamma-ray source. Through previous studies, we implemented the commercially available gamma-ray imaging apparatus similar to the shielding body but weight reduction, center of gravity moving of shield. In this paper, we changed a shield for motion control detectors efficient movement. We performed the MCNP simulation of shield design and then we obtained the results of reducing the weight of the 17% and moving of center of gravity the shield center.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.9
• /
• pp.1231-1240
• /
• 2020

Water pipes are laid on the ground, making it impossible to visually detect leaks due to aging of pipes, and technology to detect leaks in pipes is mainly used to detect leaks in pipes by detecting leaks. In this paper, two accelerometers were attached to both ends of the constant water piping to calculate the time difference between the acquired data to detect leakage points. The leak test of piping was performed by installing valves at 4.3m, 8.6m, and 12.9m points on piping 17.2m, and changing the development rate of valves to 30% and 70%. Leakage can be detected for pressure drop in piping, which is 30% and 70% open valve. It is very important to detect leakage in the early stage, and it is judged that detection of the initial leak point from the algorithm applied in this paper will be possible.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.4
• /
• pp.405-414
• /
• 2010

According to the statistics of SecurityFocus in 2008, client-side attacks through the Microsoft Internet Explorer have increased by more than 50%. In this paper, we have implemented a behavior-based malicious web page detection system and a blacklist-based malicious web page filtering system. To do this, we first efficiently collected the target URLs by constructing a crawling system. The malicious URL detection system, run on a specific server, visits and renders actively the collected web pages under virtual machine environment. To detect whether each web page is malicious or not, the system state changes of the virtual machine are checked after rendering the page. If abnormal state changes are detected, we conclude the rendered web page is malicious, and insert it into the blacklist of malicious web pages. The malicious URL filtering system, run on the web client machine, filters malicious web pages based on the blacklist when a user visits web sites. We have enhanced system performance by automatically handling message boxes at the time of ULR analysis on the detection system. Experimental results show that the game sites contain up to three times more malicious pages than the other sites, and many attacks incur a file creation and a registry key modification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.61-75
• /
• 2011

Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.