• Journal of KIISE:Software and Applications
• /
• v.35 no.12
• /
• pp.716-730
• /
• 2008

In Service-Oriented Architecture (SOA), service providers develop and deploy reusable services on the repositories, and service consumers utilize blackbox form of services through their interfaces. Services are also highly evolvable and often heterogeneous. Due to these characteristics of the service, it is hard to manage the faults if faults occur on the services. Autonomic Computing (AC) is a way of designing systems which can manage themselves without direct human intervention. Applying the key disciplines of AC to service management is appealing since key technical issues for service management can be effectively resolved by AC. In this paper, we present a theoretical model, Symptom-Cause-Actuator (SCA), to enable autonomous service fault management in SOA. We derive SCA model from our rigorous observation on how physicians treat patients. In this paper, we first define a five-phase computing model and meta-model of SCA. And, we define a schema of SCA profile, which contains instances of symptoms, causes, actuators and their dependency values in a machine readable form. Then, we present detailed algorithms for the five phases that are used to manage faults the services. To show the applicability of our approach, we demonstrate the result of our case study for the domain of 'Flight Ticket Management Services'.

• Journal of the Korean Data and Information Science Society
• /
• v.20 no.2
• /
• pp.387-399
• /
• 2009

Mobile wireless networks continue to be plagued by theft of identify and intrusion. Both problems can be addressed in two different ways, either by misuse detection or anomaly-based detection. In this paper, we propose a dissimilarity-based anomaly detection method which can effectively identify abnormal behavior such as mobility patterns of mobile wireless networks. In the proposed algorithm, a normal profile is constructed from normal mobility patterns of mobile nodes in mobile wireless networks. From the constructed normal profile, a dissimilarity is computed by a weighted dissimilarity measure. If the value of the weighted dissimilarity measure is greater than the dissimilarity threshold that is a system parameter, an alert message is occurred. The performance of the proposed method is evaluated through a simulation. From the result of the simulation, we know that the proposed method is superior to the performance of other anomaly detection methods using dissimilarity measures.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.12 no.3
• /
• pp.231-241
• /
• 2019

Web Usage Mining (WUM) is one part of Web mining and also the application of data mining technique. Web mining technology is used to identify and analyze user's access patterns by using web server log data generated by web users when users access web site. So first of all, it is important that the data should be acquired in a reasonable way before applying data mining techniques to discover user access patterns from web log. The main task of data acquisition is to efficiently obtain users' detailed click behavior in the process of users' visiting Web site. This paper mainly focuses on data acquisition stage before the first stage of web usage mining data process with activities like data acquisition strategy and field extraction algorithm. Field extraction algorithm performs the process of separating fields from the single line of the log files, and they are also well used in practical application for a large amount of user data.

• Journal of KIISE:Software and Applications
• /
• v.30 no.1_2
• /
• pp.40-50
• /
• 2003

Ontology is the artifacts for representing the truth or the states of objects by defining objects and their relations. In this paper, we propose an agent that classifies Web documents and provides personalized information towards user`s information needs using ontology. the agent uses ontology in which semantic relations on Web documents are represented in ta hierarchical form to classify Web documents. In this paper, ontology consists of concepts, features(describing concepts), relations(among concepts) and constraints(among elements in a feature). The agent can capture user's information needs efficiently by using ontology and assist Web navigation by using users profiles and the results of identification of semantic relations in Web documents. Also, the agent obtains Web documents by a look-ahead search and represents them as concepts, therefore users can understand them easily by receiving recommendations expressed in the form of high-level concepts.

• Electronics and Telecommunications Trends
• /
• v.20 no.4 s.94
• /
• pp.120-128
• /
• 2005

인터넷 환경이 급속도로 발전함에 따라 멀티미디어의 범람과 사용자들의 유료 콘텐츠사용에 대한 인식 부족으로 디지털 콘텐츠의 지적재산권 침해가 빈번하게 발생하고 있으며, 이러한 불법콘텐츠들의 무분별한 공유는 디지털콘텐츠 산업 발전을 저해하는 심각한 문제로 대두되고 있다. 이에 따라 최근 디지털 콘텐츠의 저작권 보호를 위해서 저작권 단속활동을 강화하고 있으며 다양한 P2P/웹하드 환경에서도 불법콘텐츠를 검색및 다운로드하고 콘텐츠를 식별하고 불법배포자를 추적할 수 있는 기술을 필요로 하게되었다. 그러나 대부분의 불법콘텐츠들은 약 80%가 P2P, 웹하드, 동호회/카페를 통해서 전파되고 있으며 각 업체별 클라이언트 프로그램의 다양성 때문에 불법콘텐츠의 검색 및 불법복제자 추적이 매우 어려운 실정이다. 불법콘텐츠의 추적 및 차단을 위해 워터마킹/핑거프린팅, 네트워크 모니터링, 매크로 프로그램, 공개 P2P 프로토콜 조작, 페이크 파일 유포 등의 기술들이 사용되고 있다. 본 고에서는 불법콘텐츠 국내외 시장현황과 업체의 기술동향을 살펴보고 불법배포자 추적을 위해 필요한 핑거프린팅과 특징점 기반 콘텐츠 식별 기술에 대해 설명한다. 그리고 P2P와 웹하드에서 불법콘텐츠들을 자동으로 다운로드하고 불법배포자들을 추적할 수 있는 시스템 아키텍처에 대하여 설명한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06b
• /
• pp.178-180
• /
• 2012

협업은 둘 이상의 사람들이 하나의 업무 또는 목적을 달성하기위해 공동으로 협력하여 일하는 것이다. 최근 개인 및 조직 간 협업 범위가 공동분석, 데이터 연계, 서비스 조합 등으로 확장되고 대용량 데이터 공유 및 실시간 연계분석 활동이 증대되면서 협업 지향적인 시스템 설계와 개발이 중요시 되고 있다. 특히 스마트워크와 지능화된 협업 기반은 데이터, 프로세스, 서비스, 사람 간의 다차원 연계와 실시간 활용, 의미 기반의 기계적 협력을 전재로 하고 있다. 본 연구에서는 Data, Process, Service, People 측면의 4가지 계층으로 전사적 자원을 설계하고 메타 메타데이터 기반의 온톨로지 분석을 통해 자원 간의 연계와 조합을 지원하는 시스템을 설계했다. Data 계층은 프로세스별 Input, Output 정보를 식별하여 Data의 메타 정보를 정의하고 이를 검색 에이전트가 색인하여 모델링에 참조할수록 한다. Process 계층은 BPMN모델을 확장한 exCPM의 개선 모델을 바탕으로 프로세스를 수행주체 간, 정보공유측면에서 프로세스를 분석했다. Service 계층은 협업지향적인 프로세스를 구성하는 컴포넌트를 서비스로 인식하고 프로파일을 통해 협업을 위한 검색과 프로세스를 연계지원하도록 설계 했다. 마지막으로 People계층은 자원, 프로세스, 서비스 등 시스템에 관여하는 참여자들의 메타정보를 정의하고 이를 온톨로지 기반의 모델에 통합하여 자동 검색되도록 설계했다. 이를 통해 프로세스와 서비스 측면에서 협업을 요구하는 에이전트와 일반 검색 사용자들이 프로세스 간 협업 자원을 파악하고 상호 관계를 분석할 수 있도록 하는 한편, 프로세스를 지원하는 컴포넌트와 서비스 간의 자동적인 조합을 통해 통합적 자원 협력과 실시간 협업 지원 기반을 제시했다.

• Journal of Intelligence and Information Systems
• /
• v.16 no.4
• /
• pp.21-41
• /
• 2010

This paper proposes a system that can serve users with appropriate search results through real time filtering, and implemented adaptive user profiling based personalized information retrieval system(PIRS) using users' implicit feedbacks in order to deal with the problem of existing search systems such as Google or MSN that does not satisfy various user' personal search needs. One of the reasons that existing search systems hard to satisfy various user' personal needs is that it is not easy to recognize users' search intentions because of the uncertainty of search intentions. The uncertainty of search intentions means that users may want to different search results using the same query. For example, when a user inputs "java" query, the user may want to be retrieved "java" results as a computer programming language, a coffee of java, or a island of Indonesia. In other words, this uncertainty is due to ambiguity of search queries. Moreover, if the number of the used words for a query is fewer, this uncertainty will be more increased. Real-time filtering for search results returns only those results that belong to user-selected domain for a given query. Although it looks similar to a general directory search, it is different in that the search is executed for all web documents rather than sites, and each document in the search results is classified into the given domain in real time. By applying information filtering using real time directory classifying technology for search results to personalization, the number of delivering results to users is effectively decreased, and the satisfaction for the results is improved. In this paper, a user preference profile has a hierarchical structure, and consists of domains, used queries, and selected documents. Because the hierarchy structure of user preference profile can apply the context when users perfomed search, the structure is able to deal with the uncertainty of user intentions, when search is carried out, the intention may differ according to the context such as time or place for the same query. Furthermore, this structure is able to more effectively track web documents search behaviors of a user for each domain, and timely recognize the changes of user intentions. An IP address of each device was used to identify each user, and the user preference profile is continuously updated based on the observed user behaviors for search results. Also, we measured user satisfaction for search results by observing the user behaviors for the selected search result. Our proposed system automatically recognizes user preferences by using implicit feedbacks from users such as staying time on the selected search result and the exit condition from the page, and dynamically updates their preferences. Whenever search is performed by a user, our system finds the user preference profile for the given IP address, and if the file is not exist then a new user preference profile is created in the server, otherwise the file is updated with the transmitted information. If the file is not exist in the server, the system provides Google' results to users, and the reflection value is increased/decreased whenever user search. We carried out some experiments to evaluate the performance of adaptive user preference profile technique and real time filtering, and the results are satisfactory. According to our experimental results, participants are satisfied with average 4.7 documents in the top 10 search list by using adaptive user preference profile technique with real time filtering, and this result shows that our method outperforms Google's by 23.2%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.397-403
• /
• 2020

With the convenience of real-time conversation, multimedia file and contact sharing services, most people use instant messenger, and its usage time is increasing. Because the messengers contain a lot of user behavior information data, in the digital forensic investigation, they can be very useful evidence to identify user behavior. However, some of useful data can be difficult to acquire or recognize because they are encrypted or deleted. Thus, in order to use the messenger data as evidence, the study of message decryption process and message recovery is essential. In this paper, we analyze the database encryption process of the instant messenger, MalangMalang Talkafe, and propose the method to decrypt it. In addition, we propose the methods to identify the deleted messages and recover from the volatile memory area.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.347-355
• /
• 2018

Ransomware uses symmetric-key algorithm such as a block cipher to encrypt users' files illegally. If we find the traces of a block cipher algorithm in a certain program in advance, the ransomware will be detected in increased rate. The inclusion of a block cipher can consider the encryption function will be enabled potentially. This paper proposes a way to determine whether a particular program contains a block cipher. We have studied the implementation characteristics of various block ciphers, as well as the AES used by ransomware. Based on those characteristics, we are able to find what kind of block ciphers have been contained in a particular program. The methods proposed in this paper will be able to detect ransomware with high probability by complementing the previous detection methods.