• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Transactions of the Korean Society of Mechanical Engineers A
• /
• v.41 no.8
• /
• pp.729-736
• /
• 2017

In this study, the physics-based model and machine learning technique were used to conduct model-assisted probability of detection (MAPOD) experiments. The possibility of using in-service cracked parts was also investigated. Bolt hole shaped specimens with fatigue crack on the hole surface were inspected using eddy current inspection. Owing to MAPOD, the number of experimental factors decreased significantly. The uncertainty in the crack length measurement for in-service cracked parts was considered by the application of Monte Carlo simulation.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.73-81
• /
• 2023

The progress in science and technology has widened the scope of the battlefield, leading to the emergence of cyber electronic warfare that exploits electromagnetic waves and networks. Drones have become more important due to advancements in battery technology and navigation systems. Nevertheless, tackling drone threats comes with its own set of difficulties. Radar plays a vital role in detecting drones, offering long-range capabilities and independence from weather conditions. However, the battlefield presents unique challenges like dealing with high levels of signal noise and ensuring the safety of the detection assets. This paper proposes various approaches to improve the operation of drone detection radar in cyber electronic warfare, with a focus on enhancing signal processing techniques, utilizing low probability of interception (LPI) radar, and implementing optimized deployment strategies.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.17-24
• /
• 2014

Detecting data races is important for debugging shared-memory programs with nested parallelism, because races result in unintended non-deterministic executions of the program. It is especially important to detect the first occurred data races for effective debugging, because the removal of such races may make other affected races disappear or appear. Previous dynamic detection tools for first race detecting can not guarantee that detected races are unaffected races. Also, the tools does not consider the nesting levels or need support of other techniques. This paper suggests a post-mortem tool which collects candidate accesses during program execution and then detects the first races to occur on the program after execution. This technique is efficient, because it guarantees that first races reported by analyzing a nesting level are the races that occur first at the level, and does not require more analyses to the higher nesting levels than the current level.

• Journal of the Korea Society for Simulation
• /
• v.24 no.4
• /
• pp.23-28
• /
• 2015

The detection field is an important sector of the factors influencing the battle field. Basically, The radar emits a radio wave to perform the detection in the existing way. However, When most existing radars identify target by signal processing to return radio wave, Environmental attenuation factor does not reflected. The radar using this radio wave has got the possibility changing detect result depending on attenuation factor by environmental conditions, The operational problems may arise in a real battle field. Therefore, In this paper, When emitted radio waves were come back, Reflecting the environmental attenuation factor, Experimental attempts to identify the target to enable more accurately.

• The Journal of the Korea Contents Association
• /
• v.18 no.11
• /
• pp.484-492
• /
• 2018

This study examined the effects of field complexity and type of target objects on the performance in baggage screening task. A total of 62 participants(male: 45.2%, female: 54.8%) participated and their mean age was 22.88. The simulated baggage screening task was developed for this study and after the orientation and task exercises, main experiment session was conducted. Participants performed a total of 200 tasks and 40(20%) contained target object. The complexity was set at three levels: high, middle, and low levels and the number of background items contained 20, 14. and 8 respectively. The type of target was set as gun, knife, liquid, and righter. The dependent variables were hit ratio and reaction time. The results showed that the hit ratio decreased and reaction time increased significantly as field complexity increased, and they varied depending on the type of target. The hit ratio of the knife was the highest and liquid lowest and reaction time of the knife was the fastest and liquid slowest. In addition, the interaction effect was also significant. Knife was not affected by complexity, however, small item such as lighter was most affected by complexity.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.233-236
• /
• 2016

루트킷은 쉽게 말해 루트(root)권한을 쉽게 얻게 해주는 킷(kit)이다. 루트킷은 주로 운영체제의 커널 객체를 조작함으로서 프로세스, 파일 및 레지스트리가 사용자에게 발견되지 않도록 은닉하는 일을 수행한다. 본 논문에서는 루트킷의 은닉 기법중 하나인 직접 커널 오브젝트 조작 기법 (DKOM, Direct Kernel Object Manipulation)에 대해 연구한다. 그동안 루트킷에서 많이 이용되던 DKOM 기법은 작업 관리자로부터 프로세스를 은닉하는 일을 수행하였다. 그러나 본 논문에서는 이를 응용하여 작업 관리자로부터 프로세스를 은닉할 뿐만 아니라 Anti Rootkit 도구까지 우회하는 커널모드 디바이스를 설계하고, 이를 탐지할 수 있는 새로운 방법에 대하여 제안한다.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.29 no.5
• /
• pp.487-496
• /
• 2011

This study is aimed to perform more reliable unsupervised change detection through the re-extraction of the changed pixels which were extracted with global thresholding by applying buffer zone concept. First, three buffer zone was divided on the basis of the thresholding value which was determined using range average and the maximum distance point from a straight line. We re-extracted the changed pixels by performing unsupervised classification for buffer zone II which consists of changed pixels and unchanged pixels. The proposed method was implemented in Hyperion hyperspectral images and evaluated comparing to the existing global thresholding method. The experimental results demonstrated that the proposed method performed more accuracy change detection for vegetation area even if extracted slightly more changed pixels.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.20 no.5
• /
• pp.564-570
• /
• 2014

This paper propose a method to detect and track a human face using depth information as well as color images for detection of drowsy driving. It consists of a face detection procedure and a face tracking procedure. The face detection procedure basically uses the Adaboost method which shows the best performance so far. But it restricts the area to be searched as the region where the face is highly possible to exist. The face detected in the detection procedure is used as the template to start the face tracking procedure. The experimental results showed that the proposed detection method takes only about 23 % of the execution time of the existing method. In all the cases except a special one, the tracking error ratio is as low as about 1 %.