• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.370-373
• /
• 2020

본 연구는 파일기반 악성파일 탐지시간을 줄이는 알고리즘 사용에 대해 기술하고 있다. 기존 탐지방식은 파일의 시그니처 값에 대한 유사도를 단순히 비교하는 것에만 그쳐 오탐율이 높거나 새롭게 생성되는 악성파일을 대응할 수 없는 제한점이 있다. 또한 정확도를 높이고자 딥 러닝을 통한 탐지방식이 제안되고 있으나 이 또한 동적분석으로 진행이 되기 때문에 시간이 오래 걸리는 제한이 있다. 그래서 우리는 이를 보완하는 VP Tree 탐지를 제안한다. 이 방법은 시그니처 값이 아닌 다차원에서의 해시 값의 데이터 위치를 기반으로 거리를 척도 한다. 유클리드 거리 법, 맨해튼 거리법이 사용되며 삼각부등식의 만족하는 기준으로 K-NN 이 생성이 되며, K-NN 을 이진 트리로 구성하여 인덱스를 통한 탐지를 진행하기에 기존 방법들을 보완할 수 있는 대안점이 될 수 있으며, 악성파일과 정상파일이 섞여 존재하는 총 3 만개의 데이터를 대상으로 악성파일 탐지 테스트를 진행하였으며 기본 방식에 비해 약 15~20%정도 속도가 단축된다는 것을 입증했다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.254-257
• /
• 2020

최근 악성코드에 의한 피해사례가 매년 증가하고 있다. 전통적인 시그니처 기반 안티바이러스 솔루션은 제로데이 공격이나 랜섬웨어처럼 전례가 없는 새로운 위협에 속수무책일 정도로 취약하다. 그럼에도 불구하고 많은 기업이 다중 엔드포인트 보안 전략의 일환으로 시그니처 기반 안티바이러스 솔루션을 유지하고 있다. 이에 응하고자 다양한 악성코드 분석기술이 출현해왔으며, 최근의 연구들은 부분 머신러닝을 이용하여 기존에 진행했던 시그니쳐 기반의 한계를 보완하고 노력하고 있다. 본 논문은 머신러닝을 이용한 바이러스 분석 모델과 머신러닝 알고리즘 중 GRU를 이용한 솔루션 시스템을 제안한다. 기존 DB Server를 통해 머신러닝을 학습 시키며 다양한 샘플과 형식을 이용하여 머신러닝을 학습하고 이를 이용해 새로운 악성코드, 변조된 악성코드의 탐지율을 높일 수 있다.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.7
• /
• pp.10-14
• /
• 2015

Recently, the collection of the sensor data and its analysis become important as the smart buildings equipped with the various sensors appear as a usual scene. The interconnection through the wire cable among the sensors is indispensible because of the information collections such as the temperature, the humidity, and the luminance in the rooms and the hallways for the effective management of the in-building energies. However, these interconnections through the cabling will be very costly, time-consuming, and a difficult task since they will cause some damages to the buildings. Therefore, the interconnections through the unwired connections are required in terms of the deployment effectiveness such as time and cost In this paper, the design and the short sequence operation appropriateness are confirmed through the simulation of the signal measurement system for in-building propagation characteristics based on short signature sequence and the analysis of the system characteristics based on the false alarm probability is performed thereafter.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.425-426
• /
• 2024

본 논문은 표준 TCP/IP 네트워크의 특징 및 암호 프로토콜의 특징을 결합하여 TCP Handshake 단계에서 암호 키 교환을 수행하고, 디바이스의 고유한 시그니처 정보를 사용하여, 암호 키 생성 데이터로 사용하여, 보안성을 강화하는 것을 특징 으로 하는 네트워크 계층에 강화된 보안 기능을 활용한 키 교환 암호 프로토콜 기반 데이터 시스템 및 암호화 방법에 관한 것으로 개발된 프로토콜을 키 교환 프로토콜로 대체할 경우보다 안전한 보안 프로토콜을 제공할 수 있다.

• Journal of Korea Spatial Information System Society
• /
• v.10 no.3
• /
• pp.1-18
• /
• 2008

Because we can usually get many information through analyzing trajectories of moving objects on spatial networks, efficient trajectory index structures are required to achieve good retrieval performance on their trajectories. However, there has been little research on trajectory index structures for spatial networks such as FNR-tree and MON-tree. Also, because FNR-tree and MON-tree store the segment unit of moving objects, they can't support the trajectory of whole moving objects. In this paper, we propose an efficient trajectory index structures based on signatures on a spatial network, named SigMO-Tree. For this, we divide moving object data into spatial and temporal attributes, and design an index structure which supports not only range query but trajectory query by preserving the whole trajectory of moving objects. In addition, we divide user queries into trajectory query based on spatio-temporal area and similar-tralectory query, and propose query processing algorithms to support them. The algorithm uses a signature file in order to retrieve candidate trajectories efficiently Finally, we show from our performance analysis that our trajectory index structure outperforms the existing index structures like FNR-Tree and MON-Tree.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.346-349
• /
• 2014

Currently, the growing cyber threat continues, the damage caused by the evolution of malicious code incidents become more bigger. Such advanced attacks as APT using 'zero-day vulnerability' bring easy way to steal sensitive data or personal information. However it has a lot of limitation that the traditional ways of defense like 'access control' with blocking of application ports or signature base detection mechanism. This study is suggesting a way of controlling application activities focusing on keeping integrity of applications, authorization to running programs and changes of files of operating system by hardening of legitimate resources and programs based on 'white-listing' technology which analysis applications' behavior and its usage.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.216-218
• /
• 2021

최근 침입 탐지 시스템은 기존 시그니처 기반이 아닌 AI 기반 연구로 많이 진행되고 있다. 이는 시그니처 기반의 한계인 이전에 보지 못한 악성 행위의 탐지가 가능하기 때문이다. 또한 로그 정보는 시스템의 중요 이벤트를 기록하여 시스템의 상태를 반영하고 있기 때문에 로그 정보를 사용한 침입 탐지 시스템에 대한 연구가 활발히 이루어지고 있다. 하지만 로그 정보는 시스템 상태의 일부분만 반영하고 있기 때문에, 회피하기 쉬우며, 이를 보완하기 위해 system call 정보를 사용한 멀티 모달 기반 침입 시스템을 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.5
• /
• pp.1122-1127
• /
• 2014

WLAN is affordability, flexibility, and ease of installation, use the smart device due to the dissemination and the AP (Access Point) to the simplification of the Office building, store, at school. Wi-Fi radio waves because it uses the medium of air transport to reach areas where security threats are always exposed to illegal AP installation, policy violations AP, packet monitoring, AP illegal access, external and service access, wireless network sharing, MAC address, such as a new security threat to steal. In this paper, signature-based of wireless intrusion detection system for Snort to suggest how to develop. The public can use hacking tools and conduct a mock hacking, Snort detects an attack of hacking tools to verify from experimental verification of the suitability of the thesis throughout.