• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.1-7
• /
• 2016

As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1097-1114
• /
• 2015

As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.228-231
• /
• 2016

현재 한 번의 공격으로 많은 피해를 줄 수 있는 국가기반시설 위주의 제어시스템은 사이버 공격의 대상으로 가장 적합하다고 할 수 있다. 이에 대비해 제어시스템에서 주로 사용되는 DNP3는 한정적이고 반복된 트래픽을 주고받아 화이트리스트 기반 보안 기법이 사이버 공격으로부터 효과적으로 시스템을 보호할 수 있다. 본 논문에서는 제어시스템에 알려져 있는 취약점에 대해서 소개하고, 화이트리스트 보안 기법을 적용하고 규칙을 정의하여 이상 징후를 탐지하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.354-357
• /
• 2015

최근 정보기술의 발달로 기업의 비즈니스 모델이 아날로그에서 디지털로 전환되고 있다. 기업에서는 다양한 서비스 제공을 위해 고객의 개인정보를 수집하고 있으며, 이러한 정보는 보안 위협의 대상이 되고 있다. 대다수 기업에서는 다양한 분야의 보안 솔루션이 구축 운용되고 있으나, 솔루션 개발사들의 서로 다른 보안 로그들로 인해 통합 분석에 어려움을 겪고 있으며 이로 인해 보안 모니터링 업무 효율이 낮아지는 문제점을 안고 있다. 본 연구에서는 시간적 연관성을 기반으로 통합 보안 로그를 분석 하고 시나리오화 하여 좀 더 빠르고 정확한 개인정보 유출의 이상징후를 탐지할 수 있는 방안을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.231-232
• /
• 2024

홈 IoT 사용의 확대로 우리의 생활이 편리해진 반면, 보안 취약점을 통해 사생활을 침해하는 문제가 다수 발생하고 있다. 따라서 사용자들이 안전하게 사용할 수 있는 스마트 홈 보안 시스템이 필수적이다. 본 논문에서는 웹 페이지에 홈 IoT 환경을 구성한 후, AWS 서비스를 활용하여 로그를 수집하고 이상 징후를 찾는다. 침입 및 공격이 탐지되면 웹 페이지를 통해 사용자에게 알림을 전송한다. 사용자에게 경고와 조치 안내를 제공하여 빠른 대응이 가능하도록 한다.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.95-103
• /
• 2019

The number of one person households has grown steadily over the recent past and the population of lonely and unnoticed death are also observed. The phenomenon of one person households has been occurred. In the dark side of society, the remarkable number of lonely and unnoticed death are reported among different age-groups. We propose an unusual event detection method which may give a remarkable solution to reduce the number of the death rete for people dying alone and remaining undiscovered for a long period of time. The unusual event detection method we suggested to identify abnormal user behavior in their lives using vision pattern, audio pattern, and dust pattern algorithms. Individually proposed pattern algorithms have disadvantages of not being able to detect when they leave the coverage area. We utilized a fusion method to improve the accuracy performance of each pattern algorithm and evaluated the technique with multiple user behavior patterns in indoor areas.

• Journal of Internet Computing and Services
• /
• v.20 no.1
• /
• pp.77-86
• /
• 2019

As the number of single-person households increases, it is not easy to ask for help alone if a single-person household is severely injured in the home. This paper detects abnormal event when members of a single household in the home are seriously injured. It proposes an vision detection algorithm that analyzes and recognizes patterns through videos that are collected based on home CCTV. And proposes audio detection algorithms that analyze and recognize patterns of sound that occur in households based on Smartphones. If only each algorithm is used, shortcomings exist and it is difficult to detect situations such as serious injuries in a wide area. So I propose a fusion method that effectively combines the two algorithms. The performance of the detection algorithm and the precise detection performance of the proposed fusion method were evaluated, respectively.

• Korean Journal of Remote Sensing
• /
• v.35 no.6_4
• /
• pp.1417-1424
• /
• 2019

Recently, disaster accidents have occurred frequently over the world, and disaster have been continuously studied using remote sensing due to large scale and hard-to-reach features. The collapse of Laos Xe pian-Xe namnoy dam in 2018 also caused a lot of human and economic damage. This study's purpose is to change detect water system due to the collapse of Xe pian-Xe namnoy dam in Laos and to derive areas where future flooding is expected. The water system is extracted from each image of KOMPSAT-5 before and after the dam collapse in order to quantitatively change detect in the water system. The result of the water system area increased more than 10 times after the dam collapse. In addition, it is confirmed that the newly created water system is thickly created in areas of low altitude area. This study result can be used in the future to systematize the pre-response to abnormalities and issues in existing operating dams. And then, if combined with other remote sensing data, more diverse and specific results could be obtained.

• Korean Journal of Remote Sensing
• /
• v.35 no.5_1
• /
• pp.737-750
• /
• 2019

Information of target changes in inaccessible areas is very important in terms of national security. Fast and accurate change detection of targets is very important to respond quickly. Spaceborne synthetic aperture radar can acquire images with high accuracy regardless of weather conditions and solar altitude. With the recent increase in the number of SAR satellites, it is possible to acquire images with less than one day temporal resolution for the same area. This advantage greatly increases the availability of change detection for inaccessible areas. Commonly available information in satellite SAR is amplitude and phase information, and change detection techniques have been developed based on each technology. Those are amplitude Change Detection (ACD), Coherence Change Detection (CCD). Each algorithm differs in the preprocessing process for accurate automatic classification technique according to the difference of information characteristics and the final detection result of each algorithm. Therefore, by analyzing the academic research trends for ACD and CCD, each technologies can be complemented. The goal of this paper is identifying current issues of SAR change detection techniques by collecting research papers. This study would help to find the prerequisites for SAR change detection and use it to conduct periodic detection research on inaccessible areas.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1141-1151
• /
• 2018

In an APT attack, the communication stage between infected hosts and C&C(Command and Control) server is the key stage for intrusion into the attack target. Attackers can control multiple infected hosts by the C&C Server and direct intrusion and exploitation. If the C&C Server is exposed at this stage, the attack will fail. Therefore, in recent years, the Domain Generation Algorithm (DGA) has replaced DNS in C&C Server with a short time interval for making detection difficult. In particular, it is very difficult to verify and detect all the newly registered DNS more than 5 million times a day. To solve these problems, this paper proposes a model to judge DGA-DNS detection by the morphological similarity analysis of normal DNS and DGA-DNS, and to determine the sign of APT attack through it, then we verify its validity.