• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.821-830
• /
• 2006

As internet worms are spread out worldwide, the detection and filtering of worms becomes one of hot issues in the internet security. As one of implementation methods to detect worms, the Linux Netfilter kernel module can be used. Its basic operation for worm detection is a string matching where coming packet(s) on the network is/are compared with predefined worm signatures(patterns). A worm can appear in a packet or in two (or more) succeeding packets where some part of worm is in the first packet and its remaining part is in its succeeding packet(s). Assuming that the maximum length of a worm pattern is less than 1024 bytes, we need to perform a string matching up to two succeeding packets of 2048 bytes. To do so, Linux Netfilter keeps the previous packet in buffer and performs matching with a combined 2048 byte string of the buffered packet and current packet. As the number of concurrent connections to be handled in the worm detection system increases, the total size of buffer (memory) increases and string matching speed becomes low In this paper, to reduce the memory buffer size and get higher speed of string matching, we propose a string matching scheme without using buffer. The proposed scheme keeps the partial matching result of the previous packet with signatures and has no buffering for previous packet. The partial matching information is used to detect a worm in the two succeeding packets. We implemented the proposed scheme by modifying the Linux Netfilter. Then we compared the modified Linux Netfilter module with the original Linux Netfilter module. Experimental results show that the proposed scheme has 25% lower memory usage and 54% higher speed compared to the original scheme.

• Journal of Convergence for Information Technology
• /
• v.11 no.5
• /
• pp.30-37
• /
• 2021

Various devices are connected to the Internet, and attacks using the Internet are occurring. Among such attacks, there are attacks that use malicious URLs to make users access to wrong phishing sites or distribute malicious viruses. Therefore, how to detect such malicious URL attacks is one of the important security issues. Among recent deep learning technologies, neural networks are showing good performance in image recognition, speech recognition, and pattern recognition. This neural network can be applied to research that analyzes and detects patterns of malicious URL characteristics. In this paper, performance analysis according to various parameters was performed on a method of detecting malicious URLs using neural networks. In this paper, malicious URL detection performance was analyzed while changing the activation function, learning rate, and neural network structure. The experimental data was crawled by Alexa top 1 million and Whois to build the data, and the machine learning library used TensorFlow. As a result of the experiment, when the number of layers is 4, the learning rate is 0.005, and the number of nodes in each layer is 100, the accuracy of 97.8% and the f1 score of 92.94% are obtained.

• Korean Journal of Remote Sensing
• /
• v.35 no.6_4
• /
• pp.1417-1424
• /
• 2019

Recently, disaster accidents have occurred frequently over the world, and disaster have been continuously studied using remote sensing due to large scale and hard-to-reach features. The collapse of Laos Xe pian-Xe namnoy dam in 2018 also caused a lot of human and economic damage. This study's purpose is to change detect water system due to the collapse of Xe pian-Xe namnoy dam in Laos and to derive areas where future flooding is expected. The water system is extracted from each image of KOMPSAT-5 before and after the dam collapse in order to quantitatively change detect in the water system. The result of the water system area increased more than 10 times after the dam collapse. In addition, it is confirmed that the newly created water system is thickly created in areas of low altitude area. This study result can be used in the future to systematize the pre-response to abnormalities and issues in existing operating dams. And then, if combined with other remote sensing data, more diverse and specific results could be obtained.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.77-85
• /
• 2018

With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with　the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

• Journal of Intelligence and Information Systems
• /
• v.28 no.4
• /
• pp.347-364
• /
• 2022

Fraudulent companies or sellers strategically manipulate reviews to influence customers' purchase decisions; therefore, the reliability of reviews has become crucial for customer decision-making. Since customers increasingly rely on online reviews to search for more detailed information about products or services before purchasing, many researchers focus on detecting manipulated reviews. However, the main problem in detecting manipulated reviews is the difficulties with obtaining data with manipulated reviews to utilize machine learning techniques with sufficient data. Also, the number of manipulated reviews is insufficient compared with the number of non-manipulated reviews, so the class imbalance problem occurs. The class with fewer examples is under-represented and can hamper a model's accuracy, so machine learning methods suffer from the class imbalance problem and solving the class imbalance problem is important to build an accurate model for detecting manipulated reviews. Thus, we propose an OpenAI-based reviews generation model to solve the manipulated reviews imbalance problem, thereby enhancing the accuracy of manipulated reviews detection. In this research, we applied the novel autoregressive language model - GPT-3 to generate reviews based on manipulated reviews. Moreover, we found that applying GPT-3 model for oversampling manipulated reviews can recover a satisfactory portion of performance losses and shows better performance in classification (logit, decision tree, neural networks) than traditional oversampling models such as random oversampling and SMOTE.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.11a
• /
• pp.215-219
• /
• 2004

A rapid development of the network brought increasing of many damage cases by hacker's attack. In recently many network and system resources are damaged by traffic flooding attacks. For this reason, the protection of network resources by analyzing traffic on the network is on the rise. In this paper, algorithm that improves the executing time and detection rate than traffic analysis method using SNMP is proposed and implemented.

• Proceedings of the Korea Contents Association Conference
• /
• 2014.11a
• /
• pp.223-224
• /
• 2014

최근 빅데이터 시대에 다가와서 소셜 네트워크 서비스(Social Network Service)가 중요한 정보 공유의 수단으로 발전함에 따라 그에 따른 예측분석, 동향분석, 이슈탐지 등이 증가하고 있으며, 콘텐츠 분야에서 빅데이터 기법 사례가 증가하는 추세이다. 모바일기기 보급이 빠르게 확산되면서 SNS 활성화와 함께 많은 양의 데이터가 증가하고 있으며, 인스타그램과 같은 해시태그 사용 가능 SNS 서비스에서 해시태그의 동시출현은 해시태그만의 연관성이 있음을 의미한다. 본 논문에서는 대상 SNS의 동시출현 해시태그를 분석하기 위해 발생되는 데이터를 가지고 현재 트렌드에 맞게 분석하여 정보를 제공하는 방법을 제시한다.

• 한국IT서비스학회:학술대회논문집
• /
• 2010.05a
• /
• pp.469-474
• /
• 2010

본 연구에서는 보건기관이 효율적으로 고혈압 관리 대상자를 탐색하고, 고혈압 관련 요인에 대한 지식을 효과적으로 관리할 수 있도록 하는 고혈압 고위험군 추정 모형 및 우선 사업 대상자 탐색 모형을 제안한다. 특히, 대용량 데이터 처리 및 실시간 시스템 운영, 외부 환경 변화를 고려한 자동 학습과 같은 현실적인 제약 조건을 해결하는 모형을 개발하는 것을 주 목표로 한다. 지역 보건소에서 수집된 의료 데이터를 이용하여 최적의 파라미터 값을 설정한 고혈압 고위험군 탐색 모형을 도출하였으며, 모형의 검증을 위하여 고혈압 환자정보로 구성된 평가용 데이터를 사용하여 고혈압 자연 발병률 대비 약 2배 수준으로 향상된 고혈압 환자 예측 정확도가 얻어지는 것을 확인하였다. 시스템 운영과 유비보수 측면에서 현실적으로 중요한 문제인 대용량 데이터 처리 및 외부 환경 변화에 강인한 자동학습 이슈를 해결하기 위한 방안에 대해서도 설명하였다.

• Electronics and Telecommunications Trends
• /
• v.30 no.3
• /
• pp.74-83
• /
• 2015

무인기의 기술 발전에 따른 운송, 통신중계, 교통감시, 산불감시 진화, 재해 재난대처 등 무인기의 민간 및 공공 수요 확대로, 무인기는 국가 공역으로의 운항이 요구되고 있으며 국가 공역으로의 안전한 진입을 위해서는 유인항공기 조종사에 의한 시각 감지 및 회피와 동일한 수준의 안전성을 제공하는 탐지회피 능력과 함께 신뢰성 높은 무인기 제어용 통신링크 확보가 필수적으로 요구되고 있다. 따라서, 본고에서는 무인기 제어용 통신링크에서 요구되는 기술적 특징 및 국내외 기술/표준화 동향을 파악하고 고신뢰성 무인기 제어용 통신링크 확보를 위한 기술적 및 표준화 이슈를 살펴보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.388-391
• /
• 2015

현재 개인정보보호법 및 정보보안에 대한 중요한 이슈가 되고 있다. 데이터 유출사고의 약 76%가 외부조직에서 발견되었고, 피해조직의 내부에서 발견된 비율 중 절반 이상이 최종 사용자에 의해 발견되었다. 관제대상과 범위가 주로 네트워크 영역으로 한정되어 있고 외부로부터 유입되는 공격에 대한 모니터링에 집중하는 보안관제 체계가 사고의 원인으로 파악되었다. 즉 내부 PC를 대상으로 하는 공격이나, 패턴기반의 탐지를 우회하는 알려지지 않은 취약점을 이용한 APT공격, 사회공학적 공격 등에는 한계를 보이는 경우이다. 향후 사물인터넷(IoT)의 증가로 인하여 더 많은 취약점 공격과 대량의 비정형 데이터가 증가할 경우 내외부적인 공격에 보안 체계가 더 체계적이고 계층적 방어 보안 모델로 대응해야 한다.