• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.33-41
• /
• 2018

Recently, Internet technology has developed, various programs are being created and therefore various codes are being made through many authors. On this aspect, some author deceive a program or code written by other particular author as they make it themselves and use other writers' code indiscriminately, or not indicating the exact code which has been used. Due to this makes it more and more difficult to protect the code. In this paper, we propose author identification framework using Authorship Analysis theory and Natural Language Processing(NLP) based on Convolutional Neural Network(CNN). We apply Authorship Analysis theory to extract features for author identification in the source code, and combine them with the features being used text mining to perform author identification using machine learning. In addition, applying CNN based natural language processing method to source code for code author classification. Therefore, we propose a framework for the identification of authors using the Authorship Analysis theory and the CNN. In order to identify the author, we need special features for identifying the authors only, and the NLP method based on the CNN is able to apply language with a special system such as source code and identify the author. identification accuracy based on Authorship Analysis theory is 95.1% and identification accuracy applied to CNN is 98%.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.1-8
• /
• 2020

Recently, the number of APT(Advanced Persistent Threats) attack using malware has been increasing, and research is underway to prevent and detect them. While it is important to detect and block attacks before they occur, it is also important to make an effective response through an accurate analysis for attack case and attack type, these respond which can be determined by analyzing the attack group of such attacks. Therefore, this paper propose a framework based on genetic algorithm for analyzing malware and understanding attacker group's features. The framework uses decompiler and disassembler to extract related code in collected malware, and analyzes information related to author through code analysis. Malware has unique characteristics that only it has, which can be said to be features that can identify the author or attacker groups of that malware. So, we select specific features only having attack group among the various features extracted from binary and source code through the authorship clustering method, and apply genetic algorithm to accurate clustering to infer specific features. Also, we find features which based on characteristics each group of malware authors has that can express each group, and create profiles to verify that the group of authors is correctly clustered. In this paper, we do experiment about author classification using genetic algorithm and finding specific features to express author characteristic. In experiment result, we identified an author classification accuracy of 86% and selected features to be used for authorship analysis among the information extracted through genetic algorithm.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.128-131
• /
• 2021

본 논문에서는 특정 코드를 분석하여 해당 코드를 작성한 저자가 누구인지 식별할 수 있는 머신 러닝 기반 코드 저자 식별 기술에 대해 소개한다. 먼저 소스 코드를 분석하여 저자를 확인하는 기법들에 알아볼 것이다. 또한 저자를 식별할 수 있는 정보가 다소 소실된 바이너리 코드를 분석하여 저자를 확인하는 기법을 살펴본 다음, 저자 식별 기법의 향후 연구 방향에 대해 탐색하고자 한다.

• Journal of Internet Computing and Services
• /
• v.18 no.6
• /
• pp.35-46
• /
• 2017

Recently, attackers using malicious code in cyber security have been increased by attaching malicious code to a mail and inducing the user to execute it. Especially, it is dangerous because it is easy to execute by attaching a document type file. The author analysis is a research area that is being studied in NLP (Neutral Language Process) and text mining, and it studies methods of analyzing authors by analyzing text sentences, texts, and documents in a specific language. In case of attack mail, it is created by the attacker. Therefore, by analyzing the contents of the mail and the attached document file and identifying the corresponding author, it is possible to discover more distinctive features from the normal mail and improve the detection accuracy. In this pager, we proposed IADA2(Intelligent Attack mail Detection based on Authorship Analysis) model for attack mail detection. The feature vector that can classify and detect attack mail from the features used in the existing machine learning based spam detection model and the features used in the author analysis of the document and the IADA2 detection model. We have improved the detection models of attack mails by simply detecting term features and extracted features that reflect the sequence characteristics of words by applying n-grams. Result of experiment show that the proposed method improves performance according to feature combinations, feature selection techniques, and appropriate models.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.15 no.2
• /
• pp.335-342
• /
• 2020

ESS(Environmental Stress Screening) is an important production process to remove 'latent defects' introduced in the production of products. Recently, ESS is included in QAR(Quality Assurance Report) as an essential quality assurance requirement for products in the defense business. However, depending on the author of the QAR or the classification of the weapon system, it is often identified that the content and form are different or important elements are omitted. Therefore, this paper proposes a MIL-HDBK-344A based quantitative ESS requirement standard to secure the consistency and completeness of QAR. and to make easier to calculate PE(Precipitation Efficiency), which is an indicator for identifying the latent defects elimination effect.

• Journal of Intelligence and Information Systems
• /
• v.20 no.3
• /
• pp.77-92
• /
• 2014

Recently, numerous documents including unstructured data and text have been created due to the rapid increase in the usage of social media and the Internet. Each document is usually provided with a specific category for the convenience of the users. In the past, the categorization was performed manually. However, in the case of manual categorization, not only can the accuracy of the categorization be not guaranteed but the categorization also requires a large amount of time and huge costs. Many studies have been conducted towards the automatic creation of categories to solve the limitations of manual categorization. Unfortunately, most of these methods cannot be applied to categorizing complex documents with multiple topics because the methods work by assuming that one document can be categorized into one category only. In order to overcome this limitation, some studies have attempted to categorize each document into multiple categories. However, they are also limited in that their learning process involves training using a multi-categorized document set. These methods therefore cannot be applied to multi-categorization of most documents unless multi-categorized training sets are provided. To overcome the limitation of the requirement of a multi-categorized training set by traditional multi-categorization algorithms, we propose a new methodology that can extend a category of a single-categorized document to multiple categorizes by analyzing relationships among categories, topics, and documents. First, we attempt to find the relationship between documents and topics by using the result of topic analysis for single-categorized documents. Second, we construct a correspondence table between topics and categories by investigating the relationship between them. Finally, we calculate the matching scores for each document to multiple categories. The results imply that a document can be classified into a certain category if and only if the matching score is higher than the predefined threshold. For example, we can classify a certain document into three categories that have larger matching scores than the predefined threshold. The main contribution of our study is that our methodology can improve the applicability of traditional multi-category classifiers by generating multi-categorized documents from single-categorized documents. Additionally, we propose a module for verifying the accuracy of the proposed methodology. For performance evaluation, we performed intensive experiments with news articles. News articles are clearly categorized based on the theme, whereas the use of vulgar language and slang is smaller than other usual text document. We collected news articles from July 2012 to June 2013. The articles exhibit large variations in terms of the number of types of categories. This is because readers have different levels of interest in each category. Additionally, the result is also attributed to the differences in the frequency of the events in each category. In order to minimize the distortion of the result from the number of articles in different categories, we extracted 3,000 articles equally from each of the eight categories. Therefore, the total number of articles used in our experiments was 24,000. The eight categories were "IT Science," "Economy," "Society," "Life and Culture," "World," "Sports," "Entertainment," and "Politics." By using the news articles that we collected, we calculated the document/category correspondence scores by utilizing topic/category and document/topics correspondence scores. The document/category correspondence score can be said to indicate the degree of correspondence of each document to a certain category. As a result, we could present two additional categories for each of the 23,089 documents. Precision, recall, and F-score were revealed to be 0.605, 0.629, and 0.617 respectively when only the top 1 predicted category was evaluated, whereas they were revealed to be 0.838, 0.290, and 0.431 when the top 1 - 3 predicted categories were considered. It was very interesting to find a large variation between the scores of the eight categories on precision, recall, and F-score.

• The Journal of the Korea Contents Association
• /
• v.12 no.2
• /
• pp.40-51
• /
• 2012

Recently, many users discuss and argue with others using replying comments. This implies that a series of comments can be a new source of information since various opinions can be appeared in the dispute. It is important to understand the implicit dispute structure immanent in the comment set. In this paper, we examine the characteristics of disputes using replying comments in the Internet forum sites using a set of test articles with the comments collected from SketicalLeft and Agora, which are famous Internet forum sites in Korea. And we propose a new method for detecting and visualizing the dispute sections and relations from a large set of replying comments. To show the performance of our method, we measured precision, recall, and F-measure. According to the experimental results, the F-measures of the detection of the comments in dispute are about 0.84 (SketpcialLeft) and 0.83 (Agora); those of the detection of the commenter pairs in dispute are 0.75 (SketpcialLeft) and 0.82 (Agora), respectively. Since our method exploits the temporal order of commenters to detect the disputes, it is not dependent on the host language nor on the typos in comments. Also, our method can help the readers to grasp the structure of controversy hidden in the comment set through the visualized view.