• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.935-938
• /
• 2008

DoS/DDoS 공격과 웜 공격으로 대표되는 트래픽 폭주 공격은 그 특성상 사전 차단이 어렵기 때문에 빠르고 정확한 탐지는 공격 탐지 시스템이 갖추어야 할 필수요건이다. 기존의 SNMP MIB 기반 트래픽 폭주공격 탐지 방법은 1 분 이상의 탐지 시간을 요구하였다. 본 논문은 SNMP MIB 객체의 상관 관계를 이용한 빠른 트래픽 폭주 공격 탐지 알고리즘을 제안한다. 또한 빠른 탐지 시간으로 발생되는 시스템의 부하와 탐지 트래픽을 최소화하는 방안도 함께 제시한다. 공격 탐지 방법은 3 단계로 구성되는데, 1 단계에서는 MIB 정보의 갱신주기를 바탕으로 탐지 시점을 결정하고, 2 단계에서는 MIB 정보간의 상관 관계를 이용하여 공격의 징후를 판단하고, 3 단계에서는 프로토콜 별 상세 분석을 통하여 공격 탐지뿐만 아니라 공격 유형까지 판단한다. 따라서 빠르고 정확하게 공격을 탐지할 수 있고, 공격 유형을 분류해 낼 수 있어 신속한 대처가 가능해 질 수있다.

• Korean Journal of Forensic Psychology
• /
• v.11 no.1
• /
• pp.89-115
• /
• 2020

Traditional deception detection methods had examined the difference of one's autonomic physiological responses through asking crime-related and crime-unrelated questions. There has been a continuing controversy regarding the accuracy and validity of the test, and thus, many researchers were motivated to explore and develop alternative efficient methods of detection in which one of them is known as P300-based Complex Trial Protocol (CTP). The P300-based CTP detects deception through comparing the P300 amplitudes between probe and irrelevant stimuli and is known as a counterstrategy of countermeasures. However, many previous studies have used countermeasures created from Rosenfeld et al.'s work (2008). The present study initially conducted a survey asking open-ended questions about the countermeasure use to acquire participant-oriented countermeasures for the main experiment. Then, the study aimed to evaluate whether the CTP can accurately detect deception even in the use of survey-based countermeasures. We firstly selected a set of participant-oriented countermeasures through survey questions. Then, a total of 50 participants were divided into three groups (innocent, guilty, and countermeasures) and performed the CTP. Those assigned to the countermeasures group covertly performed mental countermeasures during the CTP. The results of P300 amplitude analysis revealed that the guilty group's P300 amplitude of probe stimuli was significantly larger than that of irrelevant stimuli. Countermeasures group also had a significantly larger P300 amplitude for probe stimuli compared to irrelevant stimuli, even in the use of countermeasures. The results of bootstrapped amplitude difference (BAD) showed a detection accuracy rate of 81.25%, 82.35%, 82.35% for the innocent, guilty, and countermeasures groups, respectively. These findings demonstrate that the CTP can obtain a high detection rate in participant-oriented countermeasures and suggest the potential use of the CTP in the field.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.6
• /
• pp.567-575
• /
• 2017

The direction finder is an important device for an electronic support(ES) system because it is responsible for finding the direction of an emitter. The higher the accuracy of the direction finding, the higher the vitality of the weapon system with the ES system. Recently, the direction error occurred in the operating shipboard ES system when direction finding was performed for the signal with a pulse width of 200 ns. Therefore, this paper proposes, an improved method to reduce the direction error for shipboard ES systems. The proposed method was applied to the operating shipboard ES system and a field test was performed. The results of the field test showed that the direction error was reduced significantly for the signal with a pulse width of 200 ns.

• Korean Journal of Remote Sensing
• /
• v.39 no.6_3
• /
• pp.1763-1770
• /
• 2023

The availability of high-resolution satellite image time series data has led to an increase in change detection research. Various methods are being studied, such as satellite image pixel and object-level change detection algorithms, as well as algorithms that apply deep learning technology. In this paper, we propose a QGIS plugin-based system to enhance the utilization of these useful results and present an actual implementation case. The proposed system is a system for intensive change detection and monitoring of areas of interest, and we propose a convenient system expansion method for algorithms to be developed in the future. Furthermore, it is expected to contribute to the construction of satellite image utilization systems by presenting the basic structure of commercialization of change detection research.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.9
• /
• pp.901-905
• /
• 2008

In this paper, we propose a detection scheme for sinkhole attacks in wireless sensor networks. Sinkhole attack makes packets that flow network pass through attacker. So, Sinkhole attack can be extended to various kind of attacks. We analyze sinkhole attack methods in the networks that use LQI based routing. For the purpose of response to each attack method, we propose methods to detect attacks. Our scheme can work for those sensor networks which use LQI based dynamic routing protocol. And we show the detection of sinkhole attack can be achieved by using a few detector nodes.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.105-108
• /
• 2024

랜섬웨어는 Ransom(몸값)과 Software(소프트웨어)의 합성어로, 데이터를 암호화하여 이를 인질로 금전을 요구하는 악성 프로그램이다. 블랙캣(BlackCat)과 같은 랜섬웨어가 스위스 항공 서비스 기업의 시스템을 마비시키는 공격을 시도하였으며, 이와 같은 랜섬웨어로 인한 피해는 지속적으로 발생하고 있다. 랜섬웨어에 의한 피해 감소 및 방지를 위하여, 다양한 랜섬웨어 탐지방안이 등장하였으며, 최근 행위 기반 침입탐지 시스템에 인공지능 기술을 결합하여 랜섬웨어를 탐지하는 방안이 연구되는 실정이다. 인공지능 기술은 딥러닝 및 하드웨어의 발전으로 데이터를 처리할 수 있는 범위가 넓어지면서, 다양한 분야와 접목하여 랜섬웨어 탐지를 위한 시스템에 적용되고 있지만, 국내는 국외만큼 활발하게 연구되지 않고 연구 개발 단계에 머물러 있다. 따라서 본 논문에서는 랜섬웨어에 감염된 파일에서 나타나는 특징 중 하나인 엔트로피를 데이터 분석에 활용함으로써, 랜섬웨어를 탐지하는 시스템을 제안하고 설계하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.385-387
• /
• 2004

현재의 침입탐지 시스템의 문제점들을 개선하기 위해 침입탐지 정보의 축약기술 및 연관성 분석 기법들에 대한 연구들이 진행 중이다. 또한 최근에는 침입탐지 정보의 연관성 분석 시스템에 대한 효과성 검증에 대한 연구도 진행 중이다. 본 논문에서는 침입탐지 정보의 축약기술 및 연관성 분석 시스템의 효과성을 검증하기 위한 평가방안을 제안하였다 즉, 침입탐지 정보의 연관성 분석 시스템에 필요한 기능 요구사항을 제시하고, 그러한 기능을 객관적으로 평가할 수 있는 방법으로 가중치 및 행렬에 의한 방법을 제안하였다.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.29 no.5
• /
• pp.509-517
• /
• 2011

Recently, large scale of the damage from the natural disasters are occurring frequently such as Japanese and New Zealand's earthquake. Collecting information quickly and accurately from damaged area is important for effective react in emergency situations. UAV is effective method to collect information because it can fly low attitude and spend small operational costs/time. In this study, collecting data about the UAV regulations are analyzed for effective UAV operation in disaster detection. And Improvement of Regulations were proposed about Problem of UAV Operation. Regulation of UAV for disaster detecting is not exist. But It's possible to classify into Ultra Light Plane. So addition of some clauses like definition, scope and air-borne equipment for UAV will be needed. Also, it is difficult to manage effectively because of process about flight permission, therefore it is need to enact exceptional regulations to solve this problem. More analytical research based on applications of UAV operation for disaster detection will be present improvement of disaster detection and damage investigation.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.6
• /
• pp.1464-1480
• /
• 1997

Distributed systems offer environments for attaining high performance, fault-tolerance, information sharing, resource sharing, etc. But we cannot benefit from these potential advantages without suitable management of events/states occurring in distributed systems. These events and states can be symptoms for performance degradation, erroneous functions, suspicious activities, etc. and are subject to further analysis. To properly manage events/states, we need to be able to specify and efficiently detect these events/states. In this paper we first describe an event/state specification language and a centralized algorithm for detecting events/states specified with this language. Then we describe an algorithm for distributing an event/state detection task in a distributed system which is hierarchically organized. The algorithm consists of decomposing an event/state detection task into subtasks and allocation these subtasks to the proper nodes. We also explain a method to make the distributed detection fault-tolerant.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.10
• /
• pp.223-227
• /
• 2014

This paper presents an improvement method for human body sensing module and management system, specifically focused on the human body detection module with ultrasonic sensors to detect the usage of toilets and the management system to control the state of the toilets of the entire building. The proposed human body sensing module consists of the detection sensor to detect the movement of human body and the contact sensor to detect the position in a certain distance. The management system is configured of the control unit to process the signal transmitted from sensors, opening and closing valves according to the sensing signal, and the short range wireless communication unit to save the operational status data as well as transmit the data at regular intervals.