• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.53-58
• /
• 2014

MANET can quickly build a network because it is configured with only the mobile node and it is very popular today due to its various application range. However, MANET should solve vulnerable security problem that dynamic topology, limited resources of each nodes, and wireless communication by the frequent movement of nodes have. In this paper, we propose a domain-based distributed cooperative intrusion detection techniques that can perform accurate intrusion detection by reducing overhead. In the proposed intrusion detection techniques, the local detection and global detection is performed after network is divided into certain size. The local detection performs on all the nodes to detect abnormal behavior of the nodes and the global detection performs signature-based attack detection on gateway node. Signature DB managed by the gateway node accomplishes periodic update by configuring neighboring gateway node and honeynet and maintains the reliability of nodes in the domain by the trust management module. The excellent performance is confirmed through comparative experiments of a multi-layer cluster technique and proposed technique in order to confirm intrusion detection performance of the proposed technique.

• Review of KIISC
• /
• v.15 no.6
• /
• pp.68-72
• /
• 2005

최근 초고속 네트워크의 보급에 따른 보안 장비의 성능 요구 사항은 점점 높아가고 있다. 특히 방화벽이나 침입탐지시스템에서 패킷과 보안 정책과의 일치 여부를 고속으로 알기 위해서 TCAM과 같은 하드웨어 기술이 점차 적용되고 있다. TCAM은 메모리 저장된 엔트리 중에서 입력키와 완전히 일치된 값을 찾거나 prefix 형태로 기술된 범위 내에 입력키가 어느 범위에 속하는 지 쉽게 찾을 수 있지만, prefix로 기술되지 않는 범위에 대해서는 하나의 엔트리로 표현하기 어렵다. 이렇듯 TCAM은 고속의 검색 기능을 제공하지만 다른 메모리 소자에 비해 가격이 비싸고 전력 소모가 크기 때문에 저장 공간의 낭비 없이 non-prefix 형태의 범위로 표현할 수 있는 방법이 요구된다. 본 논문에서는 범위변환 테이블을 이용하여 non-prefix 형태의 범위에 대해서도 prefix 형태의 범위와 동일하게 하나의 엔트리로 기술함으로써 저장 공간을 효율적으로 사용하고 다양한 보안 기능을 구현할 수 있는 가능성을 제시한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.105-108
• /
• 2024

랜섬웨어는 Ransom(몸값)과 Software(소프트웨어)의 합성어로, 데이터를 암호화하여 이를 인질로 금전을 요구하는 악성 프로그램이다. 블랙캣(BlackCat)과 같은 랜섬웨어가 스위스 항공 서비스 기업의 시스템을 마비시키는 공격을 시도하였으며, 이와 같은 랜섬웨어로 인한 피해는 지속적으로 발생하고 있다. 랜섬웨어에 의한 피해 감소 및 방지를 위하여, 다양한 랜섬웨어 탐지방안이 등장하였으며, 최근 행위 기반 침입탐지 시스템에 인공지능 기술을 결합하여 랜섬웨어를 탐지하는 방안이 연구되는 실정이다. 인공지능 기술은 딥러닝 및 하드웨어의 발전으로 데이터를 처리할 수 있는 범위가 넓어지면서, 다양한 분야와 접목하여 랜섬웨어 탐지를 위한 시스템에 적용되고 있지만, 국내는 국외만큼 활발하게 연구되지 않고 연구 개발 단계에 머물러 있다. 따라서 본 논문에서는 랜섬웨어에 감염된 파일에서 나타나는 특징 중 하나인 엔트로피를 데이터 분석에 활용함으로써, 랜섬웨어를 탐지하는 시스템을 제안하고 설계하였다.

• Proceedings of KOSOMES biannual meeting
• /
• 2008.05a
• /
• pp.125-127
• /
• 2008

허베이스피리트호 원유유출 사고는 2007년 12월7일 아침 7시6분경 서해안 만리포 북서쪽 10km 해상에서 크레인을 적재한 1만1800t급 바지선이 정박 중인 흥콩 선적 유조선 허베이 스피리트호(14만6000t급)와 부딪치면서 발생했다. 이와 같은 기름 유출 사고의 경우, 유출 범위를 정확하게 이해하는 것이 중요하다. 여기서는 위 사고 기간에 얻어진 인공위성 자료를 이용하여 기름 유출을 탐지하기 위한 연구결과를 소개한다. 광학과 마이로파영상에 대해 유출 범위의 계산 및 해석 알고리듬에 대한 현재까지의 결과를 소개한다. 광학영상으로는 아리랑 2호 (다목적 실용위성 2호, KOMPSAT II) MSC(Multi Spectral Camera)자료가 사용되었으며, 합성개구레이더로는 ENVISAT ASAR, TerraSAR-X 및 ALOS PALSAR의 자료가 사용되었다.

• Journal of Intelligence and Information Systems
• /
• v.29 no.1
• /
• pp.233-247
• /
• 2023

Recently, research on detecting objects in hidden spaces beyond the direct line-of-sight of observers has received attention. Most studies use optical equipment that utilizes the directional of light, but sound that has both diffraction and directional is also suitable for non-line-of-sight(NLOS) research. In this paper, we propose a novel method of detecting objects in non-line-of-sight (NLOS) areas using acoustic signals in the audible frequency range. We developed a deep learning model that extracts information from the NLOS area by inputting only acoustic signals and predicts the properties and location of hidden objects. Additionally, for the training and evaluation of the deep learning model, we collected data by varying the signal transmission and reception location for a total of 11 objects. We show that the deep learning model demonstrates outstanding performance in detecting objects in the NLOS area using acoustic signals. We observed that the performance decreases as the distance between the signal collection location and the reflecting wall, and the performance improves through the combination of signals collected from multiple locations. Finally, we propose the optimal conditions for detecting objects in the NLOS area using acoustic signals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.457-469
• /
• 2018

This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.27-40
• /
• 2015

Inferring firewall policy is to discover firewall policy by analyzing response packets as results of active probing without any prior information. However, a brute-force approach for generating probing packets is unavailable because the probing packets may be regarded as attack traffic and blocked by attack detection threshold of a firewall. In this paper, we propose a firewall policy inference method using an efficient probing algorithm which considers the number of source IP addresses, maximum probing packets per second and interval size of adjacent sweep lines as inference parameters to avoid detection. We then verify whether the generated probing packets are classified as network attack patterns by a firewall, and present the result of evaluation of the correctness by comparing original firewall policy with inferred firewall policy.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.717-726
• /
• 2003

In this paper, we analyze the associated rule based deductive algorithm which creates the rules automatically for intrusion detection from the vast packet data. Based on the result, we also suggest the deductive algorithm which creates the rules of intrusion pattern fast in order to apply the intrusion detection systems. The deductive algorithm proposed is designed suitable to the concept of clustering which classifies and deletes the large data. This algorithm has direct relation with the method of pattern generation and analyzing module of the intrusion detection system. This can also extend the appication range and increase the detection speed of exiting intrusion detection system as the rule database is constructed for the pattern management of the intrusion detection system. The proposed pattern generation technique of the deductive algorithm is used to the algorithm is used to the algorithm which can be changed by the supporting rate of the data created from the intrusion detection system. Fanally, we analyze the possibility of the speed improvement of the rule generation with the algorithm simulation.

• Annual Conference on Human and Language Technology
• /
• 2022.10a
• /
• pp.307-312
• /
• 2022

상호참조해결은 주어진 문서에서 멘션을 추출하고 동일한 개체의 멘션들을 군집화하는 작업이다. 기존 상호참조해결 연구의 멘션탐지 단계에서 진행한 가지치기는 모델이 계산한 점수를 바탕으로 순위화하여 정해진 비율의 멘션만을 상호참조해결에 사용하기 때문에 잘못 예측된 멘션을 입력하거나 정답 멘션을 제거할 가능성이 높다. 또한 멘션 탐지와 상호참조해결을 종단간 모델로 진행하여 학습 시간이 오래 걸리고 모델 복잡도가 높은 문제가 존재한다. 따라서 본 논문에서는 상호참조해결을 2단계 파이프라인 모델로 진행한다. 첫번째 멘션 탐지 단계에서 후보 단어 범위의 점수를 계산하여 멘션을 예측한다. 두번째 상호참조해결 단계에서는 멘션 탐지 단계에서 예측된 멘션을 그대로 이용해서 서로 상호참조 관계인 멘션 쌍을 예측한다. 실험 결과, 2단계 학습 방법을 통해 학습 시간을 단축하고 모델 복잡도를 축소하면서 종단간 모델과 유사한 성능을 유지하였다. 상호참조해결은 Light에서 68.27%, AMI에서 48.87%, Persuasion에서 69.06%, Switchboard에서 60.99%의 성능을 보였다.

• Journal of the Korean Society for Nondestructive Testing
• /
• v.20 no.1
• /
• pp.54-61
• /
• 2000

In order to determine the mode I stress intensity factor ($K_I$) by means of the alternating current potential drop(ACPD) technique, the change in potential drop due to load for a paramagnetic material containing a two-dimensional surface crack was examined. The cause of the change in potential drop and the effects of the magnetic flux and the demagnetization on the change in potential drop were clarified by using the measuring systems with and without removing the magnetic flux from the circumference of the specimen. The change in potential drop was linearly decreased with increasing the tensile load and was caused by the change in conductivity near the crack tip. The reason of decreasing the change in potential drop with increasing the tensile load was that the increase of the conductivity near the crack tip due to the tensile load caused the decreases of the resistance and internal inductance of the specimen. The relationship between the change in potential drop and the change in $K_I$ was not affected by demagnetization and was independent of the crack length.