• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.07a
• /
• pp.391-392
• /
• 2019

본 논문에서는 타임스탬프의 위변조를 위한 안티포렌식의 도구로 사용되는 타임스탬프 변경도구들에 기능에 대하여 디지털 포렌식 관점에서 분석을 수행한다. 타임스탬프 변경도구들로써 수행할 수 있는 타임스탬프 변경작업의 범위와 특징을 찾아본다. NTFS파일시스템에서 사용하는 타임스탬프 변경도구들의 기능상의 분류는 그것들이 변경할 수 있는 타임스탬프 종류와 정밀도를 기준으로 정하고 그 도구들을 사용한 후에 기록된 타임스탬프의 특징들을 디지털 포렌식 관점에서 분석을 수행하기로 한다. 이 연구에서의 분류 형태 중 타입 I은 FileTouch.exe, SKTimeStamp, BulkFileChanger류의 도구들과 타입 II는 timestomp, 타입 III은 SetMACE로 분류하고 각 도구들을 사용한 후에 변경된 타임스탬프들의 특징을 살펴보기로 한다.

• The Journal of the Korea Contents Association
• /
• v.17 no.3
• /
• pp.231-237
• /
• 2017

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

• Journal of Industrial Convergence
• /
• v.21 no.9
• /
• pp.41-48
• /
• 2023

Recently, there has been a sharp increase in the damages caused by ransomware across various sectors of society, including individuals, businesses, and nations. Ransomware is a malicious software that infiltrates user computer systems, encrypts important files, and demands a ransom in exchange for restoring access to the files. Due to its diverse and sophisticated attack techniques, ransomware is more challenging to detect than other types of malware, and its impact is significant. Therefore, there is a critical need for accurate detection and mitigation methods. To achieve precise ransomware detection, an inference engine of a detection system must possess knowledge of ransomware features. In this paper, we propose a model to extract and classify the characteristics of ransomware for accurate detection of ransomware, calculate the similarity of the extracted characteristics, reduce the dimension of the characteristics, group the reduced characteristics, and classify the characteristics of ransomware into attack tools, inflow paths, installation files, command and control, executable files, acquisition rights, circumvention techniques, collected information, leakage techniques, and state changes of the target system. The classified characteristics were applied to the existing ransomware to prove the validity of the classification, and later, if the inference engine learned using this classification technique is installed in the detection system, most of the newly emerging and variant ransomware can be detected.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.16 no.2
• /
• pp.5-24
• /
• 2005

This study reviews various kinds of records filing systems, which function as a basic fundamental to effective records management. The purposes, methods and characteristics of Alphabetic, geographic, numeric, subject, and combined filing systems are examined. The alphabetic filing method uses letters of the alphabet to determine the order of names of people and companies. In subject filing the subjects are filed in alphabetic order. In numeric filing, numbers representing names or subjects are used. When records are requested by place or location rather than by individual or business name, geographic filing is advantageous.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.6
• /
• pp.35-46
• /
• 2011

In this paper, we proposed the method of emotion recognition using staged classification model and Fisher's linear discriminant. By organizing the staged classification model, the proposed method improves the classification rate on the Fisher's feature space with high complexity. The staged classification model is achieved by the successive combining of binary classification model which has simple structure and high performance. On each stage, it forms Fisher's linear discriminant according to the two groups which contain each emotion class, and generates the binary classification model by using Adaboost method on the Fisher's space. Whole learning process is repeatedly performed until all the separations of emotion classes are finished. In experimental results, the proposed method provides about 72% classification rate on 8 classes of emotion and about 93% classification rate on specific 3 classes of emotion.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.10 no.5
• /
• pp.47-52
• /
• 2011

Vehicle classification data are considerably used in the almost all fields of transportation planning and engineering. Highway agencies use a large number of vehicle classification schemes. Vehicles on the national highway are classified by 12-Category classification system, using number of axles, distances between axles, vehicle length, overhang, and other factors. In the case of using existing axle-sensor-based classification counters (that is, 12-category classification system), two-axle vehicles(Class 1 to 4) can be erroneously classified because a passenger vehicle becomes larger and similar with class 3 and 4. In this reason, this study proposes the vehicle classification scheme based on using vehicle height profiles obtained by a laser sensors. Also, the accuracy of the proposed method are tested through a field study.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04b
• /
• pp.475-477
• /
• 2002

자동 문서 분류는 범주 특성 벡터와 입력 문서 벡터의 유사도 비교에 의해 가장 유사한 범주를 선택하는 방법이다. 문서 분류 시스템을 구현하기 위하여 각 범주의 특성 벡터를 정보 검색 시스템의 역파일 형태로 구축하였으며, 용어 가중치를 계산하는 방법을 달리하여 문서 분류 시스템의 정확도를 실험하였다. 실험 문서는 일간지의 신문기사들을 무작위로 추출한 문서 집합을 대상으로 하였으며, 정보 검색 모델에서 보편적으로 사용되는 TF-lDF 방식이 변형된 방식에 비해 더 나은 성능을 보였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.941-944
• /
• 2011

컴퓨팅 환경에서 각종 보안 위협들의 핵심에는 악성 실행파일들이 있다. 전통적인 시그니처 기반의 보안 시스템들은 악의적인 실행파일들 중에서 알려지지 않은 것들에 대해서는 런타임 탐지에 어려움이 있다. 그러한 이유로 런타임 탐지를 위해 시그니처가 필요 없는 정적, 동적 분석 방법들이 다각도로 연구되어 왔으며, 특히 악성 실행파일을 실제 실행한 후 그 동작상태를 모니터링 하는 행위기반 동적 분석방법들이 많은 발전을 이루어왔다. 그러나 대부분의 행위기반 분석방법들은 단순히 몇 가지 행위나 비순차적인 분석정보를 제공하기 때문에, 차후 악성여부를 최종 판단하는 방법론에 적용하기에는 그 분석정보가 충분하지 않다. 본 논문에서는 악성 실행파일이 실행되는 동안 발생할 수 있는 행위들을 분류하고, 이를 모니터링 하는 프로토타입 프로그램을 구현하였다. 또한, 악성 실행파일을 직접 실행하는 것은 제한된 컴퓨팅 환경에서 이루어지기 때문에, 실제 악성 실행파일을 모니터링 한 결과를 토대로 행위기반 모니터링 방법이 극복해야 될 이슈들에 대해서도 언급하고 있다.

• Journal of Korean Society of Archives and Records Management
• /
• v.13 no.3
• /
• pp.7-39
• /
• 2013

Some records have to be classified not according to their business function but according to their case because of the characteristics of the organization's business. Examples of this are case files, criminal files, lawsuit files, personal files, medical files, and project files. The case files are made according to standard business processes. Case files are filled with records of a series of activities and these records, which are made while carrying out various functions, reenact the multilevel process of a case. This study organized the implications of managing case files by examining the composition of lawsuit records and deducting characteristics in management. To do this, first, this study analyzed the composition of the lawsuit records that Korea Legal Aid Corporation produced and managed. Second, this study confirmed how the characteristics of case files are reflected in the lawsuit records of Korea Legal Aid Corporation. Third and lastly, this study searched how the lawsuit files are managed and used through the example of Korea Legal Aid Corporation.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.5
• /
• pp.718-723
• /
• 2008

Bearing is one of the important mechanical elements used in various industrial equipments. Most of failures occurred during the equipment operation result from bearing defects and breakages. Therefore, monitoring of bearings is essential in preventing equipment breakdowns and reducing unexpected loss. The purpose of this paper is to present an online monitoring method to predict bearing states using vibration signals. Bearing vibrations, which are collected as a form of profile signal, are first analyzed by a discrete wavelet transform. Next, some statistical features are obtained from the resultant wavelet coefficients. In order to select significant ones among them, analysis of variance (ANOVA) is employed in this paper. Statistical features screened in this way are used as input variables to support vector machine (SVM). An hierarchical SVM tree is proposed for dealing with multi-class problems. The result of numerical experiments shows that the proposed SVM tree has a competent performance for classifying bearing fault states.