• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.674-684
• /
• 2002

Anomaly detection techniques have teen devised to address the limitations of misuse detection approach for intrusion detection. An HMM is a useful tool to model sequence information whose generation mechanism is not observable and is an optimal modeling technique to minimize false-positive error and to maximize detection rate, However, HMM has the short-coming of login training time. This paper proposes an effective HMM-based IDS that improves the modeling time and performance by only considering the events of privilege flows based on the domain knowledge of attacks. Experimental results show that training with the proposed method is significantly faster than the conventional method trained with all data, as well as no loss of recognition performance.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2001.12a
• /
• pp.121-124
• /
• 2001

충돌회피 시스템은 선박의 안전 항해에 중요한 역할을 한다. 충돌회피 시스템은 선박이 장애물을 만났을 때 영역전문가인 항해사를 대신하여 피항 행위를 하도륵 지시하는 시스템으로 자선에서 이루어지는 해상 장애물들에 대한 피항 시 그 판단 기준을 각 장애물에 대한 충돌위험도에 둔다. 따라서 본 연구에서는 선박의 충돌회피 시스템의 보다 안전한 충돌회피를 도모하기 위해 충돌회피를 위한 충돌위험도 결정 시스템을 제안한다. 충돌위험도 결정 시스템은 장애물 모델링과 장애물의 충돌위험도 결정의 두 부분으로 구성된다. 장애물 모델링은 선박의 센서에서 나오는 저수준의 자료를 지능형 선박의 타 시스템에서 이용하기 쉽도록 구하는 과정이다. 충돌위험도 결정 시스템의 출력으로 산출되는 충돌위험도는 충돌회피 시스템의 피항 행위 결정에 정보로 사용된다. 본 연구에서는 DCPA와 TCPA를 이용한 기존의 기법에 VCD의 개념을 추가한 새로운 충돌위험도 결정 기법을 제안한다. 입력변수가 되는 DCPA, TCPA, VCD의 퍼지 소속함수를 산출하고 이를 기반으로 퍼지 추론을 이용하여 세부적인 충돌위험도를 결정한다. 본 연구에서 제안하는 기법은 기존의 DCPA와 TCPA만으로 충돌위험도를 결정한 경우보다 상세한 충돌위험도 결정이 가능하다는 장점과 국제해상충돌예방규칙의 내용이 적용되었다는 장점을 지닌다. 제안된 기법은 DCPA와 TCPA 만으로 충돌위험도를 결정한 기법과 비교.평가하여 성능을 검증한다.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.45-54
• /
• 2006

Nowadays, a lot of techniques have been applied for the detection of malicious behavior. However, the current techniques taken into practice are facing with the challenge of much variations of the original malicious behavior, and it is impossible to respond the new forms of behavior appropriately and timely. There are also some limitations can not be solved, such as the error affirmation (positive false) and mistaken obliquity (negative false). With the questions above, we suggest a new method here to improve the current situation. To detect the malicious code, we put forward dealing with the basic source code units through the conceptual graph. Basically, we use conceptual graph to define malicious behavior, and then we are able to compare the similarity relations of the malicious behavior by testing the formalized values which generated by the predefined graphs in the code. In this paper, we show how to make a conceptual graph and propose an efficient method for similarity measure to discern the malicious behavior. As a result of our experiment, we can get more efficient detection rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.127-137
• /
• 2019

The growth in smartphone service has given rise to an increase in frequency and importance of authentication. Existing smartphone authentication mechanisms such as passwords, pattern lock and fingerprint recognition require a high level of awareness and authenticate users temporarily with a point-of-entry techniques. To overcome these disadvantages, there have been active researches in behavior-based authentication. However, previous studies focused on enhancing the accuracy of the authentication. Since authentication is directly used by people, it is necessary to reflect actual users' perception. This paper proposes user perception on behavior-based authentication with feature analysis. We conduct user survey to empirically understand user perception regarding behavioral authentication with selected authentication features. Then, we analyze acceptance of the behavioral authentication to provide continuous authentication with minimal awareness while using the device.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.4
• /
• pp.81-90
• /
• 2014

As mobile devices have become widely used and developed, PC based malwares can be moving towards mobile-based units. In particular, mobile Botnet reuses powerful malicious behavior of PC-based Botnet or add new malicious techniques. Different from existing PC-based Botnet detection schemes, mobile Botnet detection schemes are generally host-based. It is because mobile Botnet has various attack vectors and it is difficult to inspect all the attack vector at the same time. In this paper, to overcome limitations of host-based scheme, we compare two network-based schemes which detect mobile Botnet by applying HMM and SVM techniques. Through the verification analysis under real Botnet attacks, we present detection rates and detection properties of two schemes.

• Journal of Korea Multimedia Society
• /
• v.13 no.5
• /
• pp.754-762
• /
• 2010

Nowadays, email-based targeted attacks using malcode-bearing documents have been steadily increased. To improve the success rate of the attack and avoid anti-viruses, attackers mainly employ zero-day exploits and relevant social engineering techniques. In this paper, we propose an architecture of the email vaccine cloud system to prevent targeted attacks using malcode-bearing documents. The system extracts attached document files from email messages, performs behavior analysis as well as signature-based detection in the virtual machine environment, and completely removes malicious documents from the messages. In the process of behavior analysis, the documents are regarded as malicious ones in cases of creating executable files, launching new processes, accessing critical registry entries, connecting to the Internet. The email vaccine cloud system will help prevent various cyber terrors such as information leakages by preventing email based targeted attacks.

• The KIPS Transactions:PartC
• /
• v.19C no.2
• /
• pp.83-90
• /
• 2012

MANET(Mobile Ad-Hoc Network) has a weakness from a security aspect because it operates where no wired network is built, which causes the exposed media, dynamic topology, and the lack of both central monitoring and management. It is especially difficult to detect and mitigate a malicious node because there is not a mediator which controls the network. This kind of malicious node is closely connected to the routing in the field of study of Ad-Hoc security. Accordingly this paper proposes the method on how to enhance the security for the safe and effective routing by detecting the malicious node. We propose MBC(Identification technition of Malicious Behavior node based on Collaboration in MANET) that can effectively cope with malicious behavior though double detecting the node executing the malicious behavior by the collaboration between individual node and the neighbor, and also managing the individual nodes in accordance with the trust level obtained. The simulation test results show that MBC can find the malicious nodes more accurately and promptly that leads to the more effectively secure routing than the existing method.

• Journal of the HCI Society of Korea
• /
• v.6 no.2
• /
• pp.11-20
• /
• 2011

The mass collaboration, one of the newest solutions for web-related tasks, has been recognized to be an effective tool for the R&D sectors of the corporates, since the key advantages of crowdsourcing is that the industrial challenges can be shared with the public entities to find proper solutions. This research approaches to the possibility of the design adoption with participation thorough the Internet will positively effect to its process. This research tried to look around the current trend of web 2.0 based services which support the Mass Collaboration method and results of paper related to the Crowdsourcing and design integration. Following to the analysis of web research, we meet the conclusion as just a small number of users' opinion has helped designing new product and service. And we compared it to the conventional design process detail functions, less number of websites support it. However, the result of paper research shows optimistic results of collective design activity. Several cases emphasize that participants were very active to support their thoughts, memories and novel design idea, therefore designer and researchers got enormous help from them and it was better than conventional participatory design in some perspective.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2000.04a
• /
• pp.60-64
• /
• 2000

인터넷상에서 출판사들의 디지털 저작물 전자상거래를 위하여 개발된 DOI는 디지털 정보의 유일한 식별자로써, 저작권 처리와 웹상에서 정보를 자동으로 신뢰성있게 찾아주는 기술이다. 본 논문에서는 DOI에 기반한 텍스트문서의 저작권 보호 방안을 제안한다. 제안된 기법은 인터넷상에서 불법 복사에 같은 행위로부터 전자출판츨 안전하게 이용할 수 있는 방안이다.