• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.115-122
• /
• 2006

The most methods for intrusion detection are based on the misuse detection which accumulates hewn intrusion information and makes a decision of an attack against any behavior data. However it is very difficult to detect a new or modified aoack with only the collected patterns of attack behaviors. Therefore, if considering that the method of anomaly behavior detection actually has a high false detection rate, a new approach is required for very huge intrusion patterns based on sequence. The approach can improve a possibility for intrusion detection of known attacks as well as modified and unknown attacks in addition to the similarity measurement of intrusion patterns. This paper proposes a method which applies the multiple sequence alignments technique to the similarity matching of the sequence based intrusion patterns. It enables the statistical analysis of sequence patterns and can be implemented easily. Also, the method reduces the number of detection alerts and false detection for attacks according to the changes of a sequence size.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.11-17
• /
• 2020

With the increase in cases of using Bluetooth devices used in the electric vehicle charging systems, security issues are also raised. Although various technical efforts have beed made to enhance security of bluetooth technology, various attack methods exist. In this paper, we propose an intelligent Bluetooth intrusion detection system based on a well-known machine learning method, Hidden Markov Model, for the purpose of detecting intelligently representative Bluetooth attack methods. The proposed approach combines packet types of H4, which is bluetooth transport layer protocol, and the transport directions of the packet firstly to represent the behavior of current traffic, and uses the temporal deployment of these combined types as the final input features for detecting attacks in real time as well as accurate detection. We construct the experimental environment for the data acquisition and analysis the performance of the proposed system against obtained data set.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1611-1625
• /
• 2019

The emergence of new technologies and devices brings a new environment in the field of cyber security. It is not easy to predict possible security threats about new environment every time without special criteria. In other words, most malicious codes often reuse malicious code that has occurred in the past, such as bypassing detection from anti-virus or including additional functions. Therefore, we are predicting the security threats that can arise in a new environment based on the history of repeated malicious code. In this paper, we classify and define not only the internal information obtained from malicious code analysis but also the features that occur during infection and attack. We propose a method to predict and manage security threats in new environment by continuously managing and extending.

• The Journal of the Korea Contents Association
• /
• v.16 no.4
• /
• pp.114-122
• /
• 2016

Concrete is cost-benefit and high-durable construction material, however durability problem can be caused due to steel corrosion under chloride attack. Recently deicing salt has been widely spread in snowing season, which accelerates micro-cracks and scaling in surface concrete and the melted deicing salt causes corrosion in embedded steel. The previous governing equation of Fick's 2nd Law cannot evaluate the deteriorated surface concrete so that another technique is needed for the surface effect. This paper presents chloride penetration analysis technique for concrete subjected to deicing salt utilizing multi-layer diffusion model and time-dependent diffusion behavior. For the work, field investigation results of concrete pavement exposed deicing salt for 18 years are adopted. Through reverse analysis, deteriorated depth and increased diffusion coefficient in the depth are evaluated, which shows 12.5~15.0mm of deteriorated depth and increased diffusion coefficient by 2.0 times. The proposed technique can be effectively applied to concrete with two different diffusion coefficients considering enhanced or deteriorated surface conditions.

• Journal of Digital Contents Society
• /
• v.19 no.1
• /
• pp.181-191
• /
• 2018

With the development of IT, hacking crimes are becoming intelligent and refined. In Emergency response, Big data analysis in information security is to derive problems such as abnormal behavior through collecting, storing, analyzing and visualizing whole log including normal log generated from various information protection system. By using the full log data, including data we have been overlooked, we seek to detect and respond to the abnormal signs of the cyber attack from the early stage of the cyber attack. We used open-source ELK Stack technology to analyze big data like unstructured data that occur in information protection system, terminal and server. By using this technology, we can make it possible to build an information security control system that is optimized for the business environment with its own staff and technology. It is not necessary to rely on high-cost data analysis solution, and it is possible to accumulate technologies to defend from cyber attacks by implementing protection control system directly with its own manpower.

• Journal of Korea Multimedia Society
• /
• v.13 no.5
• /
• pp.754-762
• /
• 2010

Nowadays, email-based targeted attacks using malcode-bearing documents have been steadily increased. To improve the success rate of the attack and avoid anti-viruses, attackers mainly employ zero-day exploits and relevant social engineering techniques. In this paper, we propose an architecture of the email vaccine cloud system to prevent targeted attacks using malcode-bearing documents. The system extracts attached document files from email messages, performs behavior analysis as well as signature-based detection in the virtual machine environment, and completely removes malicious documents from the messages. In the process of behavior analysis, the documents are regarded as malicious ones in cases of creating executable files, launching new processes, accessing critical registry entries, connecting to the Internet. The email vaccine cloud system will help prevent various cyber terrors such as information leakages by preventing email based targeted attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.667-677
• /
• 2012

Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.17 no.2
• /
• pp.98-112
• /
• 2018

Intentional aggressive driving (IAD) is a very dangerous driving behavior that threatens to attack the adjacent vehicles. Most existing studies have focused on the independent driving characteristics of attack drivers. However, the identification of interactions between the offender and the victim is necessary for the traffic safety analysis. This study established multi-agent driving simulation environments to systematically analyze vehicle interactions in terms of traffic safety. Time-to-collision (TTC) was adopted to quantify vehicle interactions in terms of traffic safety. In addition, a exponential decay function was further applied to compare the overall pattern of change in crash potentials when IAD events occurred. The outcome of this study would be useful in developing policy-making activities to enhance traffic safety by reducing dangerous driving events including intentional aggressive driving.

• Wind and Structures
• /
• v.27 no.6
• /
• pp.381-397
• /
• 2018

Nonlinear behavior in fluid-structure interaction (FSI) of bridge decks becomes increasingly significant for modern bridges with increasing spans, larger flexibility and new aerodynamic deck configurations. Better understanding of the nonlinear aeroelasticity of bridge decks and further development of reduced-order nonlinear models for the aeroelastic forces become necessary. In this paper, the amplitude-dependent and neutral angle dependent nonlinearities of the motion-induced loads are further highlighted by series of computational fluid dynamics (CFD) simulations. An effort has been made to investigate a semi-analytical time-domain model of the nonlinear motion induced loads on the deck, which enables nonlinear time domain simulations of the aeroelastic responses of the bridge deck. First, the computational schemes used here are validated through theoretically well-known cases. Then, static aerodynamic coefficients of the Great Belt East Bridge (GBEB) cross section are evaluated at various angles of attack, leading to the so-called nonlinear backbone curves. Flutter derivatives of the bridge are identified by CFD simulations using forced harmonic motion of the cross-section with various frequencies. By varying the amplitude of the forced motion, it is observed that the identified flutter derivatives are amplitude-dependent, especially for $A^*_2$ and $H^*_2$ parameters. Another nonlinear feature is observed from the change of hysteresis loop (between angle of attack and lift/moment) when the neutral angles of the cross-section are changed. Based on the CFD results, a semi-analytical time-domain model for describing the nonlinear motion-induced loads is proposed and calibrated. This model is based on accounting for the delay effect with respect to the nonlinear backbone curve and is established in the state-space form. Reasonable agreement between the results from the semi-analytical model and CFD demonstrates the potential application of the proposed model for nonlinear aeroelastic analysis of bridge decks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.37-46
• /
• 2006

It is known to be hard to apply cryptographic one-way functions to the recognition system using bio-information directly. As one of the solutions about that problem there is a permutation transformation scheme. However, they did not show my algorithmic behavior or any performance analysis of the transformation by experiment. In this paper, by showing the recognition ratio of the transformed scheme by experiment, we prove that that scheme is sound. Also, we adopt their transformation to LDA(Linear Discriminant Analysis) to show the experimental results. In the negative side, we introduce a new type of attack against the permutation transformation schemes. finally, we briefly mention a generalization of the permutation transformation for countermeasure of the attack at the end of this paper.