• Journal of Korean Library and Information Science Society
• /
• v.49 no.2
• /
• pp.357-388
• /
• 2018

This study aims to analyze library user and circulation status based on the bigdata logs to identify characteristics by user group and propose methods for efficient management of library. The logs to be analyzed consist of user information, circulation information, service usage information registered at the National Library of Korea, Sejong. The user information logs contain 107,369 age data, 106,918 gender data, 106,838 residential data. The circulation information logs contain 536,083 circulation user data, 6,509,369 circulation count data, and the service usage information logs contain 82,813 data. For the analysis of characteristics by user group, the data were used for analyzing user status by age, gender, residence and circulation status by year, month, day. In addition, this study conducts FGI(Focus Group Interview) and linkage analysis with external data to identify factors for analysis results. Based on analysis results, improvement methods for helping library make effective decision-making were proposed. This study analyze empirically user and circulation status based on bigdata logs, and it has significance for being different form proceeding researches with less analysis data.

• Journal of the Korean Society for information Management
• /
• v.32 no.4
• /
• pp.289-305
• /
• 2015

This study aims to investigate information seeking behavior of Popshoes users. Transaction logs of Popshoes, a major Korean shopping search engine, were analyzed. These transaction logs were collected over 3 months period, from January 1 to March 31, 2015. The results of this study show that Popshoes users behave in a simple and passive way. In the total sessions, more users chose to browse a directory than typing and submitting a query. However, queries played a more crucial role in important decision makings such as search results clicks and product purchases than directory browsing. The results of this study can be implemented to the effective development of shopping search engines.

• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.520-537
• /
• 2019

This paper proposes a system that can detect the data leakage pattern using a convolutional neural network based on defining the behaviors of leaking data. In this case, the leakage detection scenario of data leakage is composed of the patterns of occurrence of security logs by administration and related patterns between the security logs that are analyzed by association relationship analysis. This proposed system then detects whether the data is leaked through the convolutional neural network using an insider malicious behavior graph. Since each graph is drawn according to the leakage detection scenario of a data leakage, the system can identify the criminal insider along with the source of malicious behavior according to the results of the convolutional neural network. The results of the performance experiment using a virtual scenario show that even if a new malicious pattern that has not been previously defined is inputted into the data leakage detection system, it is possible to determine whether the data has been leaked. In addition, as compared with other data leakage detection systems, it can be seen that the proposed system is able to detect data leakage more flexibly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.145-154
• /
• 2014

In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.21-28
• /
• 2019

Process mining is state-of-the-art technology in the workflow field. Recently, process mining becomes more important because of the fact that it shows the status of the actual behavior of the workflow model. However, as the process mining get focused and developed, the material of the process mining - workflow event log - also grows fast. Thus, the process mining algorithms cannot operate with some data because it is too large. To solve this problem, there should be a lightweight process mining algorithm, or the event log must be divided and processed partly. In this paper, we suggest a set of operations that control and edit XES based event logs for process mining. They are designed based on relational algebra, which is used in database management systems. We designed three operations for tailoring XES event logs. Select operation is an operation that gets specific attributes and excludes others. Thus, the output file has the same structure and contents of the original file, but each element has only the attributes user selected. Union operation makes two input XES files into one XES file. Two input files must be from the same process. As a result, the contents of the two files are integrated into one file. The final operation is a slice. It divides anXES file into several files by the number of traces. We will show the design methods and details below.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.851-865
• /
• 2021

Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company's analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.25 no.1
• /
• pp.19-37
• /
• 2014

Server transaction logs containing complete click-through data from a digital library of primarily image-based documents were analyzed to better understand user search session behavior. One month of data was analyzed using descriptive statistics and network analysis methods. The findings reveal iterative search behaviors centered on result views and evaluation and topical areas of focus for the search sessions. The study is novel in its combined analytical techniques and use of click-through data for image collections.

• Journal of the Korean Society for Library and Information Science
• /
• v.39 no.2
• /
• pp.147-160
• /
• 2005

This study examines trends of web query types and topics submitted to NAVER during one year period by analyzing query logs and click logs. There was a seasonal difference in the distribution of query types. Query type distribution was also different between weekdays and weekends, and between different days of the week. The log data show seasonal changes in terms of the topics of queries. Search topics seem to change between weekdays and weekends, and between different days of the week. However, there was little change in overall patterns of search behavior across one year. The implications for system designers and web content providers are discussed.

• Journal of the Korean Wood Science and Technology
• /
• v.30 no.3
• /
• pp.104-108
• /
• 2002

Nail withdrawal tests were conducted on clear wood of domestic small diameter logs. Nails were driven into the cross and longitudinal sections of each specimen, then nail withdrawal tests were performed. Nail withdrawal loads are strongly dependent on the direction of nail positions. The average load values for the nail withdrawal both in cross section and longitudinal section are higher in high specific gravity (SG) wood of sawtooth oak (Quercus acutissima Carr.) than those in low SG wood of Korean red pine (Pinus densiflora Sieb. et Zucc.) and pitch pine (Pinus rigida Mill.). The average ratio of the nail withdrawal loads for side-grain and end-grain are higher in the low SG wood than that in the high SG of wood. Both linear and non-linear regression analyses were conducted on nail withdrawal load with SG, good correlations were obtained between nail withdrawal load and SG.

• Journal of Internet Computing and Services
• /
• v.24 no.1
• /
• pp.17-26
• /
• 2023

A smart city is a massive internet of things (IoT) environment, where all terminal devices are connected to a network to create and share information. In accordance with massive IoT environments, millions of IoT devices are connected, and countless data are generated in real time. However, since heterogeneous IoT devices are used, collecting the logs for each IoT device is difficult. Due to these issues, when an IoT device is invaded or is engaged in malicious behavior, such as infection with malware, it is difficult to respond quickly, and additional damage may occur due to information leakage or stopping the IoT device. To solve this problem, in this paper, we propose identifying the attack technique used for initial access to IoT devices through MITRE ATT&CK, collect the logs that can be generated from the identified attack technique, and use them to identify the cause of malware infection.