• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.357-367
• /
• 2018

As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

• Korean Journal of Remote Sensing
• /
• v.27 no.1
• /
• pp.9-15
• /
• 2011

Since PAN(panchromatic) and MS(multispectral) imagery of pushbroom scanner have the offset between PAN and MS CCD(charge coupled device) in the focal plane, PAN and MS images are acquired at different time and angle. Since clouds are fast moving objects, they should lead mis-registration problem with wrong matching points on clouds. The registration of cloudy imagery to recognize and remove the contamination of clouds can be categorized into three classes: (1) cloud is considered as nose and removed (2) employing multi-spectral imagery (3) using multi-temporal imagery. In this paper, method (1) and (3) are implemented and analysed with cloudy pushbroom scanner images.

• Korean Journal of Remote Sensing
• /
• v.30 no.4
• /
• pp.505-510
• /
• 2014

Normalized Difference Vegetation Index (NDVI) is a major indicator for monitoring climate change and detecting vegetation coverage. In order to retrieve NDVI, it is preprocessed using cloud masking and atmospheric correction. However, the preprocessed NDVI still has abnormally low values known as noise which appears in the long-term time series due to rainfall, snow and incomplete cloud masking. An existing method of using polynomial regression has some problems such as overestimation and noise detectability. Thereby, this study suggests a simple method using amoving average approach for correcting NDVI noises using SPOT/VEGETATION S10 Product. The results of the moving average method were compared with those of the polynomial regression. The results showed that the moving average method is better than the former approach in correcting NDVI noise.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.10
• /
• pp.7211-7218
• /
• 2015

Tens of thousands of malicious codes are generated on average in a day. New types of malicious codes are surging each year. Diverse methods are used to detect such codes including those based on signature, API flow, strings, etc. But most of them are limited in detecting new malicious codes due to bypass techniques. Therefore, a lot of researches have been performed for more efficient detection of malicious codes. Of them, visualization technique is one of the most actively researched areas these days. Since the method enables more intuitive recognition of malicious codes, it is useful in detecting and examining a large number of malicious codes efficiently. In this paper, we analyze the relationships between malicious codes and Native API functions. Also, by applying the word cloud with text mining technique, major Native APIs of malicious codes are visualized to assess their maliciousness. The proposed malicious code analysis method would be helpful in intuitively probing behaviors of malware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.659-666
• /
• 2012

Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.

• Journal of Auto-vehicle Safety Association
• /
• v.14 no.2
• /
• pp.39-44
• /
• 2022

This paper presents LiDAR static obstacle map based vehicle position correction algorithm for urban autonomous driving. Real Time Kinematic (RTK) GPS is commonly used in highway automated vehicle systems. For urban automated vehicle systems, RTK GPS have some trouble in shaded area. Therefore, this paper represents a method to estimate the position of the host vehicle using AVM camera, front camera, LiDAR and low-cost GPS based on Extended Kalman Filter (EKF). Static obstacle map (STOM) is constructed only with static object based on Bayesian rule. To run the algorithm, HD map and Static obstacle reference map (STORM) must be prepared in advance. STORM is constructed by accumulating and voxelizing the static obstacle map (STOM). The algorithm consists of three main process. The first process is to acquire sensor data from low-cost GPS, AVM camera, front camera, and LiDAR. Second, low-cost GPS data is used to define initial point. Third, AVM camera, front camera, LiDAR point cloud matching to HD map and STORM is conducted using Normal Distribution Transformation (NDT) method. Third, position of the host vehicle position is corrected based on the Extended Kalman Filter (EKF).The proposed algorithm is implemented in the Linux Robot Operating System (ROS) environment and showed better performance than only lane-detection algorithm. It is expected to be more robust and accurate than raw lidar point cloud matching algorithm in autonomous driving.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.69-78
• /
• 2022

As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.27-35
• /
• 2021

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.38 no.1
• /
• pp.1-9
• /
• 2020

ABL (Airborne Bathymetric LiDAR) is an advanced survey technology that uses green lasers to simultaneously measure the water depths and oceanic topography in coastal and river areas. Seabed point cloud extraction is an essential prerequisite to further utilizing the ABL data for various geographic data processing and applications. Conventional seabed detection approaches often use return waveforms. However, their limited accessibility often limits the broad use of the bathymetric LiDAR (Light Detection And Ranging) data. Further, it is often questioned if the waveform-based seabed extraction is reliable enough to extract seabed. Therefore, there is a high demand to extract seabed from the point cloud using other sources of information, such as geometric information. This study aimed to assess the feasibility of a ground filtering method to seabed extraction from geo-referenced point cloud data by using CSF (Cloth Simulation Filtering) method. We conducted a preliminary experiment with the RIGEL VQ 880 bathymetric data, and the results show that the CSF algorithm can be effectively applied to the seabed point segmentation.

• Journal of the Korean earth science society
• /
• v.30 no.2
• /
• pp.210-222
• /
• 2009

Lightning data, observed from total lightning detection system (TLDS) of KMA, for the recent five years (2002-2006) have been analyzed for temporal and spatial characteristics of frequency, intensity, duration, and flash rate. Lightning frequency varies largely with years (most frequent in 2006) and the lightning during the summer accounts for 75% of total flashes and only 0.6% of lightnings strike in cold season. In rainy season (JJAS), the ratio of positive flashes to negative ones is as low as 0.15, but it increases up to 0.98 in February. The seasonal variation of lightning duration is strongly linked with lightning occurrences, whereas flashes rates show weak seasonal variability. In a daily scale, lightning, on average, occurs more often at dawn (2 am, 5-7 am) and in the mid-afternoon (15 pm), and the lightning at dawn (around 5 am) is most intense during the day. The western inland areas md the West/South Sea show high lightning density during JJAS, whereas eastern part and the East Sea exhibit a low density of lightning. Considering the low ratio of positive flashes (0.15) for the whole analysis domain during summer period, Chungnam and Jeonbuk areas have a high ratio of flashes over 0.4. However, these should be analyzed with much caution because weak positive cloud-to-cloud discharges can be regarded as cloud-to-ground flashes. The western inland also exhibits long annual flash hours (15-24). And the W3st Sea has high flash rates as a result of large density and low flash hours. The most frequent time of lightning occurrence over most inland areas lies between mid-afternoon and early-evening, whereas mountainous and coastal areas, and the northern Kyoungki and Hwanghae provinces show the maximum lightning strikes in the morning and at dawn, respectively.