• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.1
• /
• pp.52-60
• /
• 2002

According as many people use a computer newly, damage of computer virus and hacking is rapidly increasing by the crucial users. A computer virus is one of program in computer and has abilities of self reproduction and destruction like a virus of biology. And hacking is to rob a person's data in a intruded computer and to delete data in a Person s computer from the outside. To block hacking that is intrusion of a person's computer and the computer virus that destroys data, a study for intrusion detection of system and virus detection using a biological immune system is in progress. In this paper, we make a model of positive and negative selection for self recognition which have a similar function like T-cytotoxic cell that plays an important role in biological immune system. We embody a self-nonself distinction algorithm in computer, which is an important part when we detect an infected data by computer virus and a modified data by intrusion from the outside. And we showed the validity and effectiveness of the proposed self recognition algorithm by computer simulation about various infected data obtained from the cell change and string change in the self file.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.679-682
• /
• 2003

In this paper, we propose a Genetic Algorithm (GA) using symbiotic evolutionary viruses. Our GA is based on both the building block hypothesis and the virus theory of evolution. The proposed GA aims to control a destruction of building blocks by discovering, keeping, and propagating of building blocks based on virus operation. Concretely, we prepare the group of individuals and the group of viruses. In our GA, the group of individuals searches solutions and the group of viruses searches building blocks. These searches done based on the symbiotic relation of both groups. Also, our GA has two types of virus evaluation techniques. One is that each virus is evaluated by the difference of the fitness of an individual between before and after infection of virus. Another is that all viruses aye evaluated by the difference of the fitness of an individual between before and after infection of all viruses. Furthermore, we applied the proposed GA to the minimum value search problem of a test function which has some local solutions far from the optimal solution. And, we discuss a difference of behaviors of the proposed GA based on each virus evaluation techniques.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.39-47
• /
• 2002

To recently with the love-letter and Back Orifice the same Worm-virus, with the Trojan and the Linux-virus back against the new species virus which inside and outside of the country to increase tendency the malignant new species virus which is the possibility of decreasing the damage which is enormous in the object appears and to follow a same network coat large scale PC is being quicker, it disposes spontaneously to respect, applied an artificial intelligence technique the research against the next generation malignant computer virus of new form is demanded. Will reach and to respect it analyzes the digital immunity system of the automatic detection which is quick against the next generation malignant virus which had become unconfirmed and the foreign countries which has an removal function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.4
• /
• pp.49-60
• /
• 1999

In this paper we introduce the definition and historical overviews of computer virus program and review their side-effect and ways of infections. We describe the feature of CIH virus which damaged lots of PC systems in Asian countries recently and propose new methods how to rescue against destruction under the operating system of the Microsoft's Windows 95/98. Our experiment results can fix hard disk having FAT32 file system structure and show some popular program cases of having recovered by commercial vaccine program.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.202-209
• /
• 2023

Android malware is now on the rise, because of the rising interest in the Android operating system. Machine learning models may be used to classify unknown Android malware utilizing characteristics gathered from the dynamic and static analysis of an Android applications. Anti-virus software simply searches for the signs of the virus instance in a specific programme to detect it while scanning. Anti-virus software that competes with it keeps these in large databases and examines each file for all existing virus and malware signatures. The proposed model aims to provide a machine learning method that depend on the malware detection method for Android inability to detect malware apps and improve phone users' security and privacy. This system tracks numerous permission-based characteristics and events collected from Android apps and analyses them using a classifier model to determine whether the program is good ware or malware. This method used the machine learning techniques KNN-SVM, DBN, and GRU in which help to find the accuracy which gives the different values like KNN gives 87.20 percents accuracy, SVM gives 91.40 accuracy, Naive Bayes gives 85.10 and DBN-GRU Gives 97.90. Furthermore, in this paper, we simply employ standard machine learning techniques; but, in future work, we will attempt to improve those machine learning algorithms in order to develop a better detection algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.79-92
• /
• 2006

Computer virus is one of the most common information security problems in the information age. This study investigates the difference of users' perception of security elements between large companies and small-and-medium companies on the subject of computer virus. Based on t-test, no significant difference is found in users' perception on security threat and security risk While users satisfy with the level of security policy, there is a significant difference on the level of security policy recognition between the two sizes of companies. Moreover, there are significant differences on information assets, security vulnerability and security effectiveness, which implies difference in the users' perception on importance of assets, exposure to threats and computer virus prevention efforts between large and small-and-medium companies.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.199-207
• /
• 2002

Comes in into recent times and there is on with a level where the attack against the computer virus and the hacking which stand is serious. The recently computer virus specific event knows is the substantial damage it will be able to occur from our life inside is a possibility of feeling. The virus which appears specially in 1999 year after seemed the change which is various, also the virus of the form which progresses appeared plentifully The part virus does it uses the password anger technique which relocates the cord of the oneself. Hereupon consequently the vaccine programs in older decode anger to do the password anger of the virus again are using emulation engine. The password anger technique which the like this virus is complicated and decode anger technique follow in type of O.S. and the type is various. It uses a multi emulation engine branch operation setup consequently from one system and to respect it will be able to use a multiple operation setup together it will use the VMware which is an application software which it does as a favor there is a possibility where it will plan 'Virus Test Simulation' and it will embody.

• Journal of Internet Computing and Services
• /
• v.5 no.3
• /
• pp.11-23
• /
• 2004

It is easy to access to the infinity information and programs, but it gives rise to the side effect. There are many side effects(ex. Hacking, Cracking, expose the personal information, etc). Nowadays, the computer virus raise the serious problems. The making program called Vaccine is work out a count measure. The Anti-Virus programs install on the client side computer and upgrade by downloading on the server's signature, the latest date, the program bound both of them is shown, but these programs have the defect that they have no remote control and no signature update because user's unconcern, This paper reported the research of existing virus infecting technology and the development of Web based Anti-Virus Scanner using the remote control on the internet server. Through this paper, I want to set up the counter measure for new virus easily, and to make more fast the vaccine for virus.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.3-10
• /
• 1997

Computer viruses are increasing in number and are continually intellectualized as well. To cope with this problem, anti-virus tools such as a scanner and the monitoring program have been developed. But it is not guaranteed that these softwares will work in safety under MS-DOS' control. If the virus is run first, it can avoid the monitoring of anti-virus software or even can attack the anti-virus software. Therefore, anti-virus programs should be run before the system is infected. This paper presents a new PC starting mechanism which allows the PC system to start from a clean state after booting. For this mechanism, we build a new disk file system different from DOS' file system, and manage the two file systems heterogeneously. Our system is strong against boot viruses and recovers from infections automatically.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.5 s.43
• /
• pp.251-258
• /
• 2006

A Malicious code is used to SMiShing disguised as finance mobile Vishing, using Phishing, Pharming mail, VoIP service etc. to capture of personal information. A Malicious code deletes in Anti-Virus Spyware removal programs, or to cure use. By the way, the Malicious cord which is parasitic as use a DLL Injection technique, and operate are Isass.exe, winlogon.exe, csrss.exe of the window operating system. Be connected to the process that you shall be certainly performed of an exe back, and a treatment does not work. A user forces voluntarily a process, and rebooting occurs, or a blue screen occurs, and Compulsory end, operating system everyone does. Propose a treatment way like a bird curing a bad voice code to use a DLL Injection technique to occur in these fatal results. Click KILL DLL since insert voluntarily an end function to Thread for a new treatment, and Injection did again the Thread which finish an action of DLL, and an end function has as control Thread, and delete. The cornerstone that the treatment wav that experimented on at these papers and a plan to solve will become a researcher of the revolutionary dimension that faced of a computer virus, and strengthen economic financial company meeting Ubiquitous Security will become.