• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.11
• /
• pp.4310-4330
• /
• 2020

With the continuous emergence of new applications and cyberattacks and their frequent updates, the need for automatic protocol reverse engineering is gaining recognition. Although several methods for automatic protocol reverse engineering have been proposed, each method still faces major limitations in extracting clear specifications and in its universal application. In order to overcome such limitations, we propose an automatic protocol reverse engineering method using a two-pathway model based on a contiguous sequential pattern (CSP) algorithm. By using this model, the method can infer both command-oriented protocols and non-command-oriented protocols clearly and in detail. The proposed method infers all the key elements of the protocol, which are syntax, semantics, and finite state machine (FSM), and extracts clear syntax by defining fine-grained field types and three types of format: field format, message format, and flow format. We evaluated the efficacy of the proposed method over two non-command-oriented protocols and three command-oriented protocols: the former are HTTP and DNS, and the latter are FTP, SMTP, and POP3. The experimental results show that this method can reverse engineer with high coverage and correctness rates, more than 98.5% and 99.1% respectively, and be general for both command-oriented and non-command-oriented protocols.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.26-36
• /
• 2021

The Internet was created as a decentralized and autonomous system of interconnected computer networks used for data exchange across mutually trusted participants. The element technologies on the Internet, such as inter-domain and intra-domain routing and DNS, operated in a distributed manner. With the development of the Web, the Web has become indispensable in daily life. The existing web applications allow us to form online communities, generate private information, access big data, shop online, pay bills, post photos or videos, and even order groceries. This is what has led to centralization of the Web. This centralization is now controlled by the giant social media platforms that provide it as a service, but the original Internet was not like this. These giant companies realized that the decentralized network's huge value involves gathering, organizing, and monetizing information through centralized web applications. The centralized Web applications have heralded some major issues, which will likely worsen shortly. This study focuses on these problems and investigates blockchain's potentials for decentralized web architecture capable of improving conventional web services' critical features, including autonomous, robust, and secure decentralized processing and traceable trustworthiness in tamper-proof transactions. Finally, we review the decentralized web architecture that circumvents the main Internet gatekeepers and controls our data back from the giant social media companies.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Wind and Structures
• /
• v.34 no.1
• /
• pp.151-159
• /
• 2022

The aerodynamics of blunt bodies with separation at the sharp corner of the leading edge and reattachment on the body side are particularly important in civil engineering applications. In recent years, a number of experimental and numerical studies have become available on the aerodynamics of a rectangular cylinder with chord-to-thickness ratio equal to 5 (BARC). Despite the interest in the topic, a widely accepted set of guidelines for grid generation about these blunt bodies is still missing. In this work a new, well resolved Direct Numerical Simulation (DNS) around the BARC body at Re=3000 is presented and its results compared to previous DNSs of the same case but with different numerical approaches and mesh. Despite the simulations use different numerical approaches, mesh and domain dimensions, the main discrepancies are ascribed to the different grid spacings employed. While a more rigorous analysis is envisaged, where the order of accuracy of the schemes are kept the same while grid spacings are varied alternately along each spatial direction, this represents a first attempt in the study of the influence of spatial resolution in the Direct Numerical Simulation of flows around elongated rectangular cylinders with sharp corners.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2023.05a
• /
• pp.130-130
• /
• 2023

제트류는 다양한 크기와 운동량의 에디가 복잡하게 혼합되어 이루어져 있으며, 이를 정확하게 모델링하고 이해하기 위해서는 제트류의 다양한 특성들을 잘 반영하여 연구를 수행해야 한다. 다양한 연구 수행 방법 중 수치해석 방법은 상대적으로 공간 및 시간적 비용이 적게 들어서 널리 사용되고 있다. 이러한 수치해석 방법에는 DNS(Direct Numerical Simulation), LES(Large Eddy Simulation), RANS(Reynolds Averaged Navier Stokes) 등이 있으며, 그중 LES는 난류 모델링을 사용하는 RANS 방법에 비해 더욱 정확한 흐름 모델링을 제공하는 장점이 있다. 이러한 LES는 대규모 에디는 직접 해석하면서, 일정 크기 이하의 에디는 모델링을 사용해 해석하는 것이 특징이다. 하지만, LES를 사용하기 위해서는 적절한 그리드 크기를 결정하는 것이 중요하며, 이는 모델의 정확성과 연산 비용에 큰 영향을 미친다. 하지만, 여전히 적절한 그리드 크기를 결정하는 것은 어려운 문제이다. 이러한 LES 모델링을 사용할 때 적절한 그리드 크기를 결정하기 위해서는 정확한 시간 평균 속도 변동을 연구하는 것이 앞서 선행되어야 한다. 따라서, 본 연구에서는 기계학습 기반 접근 방식을 사용하여 난류 제트 내 시간 평균 속도 변동을 예측하는 연구를 진행하였다. 즉, 난류 제트 역학을 이해하는 데 중요한 파라미터인 시간 평균 유속을 이용하여 시간 평균 속도 변동을 예측하는 데 초점을 맞추었다. 모델의 성능은 평균 제곱 오차와 R-제곱 등 다양한 지표를 사용하여 평가되었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.543-546
• /
• 2023

봇넷은 지속적으로 사이버 범죄에 이용되고 있으며 네트워크 환경에 큰 위협이 되고 있다. 기존에는 봇들이 C&C 서버와 통신하는 것을 방지하기 위해 블랙리스트를 기반으로 DNS 서버에서 봇넷 도메인을 탐지하는 방식을 주로 사용하였다. 그러나 도메인 생성 알고리즘(DGA)을 이용하는 봇넷이 증가하면서 기존에 사용하던 블랙리스트 기반의 도메인 차단 방식으로는 더 이상 봇넷 도메인을 효율적으로 차단하기 어려워졌다. 이에 따라 봇넷 도메인 생성 알고리즘을 통해 생성되는 도메인의 특성을 분석하고 이를 토대로 봇넷 도메인을 식별하고 차단하고자 하는 시도가 계속되고 있다. 특히 연속적인 데이터 처리에 주로 사용되는 딥러닝 알고리즘을 이용하여 봇넷 도메인의 특징을 효과적으로 추출하고 정확도가 높은 탐지 모델을 구축하고자 하는 연구가 주를 이루고 있으며, 탐지뿐만 아니라 봇넷 그룹(Family) 분류까지 연구가 확장되고 있다. 이에 본 논문에서는 봇넷 도메인 생성 알고리즘에 의해 생성되는 봇넷 도메인을 식별 및 분류하기 위해 딥러닝 기술을 적용한 최근 연구 동향을 조사하고 앞으로의 연구 방향성을 논의하고자 한다.

• Transactions of the Korean Society of Mechanical Engineers B
• /
• v.27 no.5
• /
• pp.655-667
• /
• 2003

Turbulent flow over a fully-developed wavy channel is investigated by the nonlinear $k-\varepsilon-f_\mu$ model of Park et al.⁽¹⁾ The Reynolds number is fixed at $Re_{b}$ = 6760 through all wave amplitudes and the wave configuration is varied in the range of $0\leq\alpha/\lambda\leq0.15$ and $0.25\leq{\lambda}/H\leq4.0$. The predicted results for wavy channel are validated by comparing with the DNS data of Maa$\beta$ and Schumann⁽²⁾ The model performance Is shown to be generally satisfactory. As the wave amplitude increases, it is found that the form drag grows linearly and the friction drag is overwhelmed by the form drag. In order to verify these characteristics, a large eddy simulation is performed for four cases. The dynamic model of Germane et al.⁽³⁾ is adopted. Finally, the effects of wavy amplitude on separated shear layer are scrutinized.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.34 no.5
• /
• pp.1435-1442
• /
• 2014

This study presented numerical simulations of smooth-bed flows in the rectangular open-channel using the source code by OpenFOAM. For the analysis of the turbulent flow, Large Eddy Simulations were carried out and the dynamic sub-grid scale model proposed by Germano et al. (1991) is used to model the residual stress term. In order to analyze the coherent structure, the uw quadrant method proposed by Lu and Willmarth (1973) is used and the contribution rate and the fraction time of the instantaneous Reynolds stress are obtained in the Reynolds stress. The results by the present study are analyzed and compared with data from previous laboratory studies and direct numerical simulations. It is found that the contribution rate of the ejection events is larger than that of sweep events over the buffer layer in the open-channel flow over the smooth bed, however, the frequency of the sweep event is higher than that of the ejection events.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1129-1135
• /
• 2016

The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.

• Transactions of the Korean Society of Mechanical Engineers B
• /
• v.33 no.6
• /
• pp.427-434
• /
• 2009

A new surface shape of an internal cooling passage which largely reduces the pressure drop and enhances the surface heat transfer is proposed in the present study. The surface shape of the cooling passage is consisted of the concave dimple and the riblet inside the dimple which is protruded along the stream-wise direction. Direct Numerical Simulation (DNS) for the fully developed turbulent flow and thermal fields in the cooling passage is conducted. The numerical simulations for five different surface shapes are conducted at the Reynolds number of 2800 based on the mean bulk velocity and channel height and Prandtl number of 0.71. The driving pressure gradient is adjusted to keep a constant mass flow rate in the x direction. The thermoaerodynamic performance for five different cases used in the present study was assessed in terms of the drag, Nusselt number, Fanning friction factor, volume and area goodness factor in the cooling passage. The value of maximum ratio of drag reduction is -22.86 %, and the value of maximum ratio of Nusselt number augmentation is 7.05% when the riblet angle is $60^{\circ}$. The remarkable point is that the ratio of Nusselt number augmentation has the positive value for the surface shapes which have over $45^{\circ}$ of the riblet angle. The maximum volume and area goodness factors are obtained when the riblet angle is $60^{\circ}$.