• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.87-94
• /
• 2022

Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.192-195
• /
• 2024

최근 빠른 속도로 개발되고 있는 인공지능 기술은 여러 산업 분야에서 활용 되고 있다. 그러나 최근 딥러닝 네트워크에 대한 부채널 공격 기법들이 등장하고 있으며, 이는 해당 모델을 재구현하여 자율 주행 자동차에 대한 해킹 등과 같이 치명적인 보안 위협이 될 수 있으므로 이에 대한 이해와 대응책이 필요하다. 본 논문에서는 딥러닝 네트워크에 대한 부채널 공격 기법 동향에 대해 살펴보고, 이에 대한 대응 기술 또한 함께 알아본다.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.233-240
• /
• 2019

In order to predict and respond to cyber attacks, a number of security companies quickly identify the methods, types and characteristics of attack techniques and are publishing Security Intelligence Reports(SIRs) on them. However, the SIRs distributed by each company are huge and unstructured. In this paper, we propose a framework that uses five analytic techniques to formulate a report and extract key information in order to reduce the time required to extract information on large unstructured SIRs efficiently. Since the SIRs data do not have the correct answer label, we propose four analysis techniques, Keyword Extraction, Topic Modeling, Summarization, and Document Similarity, through Unsupervised Learning. Finally, has built the data to extract threat information from SIRs, analysis applies to the Named Entity Recognition (NER) technology to recognize the words belonging to the IP, Domain/URL, Hash, Malware and determine if the word belongs to which type We propose a framework that applies a total of five analysis techniques, including technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.8
• /
• pp.2230-2252
• /
• 2024

Advances in deep learning technology have enabled the generation of more realistic deepfakes, which not only endanger individuals' identities but also exploit vulnerabilities in face recognition systems. The majority of existing deepfake detection methods have primarily focused on RGB-based analysis, offering unreliable performance in terms of detection accuracy and time. To address the issue, a grayscale-based deepfake detection method has recently been proposed. This method significantly reduces detection time while providing comparable accuracy to RGB-based methods. However, despite its significant effectiveness, the "key components" that directly affect the performance of grayscale-based deepfake detection have not been systematically analyzed. In this paper, we target three key components: RGB-to-grayscale conversion method, brightness level in grayscale, and resolution level in grayscale. To analyze their impacts on the performance of grayscale-based deepfake detection, we conducted comprehensive evaluations, including component-wise analysis and comparative analysis using real-world datasets. For each key component, we quantitatively analyzed its characteristics' performance and identified differences between them. Moreover, we successfully verified the effectiveness of an optimal combination of the key components by comparing it with existing deepfake detection methods.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• Annual Conference of KIPS
• /
• 2022.11a
• /
• pp.55-56
• /
• 2022

Hypertension is a severe health problem and increases the risk of other health issues, such as heart disease, heart attack, and stroke. In this research, we propose a machine learning-based prediction method for the risk of chronic hypertension. The proposed method consists of four main modules. In the first module, the linear interpolation method fills missing values of the integration of gas and meteorological datasets. In the second module, the OrdinalEncoder-based normalization is followed by the Decision tree algorithm to select important features. The prediction analysis module builds three models based on k-Nearest Neighbors, Decision Tree, and Random Forest to predict hypertension levels. Finally, the features used in the prediction model are explained by the DeepSHAP approach. The proposed method is evaluated by integrating the Korean meteorological agency dataset, natural gas leakage dataset, and Korean National Health and Nutrition Examination Survey dataset. The experimental results showed important global features for the hypertension of the entire population and local components for particular patients. Based on the local explanation results for a randomly selected 65-year-old male, the effect of hypertension increased from 0.694 to 1.249 when age increased by 0.37 and gas loss increased by 0.17. Therefore, it is concluded that gas loss is the cause of high blood pressure.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.21-31
• /
• 2018

Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.