• Journal of Internet Computing and Services
• /
• v.14 no.2
• /
• pp.61-71
• /
• 2013

Until now, there have been various studies against Internet worms. Most of intrusion detection and prevention systems against Internet worms use detection rules, but these systems cannot respond to new Internet worms. For this reason, a malicious process control system which uses the fact that Internet worms multicast malicious packets was proposed. However, the greater the number of servers to be protected increases the cost of the malicious process control system, and the probability of detecting Internet worms attacking only some predetermined IP addresses is low. This paper presents a security framework that can reduce the cost of the malicious process control system and increase the probability of detecting Internet worms attacking only some predetermined IP addresses. In the proposed security framework, virtual machines are used to reduce the cost of control servers and unused IP addresses are used to increase the probability of detecting Internet worms attacking only some predetermined IP addresses. Therefore the proposed security framework can effectively respond to a variety of new Internet worms at lower cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.605-616
• /
• 2021

While malwares must be accurately identifiable from arbitrary programs, existing studies using classification techniques have limitations that they can only be applied to limited samples. In this work, we propose a method to utilize API call frequency to detect and classify malware families from arbitrary programs. Our proposed method defines a rule that checks whether the call frequency of a particular API exceeds the threshold, and identifies a specific family by utilizing the rate information on the corresponding rules. In this paper, decision tree algorithm is applied to define the optimal threshold that can accurately identify a particular family from the training set. The performance measurements using 4,443 samples showed 85.1% precision and 91.3% recall rate for family detection, 97.7% precision and 98.1% reproduction rate for classification, which confirms that our method works to distinguish malware families effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.225-238
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. In this paper, we propose a framework for user behavior analysis for bot detection in online games. Specifically, we focus on party play that reflects the social activities of gamers: In a Massively Multi-user Online Role Playing Game (MMORPG), party play log includes a distinguished information that can classify game users under normal-user and abnormal-user. That is because the bot users' main activities target on the acquisition of cyber assets. Through a statistical analysis of user behaviors in game activity logs, we establish the threshold levels of the activities that allow us to identify game bots. Also, we build a knowledge base of detection rules based on this statistical analysis. We apply these rule reasoner to the sixth most popular online game in the world. As a result, we can detect game bot users with a high accuracy rate of 95.92%.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.557-559
• /
• 2022

The use of open source has the advantage that the development environment is convenient and maintenance is easier, but there is a limitation in that it is easy to be exposed to vulnerabilities from a security point of view. In this regard, the LOG4J vulnerability, which is an open source logging library widely used in Apache, was recently discovered. Currently, the risk of this vulnerability is at the 'highest' level, and developers are using it in many systems without being aware of such a problem, so there is a risk that hacking accidents due to the LOG4J vulnerability will continue to occur in the future. In this paper, we analyze the LOG4J vulnerability in detail and propose a SNORT detection policy technology that can detect vulnerabilities more quickly and accurately in the security control system. Through this, it is expected that in the future, security-related beginners, security officers, and companies will be able to efficiently monitor and respond quickly and proactively in preparation for the LOG4J vulnerability.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.425-427
• /
• 2012

본 논문에서는 상황인지 시스템에서 규칙들간에 발생하는 충돌을 실행 이전에 탐지하기 위한 기법을 소개한다. 사용자가 새로운 규칙을 입력하면, 이벤트, 조건, 액션 정보를 단계적으로 분석하여, 동일한 이벤트가 상이한 서비스를 요구하는 규칙들을 탐지한다. 이는 실행 중에 발생되는 충돌을 감소시킴으로써, 동적 충돌 탐지 및 해결 대상을 감소시킨다. 제안된 기법은 규칙 기반 상황인지 미들웨어 상에 구현되었다.

• Proceedings of the IEEK Conference
• /
• 2000.06d
• /
• pp.98-101
• /
• 2000

On CELP type Vocoders G.723.1 6.3kbps/5.3kbps Dual Rate Speech Codec, which is developed for Internet Phone and videoconferencing, uses VAD(Voice Activity Detection)/CNG (Comfort Noise Generator) in order to reduce the bit rate in a silence period. In order to reduce the bit rate effectively in this paper, we first set the boundary condition of the energy threshold to prevent the consumption of unnecessary processing time, and use three decision rules to detect an active frame by energy, pitch gain and LSP distance. To evaluate the performance of the proposed algorithm we use silence-inserted speech data with 0, 5, 10, 20dB of SNR. As a result when SNR is over 5dB, the bit rate is reduced up to about 40% without speech degradation and the processing time is additionally decreased.

• 한국데이터정보과학회:학술대회논문집
• /
• 2005.04a
• /
• pp.164-173
• /
• 2005

Data mining is the method to find useful information for large amounts of data in database. It is used to find hidden knowledge by massive data, unexpectedly pattern, relation to new rule. The methods of data mining are decision tree, association rules, clustering, neural network and so on. The decision tree approach is most useful in classification problems and to divide the search space into rectangular regions. Decision tree algorithms are used extensively for data mining in many domains such as retail target marketing, fraud detection, data reduction and variable screening, category merging, etc. We analyze waste database united with local information using decision tree techniques for environmental information. We can use these decision tree outputs for environmental preservation and improvement.

• Proceedings of the KSRS Conference
• /
• 2005.10a
• /
• pp.333-336
• /
• 2005

The advance of wireless telecommunication and observation technologies leads developing sensor and sensor network for serving the context information continuously. Besides, in order to understand and cope with the context awareness based on the sensor network, it is becoming important issue to deal with plentiful data transmitted from various sensors. Therefore, we propose a context awareness system to deal with the plentiful sensor data in a vast area such as the prevention of a forest fire, the warning system for detecting environmental pollution, and the analysis of the traffic information, etc. The proposed system consists of the context acquisition to collect and store various sensor data, the knowledge base to keep context information and context log, the rule manager to process context information depending on user defined rules, and the situation information manager to analysis and recognize the context, etc. The proposed system is implemented for managing renewable energy data management transmitted from a large scale area.

• Proceedings of the IEEK Conference
• /
• 2008.06a
• /
• pp.497-498
• /
• 2008

An integrated Mach-Zehnder interferometer for biosensor applications was designed and fabricated. To implement the optimum biosensor a rib waveguide must have single mode operation and high sensitivity. The proposed Mach-Zehnder interferometer was fabricated based on these design rules, and its feasibility is confirmed by ethanol detection experiment in the real-time measurement system operating at 632.8 nm.

• 제어로봇시스템학회:학술대회논문집
• /
• 2001.10a
• /
• pp.102.3-102
• /
• 2001

In this paper, we propose a novel method that can detect face region effectively with fuzzy theory and neural network We make fuzzy rules and membership functions to describe the face color. In this algorithm, we use a perceptually uniform color space to increase the accuracy and stableness of the nonlinear color information. We use this model to extract the face candidate, and then scan it with the pre-built sliding window by using a neural network-based pattern-matching method to find eye. A neural network examines small windows of face candidate, and decides whether each window contains eye. We can standardize the face candidate geometrically with detected eyes.