• Journal of Industrial Convergence
• /
• v.21 no.12
• /
• pp.55-62
• /
• 2023

Recent ransomware attacks employ various techniques and pathways, posing significant challenges in early detection and defense. Consequently, the scale of damage is continually growing. This paper introduces a machine learning-based approach for effective ransomware detection by focusing on file encryption and encryption patterns, which are pivotal functionalities utilized by ransomware. Ransomware is identified by analyzing password behavior and encryption patterns, making it possible to detect specific ransomware variants and new types of ransomware, thereby mitigating ransomware attacks effectively. The proposed machine learning-based encryption behavior detection technique extracts encryption and encryption pattern characteristics and trains them using a machine learning classifier. The final outcome is an ensemble of results from two classifiers. The classifier plays a key role in determining the presence or absence of ransomware, leading to enhanced accuracy. The proposed technique is implemented using the numpy, pandas, and Python's Scikit-Learn library. Evaluation indicators reveal an average accuracy of 94%, precision of 95%, recall rate of 93%, and an F1 score of 95%. These performance results validate the feasibility of ransomware detection through encryption behavior analysis, and further research is encouraged to enhance the technique for proactive ransomware detection.

• Journal of Intelligence and Information Systems
• /
• v.27 no.3
• /
• pp.57-73
• /
• 2021

Maintenance and prevention of failure through anomaly detection of ICT infrastructure is becoming important. System monitoring data is multidimensional time series data. When we deal with multidimensional time series data, we have difficulty in considering both characteristics of multidimensional data and characteristics of time series data. When dealing with multidimensional data, correlation between variables should be considered. Existing methods such as probability and linear base, distance base, etc. are degraded due to limitations called the curse of dimensions. In addition, time series data is preprocessed by applying sliding window technique and time series decomposition for self-correlation analysis. These techniques are the cause of increasing the dimension of data, so it is necessary to supplement them. The anomaly detection field is an old research field, and statistical methods and regression analysis were used in the early days. Currently, there are active studies to apply machine learning and artificial neural network technology to this field. Statistically based methods are difficult to apply when data is non-homogeneous, and do not detect local outliers well. The regression analysis method compares the predictive value and the actual value after learning the regression formula based on the parametric statistics and it detects abnormality. Anomaly detection using regression analysis has the disadvantage that the performance is lowered when the model is not solid and the noise or outliers of the data are included. There is a restriction that learning data with noise or outliers should be used. The autoencoder using artificial neural networks is learned to output as similar as possible to input data. It has many advantages compared to existing probability and linear model, cluster analysis, and map learning. It can be applied to data that does not satisfy probability distribution or linear assumption. In addition, it is possible to learn non-mapping without label data for teaching. However, there is a limitation of local outlier identification of multidimensional data in anomaly detection, and there is a problem that the dimension of data is greatly increased due to the characteristics of time series data. In this study, we propose a CMAE (Conditional Multimodal Autoencoder) that enhances the performance of anomaly detection by considering local outliers and time series characteristics. First, we applied Multimodal Autoencoder (MAE) to improve the limitations of local outlier identification of multidimensional data. Multimodals are commonly used to learn different types of inputs, such as voice and image. The different modal shares the bottleneck effect of Autoencoder and it learns correlation. In addition, CAE (Conditional Autoencoder) was used to learn the characteristics of time series data effectively without increasing the dimension of data. In general, conditional input mainly uses category variables, but in this study, time was used as a condition to learn periodicity. The CMAE model proposed in this paper was verified by comparing with the Unimodal Autoencoder (UAE) and Multi-modal Autoencoder (MAE). The restoration performance of Autoencoder for 41 variables was confirmed in the proposed model and the comparison model. The restoration performance is different by variables, and the restoration is normally well operated because the loss value is small for Memory, Disk, and Network modals in all three Autoencoder models. The process modal did not show a significant difference in all three models, and the CPU modal showed excellent performance in CMAE. ROC curve was prepared for the evaluation of anomaly detection performance in the proposed model and the comparison model, and AUC, accuracy, precision, recall, and F1-score were compared. In all indicators, the performance was shown in the order of CMAE, MAE, and AE. Especially, the reproduction rate was 0.9828 for CMAE, which can be confirmed to detect almost most of the abnormalities. The accuracy of the model was also improved and 87.12%, and the F1-score was 0.8883, which is considered to be suitable for anomaly detection. In practical aspect, the proposed model has an additional advantage in addition to performance improvement. The use of techniques such as time series decomposition and sliding windows has the disadvantage of managing unnecessary procedures; and their dimensional increase can cause a decrease in the computational speed in inference.The proposed model has characteristics that are easy to apply to practical tasks such as inference speed and model management.

• Journal of Environmental Health Sciences
• /
• v.43 no.1
• /
• pp.1-22
• /
• 2017

'The worstest environment disaster', 'World's first biocide massacre', 'Home-based Sewol ferry disaster' are all phrases attached to the recent humidifier disinfectant disaster. In the spring of 2011, four of 8 pregnant women including 1 adult man passed away at a university hospital in Seoul due to breathing failure. Epidemiologic investigation conducted by the Korean CDC soon revealed the inhalation of humidifier disinfectant, which had been widely used in Korea during the winter, to be responsible for the disease. As well as lung fibrosis hardening of the lungs, other diseases including asthma, rhinitis, skin disease, liver disease, fetal disease or cancers have been researched for their relation with exposure to the products. By February 9, 2017, 5,342 cases had registered for health problems and 1,131 of them were already dead (20.8% mortality rate). Based on studies by government agencies and a telephone survey of the general population by Seoul National University and civic groups, around 20% of the general public of Korea has used these products. Since the market release of the first product by SK Chemical in 1994, over 7.1 million items from around 20 brands were sold up to 2011. Most of the products were manufactured by well-known large conglomerates such as SK, Lotte, Samsung, Shinsegye, LG, and GS, as well as some European companies including UK-based Reckitt Benckiser and TESCO, the German firm Henkel, the Danish firm KeTox, and an Irish company. Even though this disaster was unveiled in 2011 by the Korean government, the issue of the victims was neglected for over five years. In 2016, an unexpected but intensive investigation by prosecutors found that Reckitt Benckiser manipulated and concealed animal tests for its own brand and brought several university experts and company employees to court. The matter was an intense social issue in Korea from May to June with a surge in media coverage. The prosecutor's investigation and a nationwide boycott campaign organized by victims and environmental groups against Reckitt Benckiser, whose product had been used by more than 70% of victims, led to the producer's official apology and a compensation scheme. A legislative investigation organized after the April 2016 national election revealed the producers' faults and the government's responsibility, but failed to meet expectations. A special law for the victims passed the National Assembly in January 2017 and a punitive system together with a massive environmental epidemiology investigation are expected to be the only solutions for this tragedy. Sciences of medicine, toxicology and environmental health have provided decisive evidence so far, but for the remaining problems the perspectives of social sciences such as sociology and jurisprudence are highly necessary, similar to with the Minamata disease and Wonjin Rayon events. It may not be easy to follow this issue using unfamiliar terminology from medical and chemical science and the long, complicated history of the event. For these reasons the author has attempted to write this article in a question and answer format to render it easier to follow. The 17 questions are: Q1 What is humidifier disinfectant? Q2 What kind of health problems are caused by humidifier disinfectant? Q3 How many victims are there? Q4 What is the analysis of the 1,112 cases of death? Q5 What is the problem with the government's diagnostic criteria and the solution? Q6 Who made what brands? Q7 Has there been a recall? What is still on sale? Q8 Was safety not checked by any producers? Q9 What are the government's responsibilities? Q10 Is it true that these products were sold only in Korea? Q11 Why and how was it unveiled only in 2011 after 17 years of sales? Q12 What delayed the resolution of the victim issue? Q13 What is the background of the prosecutor's investigation in early 2016? Q14 Is it possible to report new victim cases without evidence of product purchase? Q15 What is happening with the victim issue? Q16 How does it compare with the cases of Minamata disease and Wonjin Rayon? Q17 Are there prevention measures and lessons?

• Cartoon and Animation Studies
• /
• s.36
• /
• pp.469-491
• /
• 2014

Webtoon has developed the method that makes it possible to express sound visually. Also we can also hear sound in webtoon through the development of web technology. It is natural that we analyze the sound that we can hear, but we can also analyze the sound that we can not hear. This study is based on 'dual code' in cognitive psychology. Cartoonists can make visual expression on the basis of auditive impression and memory, and readers can recall the sound through the process of memory and memory-retrieval. This study analyzes both audible sound and inaudable sound. Concise analysis owes the method to film sound theory. Three main factor, Volume, pitch, and tone are recognized by frequency in acoustics. On the other hand they are expressed by the thickness and site of line and image of sound source. The visual expression of in screen sound and off screen sound is related to the frame of comics. Generally the outside of frame means off sound, but some off sound is in the frame. In addition, horror comics use much sound for the effect of genre like horror film. When analyzing comics sound using this kinds of the method film sound analysis, we can find that webtoon has developed creative expression method comparing with simple ones of early comics. Especially arranging frames and expressing sound following and vertical moving are new ones in webtoon. Also types and arrangement of frame has been varied. BGM is the first in using audible sound and recently BGM composed mixing sound effect is being used. In addition, the program which makes it possible for readers to hear sound according to scroll moving. Especially horror genre raise the genre effects using this technology. Various methods of visualizing sound are being created, and the change shows that webtoon could be the model of convergence in contents.

• Korean Journal of Community Nutrition
• /
• v.8 no.1
• /
• pp.112-119
• /
• 2003

We studied the nutritional status of on mentally handicapped children living at home or in institutions since early teenage years are nutritionally important. The subjects of 7 to 12 year old mentally retarded children attenending a special education school in Seoul were surveyed with questionnaires as well as 2-day dietary recall records, with the help of persons of their care-giver when needed. Among the 64 children,54.7% are living in institutions and the rest of them are living at home. They were ranged from the trainable (64.1%) , the educable (26.6%) , and the non-trainable (9.4%) . Their average daily intake of energy intakes (%RDA) was 2,070.1 kcal (94.1%) , Ca 603.9 mg (75.5%) , Fe 11.1 mg (92.5%), Vt.A 507.5 RE (84.6%) , Vt. B$_2$.1g (88.2%), niacin 14.1 g (93.6%) and Vt. C 58.2 g (83.1%) . Their average intakes of these nutrients were significantly higher in subjects of institutions than at home. The nutrients consumed at a much higher level than the RDh of the normal children were Vt. B, (1.6 g,146.8%) and protein (75.3g, 136.9%) . The higher percentage of children at home were under consumed of several nutrients (< 75% RDA) than ones in institutions. When comparing the degree of handicap, energy and nutrient intakes except Vt. C were highest in educable children than trainable ones or Dawn's children. MAR of the diets of the subjects was 0.84. Children at home showed lower MAR as well as NAR of each nutrients, whereas children belonged to INQ < 1 were less at home. Handicapped children at home were snacking higher amount relative to their calorie intake and too frequently, that may lead to their poor nutrition. There was positive correlations between factors of nutrition and physical and dietary behaviors, but there were no correlations between factors of nutrition and health-related habits. Nutritional caring mentally handicapped children in institutions seemed to be more effectively managed.