• Journal of Intelligence and Information Systems
• /
• v.15 no.1
• /
• pp.1-14
• /
• 2009

The Capacitated Vehicle Routing Problem (CVRP) is the problem that the vehicles stationed at central depot are to be optimally routed to supply customers with demands, satisfying vehicle capacity constraints. The CVRP is the NP-hard as it is a natural generalization of the Traveling Salesman Problem (TSP). In this article, we propose the heuristic algorithm, called the bisection seed detection method, to solve the CVRP. The algorithm is composed of 3-phases. In the first phase, we work out the initial cluster using the improved sweep algorithm. In the next phase, we choose a seed node in each initial cluster by using the bisection seed detection method, and we compose the rout with the nearest node from each seed. At this phase, we compute the regret value to decide the list of priorities for the node assignment. In the final phase, we improve the route result by using the tabu search and exchange algorithm. We compared our heuristic with different heuristics such as the Clark-Wright heuristic and the genetic algorithm. The result of proposed heuristic show that our algorithm can get the nearest optimal value within the shortest execution time comparatively.

• Journal of KIISE:Software and Applications
• /
• v.34 no.6
• /
• pp.519-529
• /
• 2007

In this paper, we investigate the use of fuzzy rules for efficient intrusion detection. We use evolutionary algorithm to optimize the set of fuzzy rules for intrusion detection by constructing fuzzy decision trees. For efficient execution of evolutionary algorithm we use supervised clustering to generate an initial set of membership functions for fuzzy rules. In our method both performance and complexity of fuzzy rules (or fuzzy decision trees) are taken into account in fitness evaluation. We also use evaluation with data partition, membership degree caching and zero-pruning to reduce time for construction and evaluation of fuzzy decision trees. For performance evaluation, we experimented with our method over the intrusion detection data of KDD'99 Cup, and confirmed that our method outperformed the existing methods. Compared with the KDD'99 Cup winner, the accuracy was increased by 1.54% while the cost was reduced by 20.8%.

• The KIPS Transactions:PartA
• /
• v.18A no.2
• /
• pp.61-68
• /
• 2011

Memory error debugging is one of the most critical processes in improving software quality. However, due to the extensive time consumed to debug, the enhancement often leads to a huge bottle neck in the development process of mobile devices. Most of the existing memory error detection tools are based on static error detection; however, the tools cannot be used in mobile devices due to their use of large working memory. Therefore, it is challenging for mobile device vendors to deliver high quality mobile devices to the market in time. In this paper, we introduce "PinMemcheck", a pin-based memory error detection tool, which detects all potential memory errors within $1.5{\times}$ execution time overhead compared with that of a baseline configuration by applying the Pin's binary instrumentation process and a simple data structure.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.9-18
• /
• 2015

In recent years, the number of applications embedded in the various devices such as a smart phone is getting larger. Due to the frequent changes of states in the execution environment, various malfunctions may occur. In order to handle the issue, this paper suggests an approach to detecting method-level failures in the legacy software systems. We can determine if the software executes the abnormal behavior based on the behavior model. However, when we apply the context-sensitive behavior model to the method-level, several problems happen such as false alarms and monitoring overhead. To tackle those issues, we propose CIBFD (Context-Insensitive Behavior Model-based Failure Detection) method. Through the case studies, we compare CIBFD method with the existing method. In addition, we analyze the effectiveness of the method for each application domains.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.209-215
• /
• 2018

In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1091-1102
• /
• 2022

Robotic systems have developed very rapidly over the past decade. Robot Operating System is an open source-based software framework for the efficient development of robot operating systems and applications, and is widely used in various research and industrial fields. ROS applications may contain various vulnerabilities. Various studies have been conducted to monitor the excution of these ROS applications at runtime. In this study, we propose a real-time attack detection system using event-based runtime monitoring in ROS 2. Our attack detection system extends tracetools of ros2_tracing to instrument events into core libraries of ROS 2 middleware layer and monitors the events during runtime to detect attacks on the application layer through out-of-order execution of the APIs.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.75-82
• /
• 2006

Internet worm gives various while we paralyze the network and flow the information out damages. In this paper, I suggest the method to prevent this. This method detect internet worm in PC first. and present the method to do an automatic confrontation. This method detect a traffic foundation network scanning of internet worm which is the feature and accomplish the confrontation. This method stop the process to be infected at the internet worm and prevent that traffic is flowed out to the outside. and This method isolate the execution file to be infected at the internet worm and move at a specific location for organizing at the postmortem so that we could accomplish the investigation about internet worm. Such method is useful to the radiation detection indication and computation of unknown internet worm. therefore, Stable network operation is possible through this method.

• Journal of Korean Society of Water and Wastewater
• /
• v.29 no.3
• /
• pp.415-425
• /
• 2015

Aging water pipe networks hinder efficient management of important water service indices such as revenue water and leakage ratio due to pipe breakage and malfunctioning of pipe appurtenance. In order to control leakage in water pipe networks, various methods such as the minimum night flow analysis and sound waves method have been used. However, the accuracy and efficiency of detecting water leak by these methods need to be improved due to the increase of water consumption at night. In this study the Principal Component Analysis (PCA) technique was applied to the night water flow data of 426 days collected from a water distribution system in the interval of one hour. Based on the PCA technique, computational algorithms were developed to narrow the time windows for efficient execution of leak detection job. The algorithms were programmed on computer using the MATLAB. The presented techniques are expected to contribute to the efficient management of water pipe networks by providing more effective time windows for the detection of the anomaly of pipe network such as leak or abnormal demand.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.431-438
• /
• 2019

Fileless malware uses memory injection attacks to hide traces of payloads to perform malicious works. During the memory injection attack, an attack named "process hollowing" is a method of creating paused benign process like system processes. And then injecting a malicious payload into the benign process allows malicious behavior by pretending to be a normal process. In this paper, we propose a method to detect the memory injection regardless of whether or not the malicious action is actually performed when a process hollowing attack occurs. The replication process having same execution condition as the process of suspending the memory injection is executed, the data set belonging to each process virtual memory area is compared using the fuzzy hash, and the similarity is calculated.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4308-4325
• /
• 2021

The importance and necessity of artificial intelligence, particularly machine learning, has recently been emphasized. In fact, artificial intelligence, such as intelligent surveillance cameras and other security systems, is used to solve various problems or provide convenience, providing solutions to problems that humans traditionally had to manually deal with one at a time. Among them, information security is one of the domains where the use of artificial intelligence is especially needed because the frequency of occurrence and processing capacity of dangerous codes exceeds the capabilities of humans. Therefore, this study intends to examine the definition of artificial intelligence and machine learning, its execution method, process, learning algorithm, and cases of utilization in various domains, particularly the cases and contents of artificial intelligence technology used in the field of information security. Based on this, this study proposes a method to apply machine learning technology to the method of classifying and detecting malware that has rapidly increased in recent years. The proposed methodology converts software programs containing malicious codes into images and creates training data suitable for machine learning by preparing data and augmenting the dataset. The model trained using the images created in this manner is expected to be effective in classifying and detecting malware.