• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.5
• /
• pp.487-490
• /
• 2002

In this paper, we introduce the notion of fuzzy pseudotopological tower and fuzzy pretopological tower And we show that the category FPsTR of fuzzy pseudotopological tower spaces and the category FPrTR of fuzzy pretopological tower spaces are bireflective subcategoies of the category FLTR of fuzzy limit tower spaces.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1197-1207
• /
• 2018

PowerShell is command line shell and scripting language, built on the .NET framework, and it has several advantages as an attack tool, including built-in support for Windows, easy code concealment and persistence, and various pen-test frameworks. Accordingly, malwares using PowerShell are increasing rapidly, however, there is a limit to cope with the conventional malware detection technique. In this paper, we propose an improved monitoring method to observe commands executed in the PowerShell and a deep learning based malware classification model that extract features from commands using Convolutional Neural Network(CNN) and send them to Recurrent Neural Network(RNN) according to the order of execution. As a result of testing the proposed model with 5-fold cross validation using 1,916 PowerShell-based malwares collected at malware sharing site and 38,148 benign scripts disclosed by an obfuscation detection study, it shows that the model effectively detects malwares with about 97% True Positive Rate(TPR) and 1% False Positive Rate(FPR).

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.73-81
• /
• 2012

This paper proposes an ETWAD(Encapsulation and Tunneling Wormhole Attack Detection) design based on positional information and hop count on Ad-Hoc Network. The ETWAD technique is designed for generating GAK(Group Authentication Key) to ascertain the node ID and group key within Ad-hoc Network and authenticating a member of Ad-hoc Network by appending it to RREQ and RREP. In addition, A GeoWAD algorithm detecting Encapsulation and Tunneling Wormhole Attack by using a hop count about the number of Hops within RREP message and a critical value about the distance between a source node S and a destination node D is also presented in ETWAD technique. Therefore, as this paper is estimated as the average probability of Wormhole Attack detection 91%and average FPR 4.4%, it improves the reliability and probability of Wormhole Attack Detection.

• Journal of the Korea Convergence Society
• /
• v.9 no.11
• /
• pp.15-21
• /
• 2018

In this study, we try to detect anomalies on the network intrusion detection system by learning only one class. We use KDD CUP 1999 dataset, an intrusion detection dataset, which is used to evaluate classification performance. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve relatively high classification efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data. In this study, we use one class classifiers based on support vector machines and density estimation to detect new unknown attacks. The test using the classifier based on density estimation has shown relatively better performance and has a detection rate of about 96% while maintaining a low FPR for the new attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.55-63
• /
• 2006

Recently, there is much abnormal traffic driven by several worms, such as Nimda, Code Red, SQL Stammer, and so on, making badly severe damage to networks. Meanwhile, diverse prevention schemes for defeating abnormal traffic have been studied in the academic and commercial worlds. In this paper, we present the structure of a stepwise intrusion prevention system that is designed with the feature of putting limitation on the network bandwidth of each network traffic and dropping abnormal traffic, and then compare the proposed scheme with a pre-existing scheme, which is a True/False based an anomaly prevention scheme for several worm-patterns. There are two criteria for comparison of the schemes, which are Normal Traffic Rate (NTR) and False Positive Rate (FPR). Assuming that the abnormal traffic rate of a specific network is $\beta$ during a predefined time window, it is known that the average NTR of our stepwise intrusion prevention scheme increases by the factor of (1+$\beta$)/2 than that of True/False based anomaly prevention scheme and the average FPR of our scheme decrease by the factor of (1+$\beta$)/2.

• Journal of dental hygiene science
• /
• v.20 no.4
• /
• pp.206-212
• /
• 2020

Background: A Teachable Machine is a kind of machine learning web-based tool for general persons. In this paper, the feasibility of Google's Teachable Machine (ver. 2.0) was studied in the diagnosis of the tooth-marked tongue. Methods: For machine learning of tooth-marked tongue diagnosis, a total of 1,250 tongue images were used on Kaggle's web site. Ninety percent of the images were used for the training data set, and the remaining 10% were used for the test data set. Using Google's Teachable Machine (ver. 2.0), machine learning was performed using separated images. To optimize the machine learning parameters, I measured the diagnosis accuracies according to the value of epoch, batch size, and learning rate. After hyper-parameter tuning, the ROC (receiver operating characteristic) analysis method determined the sensitivity (true positive rate, TPR) and specificity (false positive rate, FPR) of the machine learning model to diagnose the tooth-marked tongue. Results: To evaluate the usefulness of the Teachable Machine in clinical application, I used 634 tooth-marked tongue images and 491 no-marked tongue images for machine learning. When the epoch, batch size, and learning rate as hyper-parameters were 75, 0.0001, and 128, respectively, the accuracy of the tooth-marked tongue's diagnosis was best. The accuracies for the tooth-marked tongue and the no-marked tongue were 92.1% and 72.6%, respectively. And, the sensitivity (TPR) and specificity (FPR) were 0.92 and 0.28, respectively. Conclusion: These results are more accurate than Li's experimental results calculated with convolution neural network. Google's Teachable Machines show good performance by hyper-parameters tuning in the diagnosis of the tooth-marked tongue. We confirmed that the tool is useful for several clinical applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• The Korean Journal of Applied Statistics
• /
• v.34 no.2
• /
• pp.225-238
• /
• 2021

The ROC, TOC, and TROC curves, which are visually descriptive methods of exploring the performance of the binary classification model, are implemented with TP, TN, FP, FN which consist of the confusion matrix, as well as their ratios TPR, TNR, FPR, FNR. In this study, we consider two types odds and then propose an odds curve representing these odds. And show the relationship between the odds curve and ROC curve. Based on the odds curve, we propose not only two statistics that measure the discriminant power of the odds curve but also the criteria for validation ratings of the odds curve. According to the shape of the odds curves, two classification distributions can be estimated and a criterion for validation ratings can be determined. The odds curve can be meaningfully used like other visual methods, and two kinds of measures for the discriminant power can be also applied together as an alternative criterion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.501-511
• /
• 2022

In 2021, ransomware attacks became popular, and the number is rapidly increasing every year. Since PowerShell is used as the primary ransomware technique, the need for PowerShell-based malware detection is ever increasing. However, the existing detection techniques have limits in that they cannot detect obfuscated scripts or require a long processing time for deobfuscation. This paper proposes a simple and fast deobfuscation method and a deep learning-based classification model that can detect PowerShell-based malware. Our technique is composed of Word2Vec and a convolutional neural network to learn the meaning of a script extracting important features. We tested the proposed model using 1400 malicious codes and 8600 normal scripts provided by the AI-based PowerShell malicious script detection track of the 2021 Cybersecurity AI/Big Data Utilization Contest. Our method achieved 5.04 times faster deobfuscation than the existing methods with a perfect success rate and high detection performance with FPR of 0.01 and TPR of 0.965.

• Journal of Korean Ophthalmic Optics Society
• /
• v.17 no.2
• /
• pp.185-194
• /
• 2012

Purpose: The changes of phoria and subjective asthenopia before and after viewing were compared based on 2D image and two ways of 3D images, and presented for references of 3D image watching and production. Methods: Change in phoria was measured before and after watching 2D image, 3D-FPR and 3D-SG images for 30 minutes with a target of 41 university students at 20-30 years old (male 26, female 15). Paired t-test and Pearson correlation between changed phoria and subjective symptoms which were measured using questionnaires were evaluated by before and after watching each images. Results: Right after watching 2D image, exophoria was increased by 0.5 $\Delta$, in distance and near, but it was not a significant level. Right after watching 3D image, exophoria was increased by 1.0~1.5 $\Delta$, and 1.5~2.0 $\Delta$, in distance and near, respectively when compared with before watching. In the significant level, exophoria tended to increase. Changes in near was increased more by 0.5 $\Delta$, compared with those in distance. Changes based on way of 3D-FPR and 3D-SG image were less than 0.5 $\Delta$, and there was almost no difference. In terms of visual subjective symptoms, eye strain was increased in 3D image compared with that in 2D image. In addition, there was no difference depending on way of image. In terms of Pearson correlation between phoria change and eye strain, as exophoria was increased, eye strain was increased. Conclusions: Watching 3D image increased eye strain compared with watching 2D image, and accordingly exophoria tended to increase.