• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.457-469
• /
• 2018

This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.

• Proceedings of the Optical Society of Korea Conference
• /
• 2009.02a
• /
• pp.285-285
• /
• 2009

• Journal of Microbiology and Biotechnology
• /
• v.20 no.10
• /
• pp.1463-1470
• /
• 2010

E. coli has long been widely used as a host system for the manufacture of recombinant proteins intended for human therapeutic use. When considering the impurities to be eliminated during the downstream process, residual host cell DNA is a major safety concern. The presence of residual E. coli host cell DNA in the final products is typically determined using a conventional slot blot hybridization assay or total DNA Threshold assay. However, both the former and latter methods are time consuming, expensive, and relatively insensitive. This study thus attempted to develop a more sensitive real-time PCR assay for the specific detection of residual E. coli DNA. This novel method was then compared with the slot blot hybridization assay and total DNA Threshold assay in order to determine its effectiveness and overall capabilities. The novel approach involved the selection of a specific primer pair for amplification of the E. coli 16S rRNA gene in an effort to improve sensitivity, whereas the E. coli host cell DNA quantification took place through the use of SYBR Green I. The detection limit of the real-time PCR assay, under these optimized conditions, was calculated to be 0.042 pg genomic DNA, which was much higher than those of both the slot blot hybridization assay and total DNA Threshold assay, where the detection limits were 2.42 and 3.73 pg genomic DNA, respectively. Hence, the real-time PCR assay can be said to be more reproducible, more accurate, and more precise than either the slot blot hybridization assay or total DNA Threshold assay. The real-time PCR assay may thus be a promising new tool for the quantitative detection and clearance validation of residual E. coli host cell DNA during the manufacturingprocess for recombinant therapeutics.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.851-865
• /
• 2021

Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company's analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• International Journal of Automotive Technology
• /
• v.8 no.4
• /
• pp.513-520
• /
• 2007

In this paper, we propose an approach to identify the driving environment for intelligent highway vehicles by means of image processing and computer vision techniques. The proposed approach mainly consists of two consecutive computational steps. The first step is the lane marking detection, which is used to identify the location of the host vehicle and road geometry. In this step, related standard image processing techniques are adapted for lane-related information. In the second step, by using the output from the first step, a four-stage algorithm for vehicle detection is proposed to provide information on the relative position and speed between the host vehicle and each preceding vehicle. The proposed approach has been validated in several real-world scenarios. Herein, experimental results indicate low false alarm and low false dismissal and have demonstrated the robustness of the proposed detection approach.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2000.04a
• /
• pp.343-346
• /
• 2000

In this paper, a novel approach to intruder detection is introduced. The approach, based on the genetic algorithms, improved detection rate of the host systems which has traditionally relied on known intruder patterns and host addresses. Rather than making judgments on whether the access is instrusion or not, the systems can continuously monitor systems with categorized security level. With the categorization, when the intruder attempts repeatedly to access the systems, the security level is incrementally escalated. In the simulation of a simple intrusion, it was shown that the current approach improves robustness of the security systems by enhancing detection and flexibility. The evolutionary approach to intruder detection enhances adaptability of the system.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.588-591
• /
• 2004

This paper describes a new approach to Internet host mobility. We argue that local mobility, the performance of existing mobile host protocol can be significantly improved. It proposes Fast Moving Detection scheme that based on neighbor AP channel information and moving detection table. And, it composes Local Area Clustering Path (LACP) domain that collected in AP's channel information and MN interface information. It stored the roaming table to include channel information and moving detection. Those which use the proposal scheme will need to put LACP information into the beacon or probe frame. Each AP uses scheme to inform available channel information to MN. From the simulation result, we show that the proposed scheme is advantageous over the legacy schemes in terms of the burst blocking probability and the link utilization.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.490-493
• /
• 2020

오늘날 정보통신 기술이 급격하게 발달하면서 IT 인프라에서 보안의 중요성이 높아졌고 동시에 APT(Advanced Persistent threat)처럼 고도화되고 다양한 형태의 공격이 증가하고 있다. 점점 더 고도화되는 공격을 조기에 방어하거나 예측하는 것은 매우 중요한 문제이며, NIDS(Network-based Intrusion Detection System) 관련 데이터 분석만으로는 빠르게 변형하는 공격을 방어하지 못하는 경우가 많이 보고되고 있다. 따라서 HIDS(Host-based Intrusion Detection System) 데이터 분석을 통해서 위와 같은 공격을 방어하는데 현재는 침입탐지 시스템에서 생성된 데이터가 주로 사용된다. 하지만 데이터가 많이 부족하여 과거에 생성된 DARPA(Defense Advanced Research Projects Agency) 침입 탐지 평가 데이터 세트인 KDD(Knowledge Discovery and Data Mining) 같은 데이터로 연구를 하고 있어 현대 컴퓨터 시스템 특정을 반영한 데이터의 비정상행위 탐지에 대한 연구가 많이 부족하다. 본 논문에서는 기존에 사용되었던 데이터 세트에서 결여된 스레드 정보, 메타 데이터 및 버퍼 데이터를 포함하고 있으면서 최근에 생성된 LID-DS(Leipzig Intrusion Detection-Data Set) 데이터를 이용한 분석 비교 연구를 통해 앞으로 호스트 기반 침입 탐지 데이터 시스템의 나아갈 새로운 연구 방향을 제시한다.

• The Plant Pathology Journal
• /
• v.31 no.3
• /
• pp.212-218
• /
• 2015

In this study, we developed a species-specific PCR assay for rapid and accurate detection of three Xanthomonas species, X. axonopodis pv. poinsettiicola (XAP), X. hyacinthi (XH) and X. campestris pv. zantedeschiae (XCZ), based on their draft genome sequences. XAP, XH and XCZ genomes consist of single chromosomes that contain 5,221, 4,395 and 7,986 protein coding genes, respectively. Species-specific primers were designed from variable regions of the draft genome sequence data and assessed by a PCR-based detection method. These primers were also tested for specificity against 17 allied Xanthomonas species as well as against the host DNA and the microbial community of the host surface. Three primer sets were found to be very specific and no amplification product was obtained with the host DNA and the microbial community of the host surface. In addition, a detection limit of $1pg/{\mu}l$ per PCR reaction was detected when these primer sets were used to amplify corresponding bacterial DNAs. Therefore, these primer sets and the developed species-specific PCR assay represent a valuable, sensitive, and rapid diagnostic tool that can be used to detect three specific pathogens at early stages of infection and may help control diseases.