• 정보보호학회논문지
• /
• 제28권2호
• /
• pp.457-469
• /
• 2018

본 연구에서는 망혼용단말(Multi-homed host)이 사라지지 않는 근본원인과 위험성을 알아보았다. 또한, 지금까지 연구 개발된 망혼용단말 탐지방법에 대해 비교 분석하여 개선사항을 도출하였다. 도출한 개선사항을 반영하여 망혼용단말을 효과적으로 탐지할 수 있는 자동 탐지시스템 모델을 제안하고 구현하였다. 아울러, 개발한 탐지시스템을 실제 망분리 기관과 유사한 가상실험환경에 설치한 후, 망혼용단말을 유형별로 발생시켜가며 탐지시스템의 기능과 성능을 측정하였다. 본 연구 범위에서는 오탐과 미탐 없이 정상 작동됨을 확인하였다. 제안한 탐지시스템은 에이전트(Agent) 기반 방식 중, 망혼용단말 탐지를 목표로한 최초의 학술 연구이다.

• 한국광학회:학술대회논문집
• /
• 한국광학회 2009년도 동계학술발표회 논문집
• /
• pp.285-285
• /
• 2009

• Journal of Microbiology and Biotechnology
• /
• 제20권10호
• /
• pp.1463-1470
• /
• 2010

E. coli has long been widely used as a host system for the manufacture of recombinant proteins intended for human therapeutic use. When considering the impurities to be eliminated during the downstream process, residual host cell DNA is a major safety concern. The presence of residual E. coli host cell DNA in the final products is typically determined using a conventional slot blot hybridization assay or total DNA Threshold assay. However, both the former and latter methods are time consuming, expensive, and relatively insensitive. This study thus attempted to develop a more sensitive real-time PCR assay for the specific detection of residual E. coli DNA. This novel method was then compared with the slot blot hybridization assay and total DNA Threshold assay in order to determine its effectiveness and overall capabilities. The novel approach involved the selection of a specific primer pair for amplification of the E. coli 16S rRNA gene in an effort to improve sensitivity, whereas the E. coli host cell DNA quantification took place through the use of SYBR Green I. The detection limit of the real-time PCR assay, under these optimized conditions, was calculated to be 0.042 pg genomic DNA, which was much higher than those of both the slot blot hybridization assay and total DNA Threshold assay, where the detection limits were 2.42 and 3.73 pg genomic DNA, respectively. Hence, the real-time PCR assay can be said to be more reproducible, more accurate, and more precise than either the slot blot hybridization assay or total DNA Threshold assay. The real-time PCR assay may thus be a promising new tool for the quantitative detection and clearance validation of residual E. coli host cell DNA during the manufacturingprocess for recombinant therapeutics.

• Journal of Information Processing Systems
• /
• 제17권4호
• /
• pp.851-865
• /
• 2021

Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company's analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.

• 한국정보기술응용학회:학술대회논문집
• /
• 한국정보기술응용학회 2005년도 6th 2005 International Conference on Computers, Communications and System
• /
• pp.161-164
• /
• 2005

As the power of influence of the Internet grows steadily, attacks against the Internet can cause enormous monetary damages nowadays. A worm can not only replicate itself like a virus but also propagate itself across the Internet. So it infects vulnerable hosts in the Internet and then downgrades the overall performance of the Internet or makes the Internet not to work. To response this, worm detection and prevention technologies are developed. The worm detection technologies are classified into two categories, host based detection and network based detection. Host based detection methods are a method which checks the files that worms make, a method which checks the integrity of the file systems and so on. Network based detection methods are a misuse detection method which compares traffic payloads with worm signatures and anomaly detection methods which check inbound/outbound scan rates, ICMP host/port unreachable message rates, and TCP RST packet rates. However, single detection methods like the aforementioned can't response worms' attacks effectively because worms attack the Internet in the distributed fashion. In this paper, we propose a design of distributed worm detection system to overcome the inefficiency. Existing distributed network intrusion detection systems cooperate with each other only with their own information. Unlike this, in our proposed system, a worm detection system on a network in which worms select targets and a worm detection system on a network in which worms propagate themselves cooperate with each other with the direction-aware information in terms of worm's lifecycle. The direction-aware information includes the moving direction of worms and the service port attacked by worms. In this way, we can not only reduce false positive rate of the system but also prevent worms from propagating themselves across the Internet through dispersing the confirmed worm signature.

• International Journal of Automotive Technology
• /
• 제8권4호
• /
• pp.513-520
• /
• 2007

In this paper, we propose an approach to identify the driving environment for intelligent highway vehicles by means of image processing and computer vision techniques. The proposed approach mainly consists of two consecutive computational steps. The first step is the lane marking detection, which is used to identify the location of the host vehicle and road geometry. In this step, related standard image processing techniques are adapted for lane-related information. In the second step, by using the output from the first step, a four-stage algorithm for vehicle detection is proposed to provide information on the relative position and speed between the host vehicle and each preceding vehicle. The proposed approach has been validated in several real-world scenarios. Herein, experimental results indicate low false alarm and low false dismissal and have demonstrated the robustness of the proposed detection approach.

• 한국지능정보시스템학회:학술대회논문집
• /
• 한국지능정보시스템학회 2000년도 춘계정기학술대회 e-Business를 위한 지능형 정보기술 / 한국지능정보시스템학회
• /
• pp.343-346
• /
• 2000

In this paper, a novel approach to intruder detection is introduced. The approach, based on the genetic algorithms, improved detection rate of the host systems which has traditionally relied on known intruder patterns and host addresses. Rather than making judgments on whether the access is instrusion or not, the systems can continuously monitor systems with categorized security level. With the categorization, when the intruder attempts repeatedly to access the systems, the security level is incrementally escalated. In the simulation of a simple intrusion, it was shown that the current approach improves robustness of the security systems by enhancing detection and flexibility. The evolutionary approach to intruder detection enhances adaptability of the system.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2004년도 학술대회지
• /
• pp.588-591
• /
• 2004

This paper describes a new approach to Internet host mobility. We argue that local mobility, the performance of existing mobile host protocol can be significantly improved. It proposes Fast Moving Detection scheme that based on neighbor AP channel information and moving detection table. And, it composes Local Area Clustering Path (LACP) domain that collected in AP's channel information and MN interface information. It stored the roaming table to include channel information and moving detection. Those which use the proposal scheme will need to put LACP information into the beacon or probe frame. Each AP uses scheme to inform available channel information to MN. From the simulation result, we show that the proposed scheme is advantageous over the legacy schemes in terms of the burst blocking probability and the link utilization.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2020년도 춘계학술발표대회
• /
• pp.490-493
• /
• 2020

오늘날 정보통신 기술이 급격하게 발달하면서 IT 인프라에서 보안의 중요성이 높아졌고 동시에 APT(Advanced Persistent threat)처럼 고도화되고 다양한 형태의 공격이 증가하고 있다. 점점 더 고도화되는 공격을 조기에 방어하거나 예측하는 것은 매우 중요한 문제이며, NIDS(Network-based Intrusion Detection System) 관련 데이터 분석만으로는 빠르게 변형하는 공격을 방어하지 못하는 경우가 많이 보고되고 있다. 따라서 HIDS(Host-based Intrusion Detection System) 데이터 분석을 통해서 위와 같은 공격을 방어하는데 현재는 침입탐지 시스템에서 생성된 데이터가 주로 사용된다. 하지만 데이터가 많이 부족하여 과거에 생성된 DARPA(Defense Advanced Research Projects Agency) 침입 탐지 평가 데이터 세트인 KDD(Knowledge Discovery and Data Mining) 같은 데이터로 연구를 하고 있어 현대 컴퓨터 시스템 특정을 반영한 데이터의 비정상행위 탐지에 대한 연구가 많이 부족하다. 본 논문에서는 기존에 사용되었던 데이터 세트에서 결여된 스레드 정보, 메타 데이터 및 버퍼 데이터를 포함하고 있으면서 최근에 생성된 LID-DS(Leipzig Intrusion Detection-Data Set) 데이터를 이용한 분석 비교 연구를 통해 앞으로 호스트 기반 침입 탐지 데이터 시스템의 나아갈 새로운 연구 방향을 제시한다.

• The Plant Pathology Journal
• /
• 제31권3호
• /
• pp.212-218
• /
• 2015

In this study, we developed a species-specific PCR assay for rapid and accurate detection of three Xanthomonas species, X. axonopodis pv. poinsettiicola (XAP), X. hyacinthi (XH) and X. campestris pv. zantedeschiae (XCZ), based on their draft genome sequences. XAP, XH and XCZ genomes consist of single chromosomes that contain 5,221, 4,395 and 7,986 protein coding genes, respectively. Species-specific primers were designed from variable regions of the draft genome sequence data and assessed by a PCR-based detection method. These primers were also tested for specificity against 17 allied Xanthomonas species as well as against the host DNA and the microbial community of the host surface. Three primer sets were found to be very specific and no amplification product was obtained with the host DNA and the microbial community of the host surface. In addition, a detection limit of $1pg/{\mu}l$ per PCR reaction was detected when these primer sets were used to amplify corresponding bacterial DNAs. Therefore, these primer sets and the developed species-specific PCR assay represent a valuable, sensitive, and rapid diagnostic tool that can be used to detect three specific pathogens at early stages of infection and may help control diseases.