• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.9
• /
• pp.1313-1318
• /
• 2013

In order to actively respond to cyber attacks, not only the security systems such as IDS, IPS, and Firewalls, but also ESM, a system that detects cyber attacks by analyzing various log data, are preferably deployed. However, as the attacks be come more elaborate and advanced, existing signature-based detection methods start to face their limitations. In response to that, researches upon symptom detection technology based on attack modeling by employing big-data analysis technology are actively on-going. This symptom detection technology is effective when it can accurately extract features of attacks and manipulate them to successfully execute the attack modeling. We propose the ways to extract attack features which can play a role as the basis of the modeling and detect intelligent threats by carrying out scenario-based modeling.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1313-1322
• /
• 2016

Recently, many virus and hacking attacks on public organizations and financial institutions by internet are becoming increasingly intelligent and sophisticated. The Advanced Persistent Threat has been considered as an important cyber risk. This attack is basically accomplished by spreading malicious codes through complex networks. To detect and extract PE files in smart manufacturing industry networks, an efficient processing method which is performed before analysis procedure on malicious codes is proposed. We implement a preprocessor of open intrusion detection system Snort for fast extraction of PE files and install on a hardware sensor equipment. As a result of practical experiment, we verify that the network sensor can extract the PE files which are often suspected as a malware.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.237-245
• /
• 2022

The prominence of IoTs (Internet of Things) and exponential advancement of computer networks has resulted in massive essential applications. Recognizing various cyber-attacks or anomalies in networks and establishing effective intrusion recognition systems are becoming increasingly vital to current security. MLTs (Machine Learning Techniques) can be developed for such data-driven intelligent recognition systems. Researchers have employed a TFDNNs (Tensor Flow Deep Neural Networks) and DCNNs (Deep Convolution Neural Networks) to recognize pirated software and malwares efficiently. However, tuning the amount of neurons in multiple layers with activation functions leads to learning error rates, degrading classifier's reliability. HTFDNNs ( Hybrid tensor flow DNNs) and MRNs (Modified Residual Networks) or Resnet CNNs were presented to recognize software piracy and malwares. This study proposes HTFDNNs to identify stolen software starting with plagiarized source codes. This work uses Tokens and weights for filtering noises while focusing on token's for identifying source code thefts. DLTs (Deep learning techniques) are then used to detect plagiarized sources. Data from Google Code Jam is used for finding software piracy. MRNs visualize colour images for identifying harms in networks using IoTs. Malware samples of Maling dataset is used for tests in this work.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.1-12
• /
• 2006

Malicious codes have been widely documented and detected in information security breach occurrences of Microsoft Windows platform. Legacy information security systems are particularly vulnerable to breaches, due to Window kernel-based malicious codes, that penetrate existing protection and remain undetected. To date there has not been enough quality study into and information sharing about Windows kernel and inner code mechanisms, and this is the core reason for the success of these codes into entering systems and remaining undetected. This paper focus on classification and formalization of type target and mechanism of various Windows kernel-based attacks, and will present suggestions for effective response methodologies in the categories of, "Kernel memory protection", "Process & driver protection" and "File system & registry protection". An effective Windows kernel protection system will be presented through the collection and analysis of Windows kernel and inside mechanisms, and through suggestions for the implementation methodologies of unreleased and new Windows kernel protection skill. Results presented in this paper will explain that the suggested system be highly effective and has more accurate for intrusion detection ratios, then the current legacy security systems (i.e., virus vaccines and Windows IPS, etc) intrusion detection ratios. So, It is expected that the suggested system provides a good solution to prevent IT infrastructure from complicated and intelligent Windows kernel attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.6
• /
• pp.55-62
• /
• 2010

Monitoring systems are able to report certain events at region of interest(ROI) and to take an appropriate action. From industrial product line full of robots to fire detection, intrusion detection, smart grid application, environmental pollution alarm system, monitoring system has widely used in diverse industry sector. Recently, due to advance of wireless communication technology and availability of low cost sensors, intelligent and/or smart monitoring systems such as sensor networks has been developed. Several deployment methods are introduced to meet various monitoring needs and deployment performance criteria are also summarized to be used to identify weak point and be useful at designing monitoring systems. Both efficiency during deployment and usefulness after the deployment should be assessed. Efficiency factors during deployment are elapsed time, energy required, deployment cost, safety, sensor node failure rate, scalability. Usefulness factors after deployment are ROI coverage, connectivity, uniformity, target density similarity, energy consumption rate per unit time and so on.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.9
• /
• pp.3639-3662
• /
• 2020

The network capability to accomplish its functions in a timely fashion under failures and attacks is known as survivability. Ad hoc routing protocols have been studied and extended to various domains, such as Intelligent Transport Systems (ITSs), Unmanned Aerial Vehicles (UAVs), underwater acoustic networks, and Internet of Things (IoT) focusing on different aspects, such as security, QoS, energy. The existing solutions proposed in this domain incur substantial overhead and eventually become burden on the network, especially when there are fewer attacks or no attack at all. There is a need that the effectiveness of these routing protocols be analyzed in the presence of Denial of Service (DoS) attacks without any intrusion detection or prevention system. This will enable us to establish and identify the inherently stable routing protocols that are capable to survive longer in the presence of these attacks. This work presents a DoS attack case study to perform theoretical analysis of survivability on node and network level in the presence of DoS attacks. We evaluate the performance of reactive and proactive routing protocols and analyse their survivability. For experimentation, we use NS-2 simulator without detection or prevention capabilities. Results show that proactive protocols perform better in terms of throughput, overhead and packet drop.

• Journal of Korean Society of Transportation
• /
• v.25 no.3
• /
• pp.29-43
• /
• 2007

An automobile black box can provide sufficient and accurate information for investigating the causes of vehicle accidents as well as preventing them in the future. The database of accident information from stored data in the black box can provide a variety of services to the general public when it is accessed in a reasonable manner. minimizing intrusion into drivers' privacy. Therefore, the black box could become the main intelligent automobile Part, with extensive benefits for all associated industries as well as government agencies and insurance companies. While the introduction and spread of the black box are imminent in Korea, this paper reviews technology and product trends of the black box. In particular, this paper presents findings on the investigation of black box-related patent applications and an in-depth study of core patents from several leading counties, including the United States. In addition, this paper describes trends of standardization and legislation in leading countries and presents methods of standardization with suggestions for some development topics related to black box technology.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.4
• /
• pp.81-86
• /
• 2020

With the development of the intelligent Internet of Things AIoT that goes beyond the IoT of the Internet of Things, the industry is changing overall. In addition, with the advent of the 4th Industrial Revolution, revolutionary changes and developments are also taking place in the automobile industry. A representative example is "autonomous driving vehicle". Because the domestic and foreign interests in autonomous vehicles have increased, many developments have been made, and although limited, they have developed into the commercialization stage. However, the structure of the autonomous vehicle that collects, analyzes, and controls data using various sensors installed in the vehicle, not the driver, is often insufficiently exposed to hacking due to the lack of multiplexed devices for security. In this case, as this can be a threat not only to the driver, but also to the surrounding environment, this paper proposes a new data processing function to improve the system security of autonomous vehicles.