• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.735-743
• /
• 2020

Secure coding is a technique that detects malicious attack or unexpected errors to make software systems resilient against such circumstances. In many cases secure coding relies on static analysis tools to find vulnerable patterns and contaminated data in advance. However, secure coding has the disadvantage of being dependent on rule-sets, and accurate diagnosis is difficult as the complexity of static analysis tools increases. In order to support secure coding, we apply machine learning techniques, such as DNN, CNN and RNN to investigate into finding major weakness patterns shown in secure development coding guides and present machine learning models and experimental results. We believe that machine learning techniques can support detecting security weakness along with static analysis techniques.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1913-1927
• /
• 2017

Encryption technology is to hide information in a cyberspace built using a computer and to prevent third parties from changing it. If a malicious user accesses unauthorized device or application services on the Internet of objects, it may be exposed to various security threats such as data leakage, denial of service, and privacy violation. One way to deal with these security threats is to encrypt and deliver the data generated by a user. Encrypting data must be referred to a technique of changing data using a complicated algorithm so that no one else knows the content except for those with special knowledge. As computers process computations that can be done at a very high speed, current cryptographic techniques are vulnerable to future computer performance improvements. We designed and implemented a new encryption program that combines ancient and modern cryptography so that the user never knows about data management, and transmission. The significance of this paper is that it is the safest method to combine various kinds of encryption methods to secure the weaknesses of the used cryptographic algorithms.

• The Journal of Korean Association of Computer Education
• /
• v.16 no.3
• /
• pp.71-78
• /
• 2013

Internet ethics has been simply recognized as moral understanding, knowledge of etiquette or a kind of common sense. Recently, however, rapid growth of internet dysfunction such as the inadvertent disclosure of personal information, infringement of copyright and malicious code with hacking, has unavoidably broadened the territory of internet ethics. In this light, education contents of internet ethics must include not only laws and systems but specialized knowledge on prevention and action of internet dysfunction. In this paper, we analyze the variables affecting the educational achievement on diverse domains of internet ethics by investigating internet ethics qualifying examination and afterward we suggest some application methods to strengthen the internet ethics.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.11
• /
• pp.1077-1082
• /
• 2016

IDS can be used as a countermeasure for malicious attacks which cause degrade of network transmission performance by disturbing of MANET routing function. In this paper, effects of IDS for transmission performance on MANET under grayhole attacks which has intrusion objects for a part of transmissions packets, some suggestion for effective IDS will be considered. Computer simulation based on NS-2 is used for performance analysis, performance is measured with VoIP(: Voice over Internet Protocol) as an application service. MOS(: Mean Opinion Score), CCR(: Call Connection Rate) and end-to-end delay is used for performance parameter as standard transmission quality factor for voice transmission.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.231-233
• /
• 2013

A lot of information is exchanged using data communications in today's modern society. Nowadays many important communications are susceptible to interception and theft for malicious purposes, and is under threat from hackers. Crackers are able to hack into data flows even if the data is encrypted. To ensure strong encryption properties, these cryptographic algorithms are often a burden on devices used for authentication such as a PC or smart phone. This paper proposes an authentication system using the Arduino module. Implementation and application of the communication scheme is designed to minimize the burden of delivering data communication between devices especially where password and encryption is concerned.

• Journal of Information Processing Systems
• /
• v.9 no.3
• /
• pp.435-460
• /
• 2013

Recommender systems are popular applications that help users to identify items that they could be interested in. A recent research area on recommender systems focuses on detecting several kinds of inconsistencies associated with the user preferences. However, the majority of previous works in this direction just process anomalies that are intentionally introduced by users. In contrast, this paper is centered on finding the way to remove non-malicious anomalies, specifically in collaborative filtering systems. A review of the state-of-the-art in this field shows that no previous work has been carried out for recommendation systems and general data mining scenarios, to exactly perform this preprocessing task. More specifically, in this paper we propose a method that is based on the extraction of knowledge from the dataset in the form of rating regularities (similar to frequent patterns), and their use in order to remove anomalous preferences provided by users. Experiments show that the application of the procedure as a preprocessing step improves the performance of a data-mining task associated with the recommendation and also effectively detects the anomalous preferences.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1920-1937
• /
• 2015

Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.783-786
• /
• 2015

Hole attack, which is disturbed transmission function through change of routing information, can cause critical results for MANET as non-infrastructure network. Backhole attack, as a typical hole attack, is one malicious attack which is disabled network transmission function by assumption of transmission data through modification of routing information. It is very important to evaluate transmission performance caused by blackhole attack, because transmission performance of MANET is affective with blackhole attack. In this paper, transmission performance is analyzed with MANET under multiple blackhole attacks caused multiple blackhole nodes. Computer simulation based on NS-2 is used as analysis tool and voice traffic is considered ad application service on MANET.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.12
• /
• pp.1355-1360
• /
• 2015

Recently MANET application is diversified studies on the MANET routing security and the reliable authentication mechanism is actively in progress. Stand-alone network structure of a MANET is an important field of ubiquitous computing environment of interest, Authentication techniques are already provided safety when applied to MANET reliability and efficiency in a secure authentication mechanism using the session key. However, most of the MANET environment, the model has been based on the assumption that the safety is guaranteed, When applied to an actual network situation, we can not rule out a variety of threats. This study is the testing and analysis to add the malicious node extracted at random to demonstrate the safety and efficacy of the session key certification techniques of the MANET environment.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.6
• /
• pp.1097-1106
• /
• 2011

Tactical Information Communication Network(TICN), a concept-type integrated Military Communication system that enables precise command control and decision making, is designed to advance into high speed, large capacity, long distance wireless relay transmission. To support mobility in battlefield environments, the application of Ad-hoc networking technology to its wireless communication has been examined. Ad-hoc network works properly only if the participating nodes cooperate in routing and packet forwarding. However, if selfish nodes not forwarding packets of other nodes and malicious nodes making the false accusation are in the network, it is faced to many threats. Therefore, detection and management of these misbehaving nodes is necessary to make confident in Ad-hoc networks. To solve this problem, we propose an efficient intrusion detection technique to detect and manage those two types of attacks. The simulation-based performance analysis shows that our approach is highly effective and can reliably detect a multitude of misbehaving node.