• International Journal of Computer Science & Network Security
• /
• 제21권1호
• /
• pp.97-106
• /
• 2021

Social networking platforms have become a smart way for people to interact and meet on internet. It provides a way to keep in touch with friends, families, colleagues, business partners, and many more. Among the various social networking sites, Twitter is one of the fastest-growing sites where users can read the news, share ideas, discuss issues etc. Due to its vast popularity, the accounts of legitimate users are vulnerable to the large number of threats. Spam and Malware are some of the most affecting threats found on Twitter. Therefore, in order to enjoy seamless services it is required to secure Twitter against malicious users by fixing them in advance. Various researches have used many Machine Learning (ML) based approaches to detect spammers on Twitter. This research aims to devise a secure system based on Hybrid Similarity Cosine and Soft Cosine measured in combination with Genetic Algorithm (GA) and Artificial Neural Network (ANN) to secure Twitter network against spammers. The similarity among tweets is determined using Cosine with Soft Cosine which has been applied on the Twitter dataset. GA has been utilized to enhance training with minimum training error by selecting the best suitable features according to the designed fitness function. The tweets have been classified as spammer and non-spammer based on ANN structure along with the voting rule. The True Positive Rate (TPR), False Positive Rate (FPR) and Classification Accuracy are considered as the evaluation parameter to evaluate the performance of system designed in this research. The simulation results reveals that our proposed model outperform the existing state-of-arts.

• 융합보안논문지
• /
• 제13권4호
• /
• pp.109-115
• /
• 2013

인터넷망을 이용한 정보 전달의 대표적인 수단인 이메일 서비스 등을 통한 보안위협이 급증하고 있다. 이러한 보안위협의 공격 경로는 첨부된 문서파일에 악성코드를 삽입하고, 해당 응용프로그램의 취약점을 이용하여 사용자의 시스템을 감염시키게 된다. 따라서 본 연구에서는 파일 전송과정에서 위장악성코드의 감염을 차단하기 위해, 논리적 망 분리인 FTS(File Transfer System)를 이용한 무결성 검증 및 행위기반 탐지 시스템을 제안하고, 기존의 보안기법과의 비교 및 검증하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제24권5호
• /
• pp.205-211
• /
• 2024

The increasing number of botnet attacks incorporating new evasion techniques making it infeasible to completely secure complex computer network system. The botnet infections are likely to be happen, the timely detection and response to these infections helps to stop attackers before any damage is done. The current practice in traditional IP networks require manual intervention to response to any detected malicious infection. This manual response process is more probable to delay and increase the risk of damage. To automate this manual process, this paper proposes to automatically select relevant countermeasures for detected botnet infection. The propose approach uses the concept of flow trace to detect botnet behavior patterns from current and historical network activity. The approach uses the multiclass machine learning based approach to detect and classify the botnet activity into IRC, HTTP, and P2P botnet. This classification helps to calculate the risk score of the detected botnet infection. The relevant countermeasures selected from available pool based on risk score of detected infection.

• 한국콘텐츠학회논문지
• /
• 제18권4호
• /
• pp.305-313
• /
• 2018

스마트폰의 폭발적인 증가와 효율성으로 개방형 모바일 운영체제인 안드로이드의 활용도가 점차 증가하고 있고, 모바일 기기, 가전제품의 운영체제, IoT 관련 제품들과 더불어 메카트로닉스의 분야에도 활용될 수 있는 가용성과 안정성이 증명되고 있다. 하지만, 사용성이 증가하면 증가할수록 안드로이드 기반의 악성코드 역시 기하급수적으로 증가하고 있는 추세이다. 일반 PC와 다르게 모바일 제품에 악성코드가 유일될 경우, 모바일 기기가 Lock됨으로 사용할 수 없고, 불필요한 과금과 더불어 수많은 개인의 연락처가 외부로 유출될 수 있으며, 모바일 기기를 활용한 금융서비스를 통해 막대한 손실을 볼 수 있는 문제점이 있다. 따라서, 우리는 이 문제를 해결하기 위하여 유해한 악성 파일을 실시간으로 탐지 및 삭제할 수 있는 방법을 제시하였다. 또한 이 논문에서는 안드로이드 기반의 어플리케이션 설치 과정 및 시그니처 기반 악성코드 탐지방법을 통해 보다 효과적인 방법으로 악성코드를 실시간 감시하고 삭제할 수 있는 기법을 설계하였다. 우리가 제안하고 설계한 방법은 모바일 환경과 같이 제한적인 리소스 환경에서 악성코드를 효과적으로 탐지할 수 있다.

• 정보보호학회논문지
• /
• 제24권5호
• /
• pp.839-850
• /
• 2014

3.20 사이버 테러 등 APT 공격이 사회적, 경제적으로 막대한 피해를 초래함에 따라 APT 공격을 방어하기 위한 기술적인 대책이 절실히 요구되고 있으나, 시그너쳐에 기반한 보안 장비로는 대응하는데 한계가 있다. 이에 본 논문에서는 기존 시그너쳐 기반 침입탐지 시스템의 한계를 극복하기 위해서 호스트 PC에서 발생하는 행위정보를 기반으로 악성코드를 탐지하는 방법을 제안한다. 먼저, 악성코드와 정상 실행파일을 구분하기 위한 39개의 특성인자를 정의하고, 악성코드 및 정상 실행파일이 실행되는 동안 발생하는 870만 개의 특성인자 데이터를 수집하였다. 또한, 수집된 데이터에 대해 각 특성인자의 발생빈도를 프로세스 ID 별로 재구성하여 실행파일이 호스트에서 실행되는 동안의 행위정보를 83차원의 벡터로 표현하였다. 특히, 자식 프로세스에서 발생하는 특성인자 이벤트의 발생빈도를 포함함으로써 보다 정확한 행위정보의 표현이 가능하였다. C4.5 결정트리 방법을 적용하여 악성코드와 정상파일을 분류한 결과 각각 2.0%의 오탐률과 5.8%의 미탐률을 보였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권10호
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• Journal of applied mathematics & informatics
• /
• 제41권6호
• /
• pp.1257-1274
• /
• 2023

Rotating machines heavily rely on an intricate network of interconnected sub-components, with bearing failures accounting for a substantial proportion (40% to 90%) of all such failures. To address this issue, intelligent algorithms have been developed to evaluate vibrational signals and accurately detect faults, thereby reducing the reliance on expert knowledge and lowering maintenance costs. Within the field of machine learning, Artificial Immune Systems (AIS) have exhibited notable potential, with applications ranging from malware detection in computer systems to fault detection in bearings, which is the primary focus of this study. In pursuit of this objective, we propose a novel procedure for detecting novel instances of anomalies in varying operating conditions, utilizing only the signals derived from the healthy state of the analyzed machine. Our approach incorporates AIS augmented by Dynamic Time Warping (DTW). The experimental outcomes demonstrate that the AIS-DTW method yields a considerable improvement in anomaly detection rates (up to 53.83%) compared to the conventional AIS. In summary, our findings indicate that our method represents a significant advancement in enhancing the resilience of AIS-based novelty detection, thereby bolstering the reliability of rotating machines and reducing the need for expertise in bearing fault detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권4호
• /
• pp.1471-1492
• /
• 2015

The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

• 정보보호학회논문지
• /
• 제26권5호
• /
• pp.1223-1234
• /
• 2016

제어시스템은 국가기반시설 및 산업분야 전반에 걸쳐 이용되기 때문에 사이버 공격을 받게 될 경우 공공분야에 직접적인 피해가 발생할 수 있다. 이러한 이유로, 제어시스템에 대한 보안요구사항이 제안되고 있으며 전자제어시스템보안 가이드라인에 따라 외부망과 분리된 환경으로 운용되고 있다. 그럼에도 불구하고 스턱스넷(Stuxnet)과 같이 제어시스템을 겨냥한 악성코드가 지속적으로 발견되고 있으며, 신 변종 악성코드의 등장으로 실시간 탐지의 어려움과 자료유출등의 보안위협이 지속적으로 발생되고 있다. 본 논문에서는, 안전한 제어시스템 환경 제공을 위한 트래픽 분석망 도입에 대해 제안한다. 이를 위해 제어시스템에서 발생 가능한 보안위협들을 분석하고, 이러한 보안위협에 대응하기 위한 보안기능들에 대하여 도출한다.

• International journal of advanced smart convergence
• /
• 제8권4호
• /
• pp.47-57
• /
• 2019

We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.