• Journal of Intelligence and Information Systems
• /
• v.13 no.3
• /
• pp.119-140
• /
• 2007

Recommender systems enable a user to decide which information is interesting and valuable in our world of information overload. As the recent studies of distributed computing environment have been progressing actively, recommender systems, most of which were centralized, have changed toward a peer-to-peer approach. Collaborative Filtering (CF), one of the most successful technologies in recommender systems, presents several limitations, namely sparsity, scalability, cold start, and the shilling problem, in spite of its popularity. The move from centralized systems to distributed approaches can partially improve the issues; distrust of recommendation and abuses of personal information. However, distributed systems can be vulnerable to attackers, who may inject biased profiles to force systems to adapt their objectives. In this paper, we consider both effective CF in P2P environment in order to improve overall performance of system and efficient solution of the problems related to abuses of personal data and attacks of malicious users. To deal with these issues, we propose a multi-agent framework for a distributed CF focusing on the trust relationships between individuals, i.e. web of trust. We employ an agent-based approach to improve the efficiency of distributed computing and propagate trust information among users with effect. The experimental evaluation shows that the proposed method brings significant improvement in terms of the distributed computing of similarity model building and the robustness of system against malicious attacks. Finally, we are planning to study trust propagation mechanisms by taking trust decay problem into consideration.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.21-31
• /
• 2018

Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.12 no.6
• /
• pp.629-635
• /
• 2019

In Deep Learning models derivative is implemented by error back-propagation which enables the model to learn the error and update parameters. It can find the global (or local) optimal points of parameters even in the complex models taking advantage of a huge improvement in computing power. However, deliberately generated data points can 'fool' models and degrade the performance such as prediction accuracy. Not only these adversarial examples reduce the performance but also these examples are not easily detectable with human's eyes. In this work, we propose the method to detect adversarial datasets with random noise addition. We exploit the fact that when random noise is added, prediction accuracy of non-adversarial dataset remains almost unchanged, but that of adversarial dataset changes. We set attack methods (FGSM, Saliency Map) and noise level (0-19 with max pixel value 255) as independent variables and difference of prediction accuracy when noise was added as dependent variable in a simulation experiment. We have succeeded in extracting the threshold that separates non-adversarial and adversarial dataset. We detected the adversarial dataset using this threshold.

• Journal of the Society of Disaster Information
• /
• v.17 no.4
• /
• pp.848-863
• /
• 2021

Purpose: On August 16, 2021, the Taliban established the Taliban regime after conquering capital Kabul of the Afghan by using the strong alliance of international terrorist organizations. The Taliban carried out terrorism targeting the Korean people, including the kidnapping of Kim Seon-il in 2004, the abduction of a member of the Saemmul Church in 2007, and the attack on Korean Provincial Reconstruction Team in 2009. Therefore, this research has shown the possibility of Taliban terrorism in Korea. Method: Based on the statistical data on terrorism that occurred in Afghanistan, Taliban's various terrorist activities such as tactics, strategies, and weapons are examined. Consequently, the target facilities and the type of terrorist attacks are analyzed. Result: The Taliban are targeting the Afghan government as their main target of attack, and IS and the Taliban differ in their selection of targets for terrorism. Conclusion: From the result of this research, we recommend Korea need to reinforce the counter terrorism system in soft targets. Because If the Taliban, which has seized control of Afghanistan, and IS, which has established a worldwide terrorism network, cooperate to threaten domestic multi-use facilities with bombing, the Republic of Korea may face a terrorist crisis with insufficient resources and counter-terrorism related countermeasures.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.4
• /
• pp.285-296
• /
• 2018

Among many hacking attempts carried out in the past few years, the cyber-attacks that could have caused a national-level disaster were the attacks against nuclear facilities including nuclear power plants. The most typical one was the Stuxnet attack against Iranian nuclear facility and the cyber threat targeting one of the facilities operated by Korea Hydro and Nuclear Power Co., Ltd (Republic of Korea; ROK). Although the latter was just a threat, it made many Korean people anxious while the former showed that the operation of nuclear plant can be actually stopped by direct cyber-attacks. After these incidents, the possibility of cyber-attacks against industrial control systems has become a reality and the security for these systems has been tightened based on the idea that the operations by network-isolated systems are no longer safe from the cyber terrorism. The ROK government has established a realistic control systems defense concept and in the US, the relevant authorities have set up several security frameworks to prepare for the threats. This paper presented various cyber security attack cases and their scenarios against control systems, along with the analysis of countermeasures for them. Though this task, we attempt to identify the items that need to be considered when designing a domestic security framework to improve security and secure stability.

• Journal of the Korea Concrete Institute
• /
• v.24 no.4
• /
• pp.481-490
• /
• 2012

Evaluation of chloride penetration is very important, because induced chloride ion causes corrosion in embedded steel. Diffusion coefficient obtained from rapid chloride penetration test is currently used, however this method cannot provide a correct prediction of chloride content since it shows only ion migration velocity in electrical field. Apparent diffusion coefficient of chloride ion based on simple Fick's Law can provide a total chloride penetration magnitude to engineers. This study proposes an analysis technique to predict chloride penetration using apparent diffusion coefficient of chloride ion from neural network (NN) algorithm and time-dependent diffusion phenomena. For this work, thirty mix proportions with the related diffusion coefficients are studied. The components of mix proportions such as w/b ratio, unit content of cement, slag, fly ash, silica fume, and fine/coarse aggregate are selected as neurons, then learning for apparent diffusion coefficient is trained. Considering time-dependent diffusion coefficient based on Fick's Law, the technique for chloride penetration analysis is proposed. The applicability of the technique is verified through test results from short, long term submerged test, and field investigations. The proposed technique can be improved through NN learning-training based on the acquisition of various mix proportions and the related diffusion coefficients of chloride ion.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.22 no.1
• /
• pp.108-113
• /
• 2012

Routing paths are mightily important for the network security in WSNs. To maintain such routing paths, sustained path re-selection and path management are needed. Region segmentation based path selection method (RSPSM) provides a path selection method that a sensor network is divided into several subregions, so that the regional path selection and path management are available. Therefore, RSPSM can reduce energy consumption when the path re-selection process is executed. However, it is hard to guarantee optimized secure routing path at all times since the information using the path re-selection process is limited in scope. In this paper, we propose partial path selection method in each subregion using preselected partial paths made by RSPSM for routing path optimization in SEF based sensor networks. In the proposed method, the base station collects the information of the all partial paths from every subregion and then, evaluates all the candidates that can be the optimized routing path for each node using a evaluation function. After the evaluation process is done, the result is sent to each super DN using the global routing path information (GPI) message. Thus, each super DN provides the optimized secure routing paths using the GPI. We show the effectiveness of the proposed method via the simulation results. We expect that our method can be useful for the improvement of RSPSM.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.35-45
• /
• 2009

In an open environment such as Home Network, ZigBee Cluster comprising a plurality of Ato-cells is required to provide intense security over the movement of collected, measured data. Against this setting, various security issues are currently under discussion concerning master key control policies, Access Control List (ACL), and device sources, which all involve authentication between ZigBee devices. A variety of authentication methods including Hash Chain Method, token-key method, and public key infrastructure, have been previously studied, and some of them have been reflected in standard methods. In this context, this paper aims to explore whether a new method for searching for neighboring devices in order to detect device replications and Sybil attacks can be applied and extended to the field of security. The neighbor detection applied method is a method of authentication in which ACL information of new devices and that of neighbor devices are included and compared, using information on peripheral devices. Accordingly, this new method is designed to implement detection of malicious device attacks such as Sybil attacks and device replications as well as prevention of hacking. In addition, in reference to ITU-T SG17 and ZigBee Pro, the home network equipment, configured to classify the labels and rules into four categories including user's access rights, time, date, and day, is implemented. In closing, the results demonstrates that the proposed method performs significantly well compared to other existing methods in detecting malicious devices in terms of success rate and time taken.

• Journal of the Korea Society for Simulation
• /
• v.20 no.4
• /
• pp.31-40
• /
• 2011

Sensor nodes are easily exposed to malicious attackers by physical attacks. The attacker can generate various attacks using compromised nodes in a sensor network. The false report generating application layers injects the network by the compromised node. If a base station has the injected false report, a false alarm also occurs and unnecessary energy of the node is used. In order to defend the attack, a statistical en-route filtering method is proposed to filter the false report that goes to the base station as soon as possible. A path renewal method, which improves the method, is proposed to maintain a detection ability of the statistical en-route filtering method and to consume balanced energy of the node. In this paper, we proposed the secure path cycle method to consume effective energy for a path renewal. To select the secure path cycle, the base station determines through hop counts and the quantity of report transmission by an evaluation function. In addition, three methods, which are statistical en-route filter, path selection method, and path renewal method, are evaluated with our proposed method for efficient energy use. Therefore, the proposed method keeps the secure path and makes the efficiency of energy consumption high.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.