• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1365-1373
• /
• 2019

Meltdown and Spectre are vulnerabilities that exploit out-of-order execution and speculative execution techniques to read memory regions that are not accessible with user privileges. OS patches were released to prevent this attack, but older systems without appropriate patches are still vulnerable. Currently, there are some research to detect Meltdown and Spectre attacks, but most of them proposed dynamic analysis methods. Therefore, this paper proposes a binary signature that can be used to detect Meltdown and Spectre malware without executing them. For this, we collected 13 malicious codes from GitHub and performed binary pattern analysis. Based on this, we proposed a static detection method for Meltdown and Spectre malware. Our results showed that the method identified all the 19 attack files with 0.94% false positive rate when applied to 2,317 normal files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.563-577
• /
• 2017

Due to the Internet and computing capability, new and variant malware are discovered around 1 Million per day. Companies use dynamic analysis such as behavior analysis on virtual machines for unknown malware detection because attackers use unknown malware which is not detected by signature based AV effectively. But growing number of malware types are not only PE(Portable Executable) but also non-PE such as MS word or PDF therefore dynamic analysis must need more resources and computing powers to improve detection effectiveness. This study elicits the pre-filtering system evaluation factor to improve effective dynamic malware analysis system and presents and verifies the decision making model and the formula for solution selection using AHP(Analytics Hierarchy Process)

• The KIPS Transactions:PartA
• /
• v.12A no.2 s.92
• /
• pp.87-94
• /
• 2005

Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS) and computationally intensive. To handle a large number of attack signature fattens increasing everyday, a network intrusion prevention system requires a multi pattern matching method that can meet the line speed of packet transfer. In this paper, we analyze Snort, a widely used open source network intrusion prevention/detection system, and its pattern matching characteristics. A multi pattern matching method for NIPS should efficiently handle a large number of patterns with a wide range of pattern lengths and case insensitive patterns matches. It should also be able to process multiple input characters in parallel. We propose a multi pattern matching hardware accelerator based on Shift-OR pattern matching algorithm. We evaluate the performance of the pattern matching accelerator under various assumptions. The performance evaluation shows that the pattern matching accelerator can be more than 80 times faster than the fastest software multi-pattern matching method used in Snort.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.748-751
• /
• 2004

In this paper, we discuss about wireless Internet security. The past few years have seen unprecedented growth in the number of wireless user, applications, and network access technologies. Wireless Internet is similar to wired internet, but it has some constrained wireless environment. So many internet technologies for wireless are developing now. There are WAP(Wireless Application Protocol) and WPKI. WAP(now version 2.0) is a protocol specification for wireless communication networks. it provides an application framework and network protocols for wireless devices such as mobile telephones, PDAs and internet technologies. In this paper some analysis of security(e.g. digital signature or encryption) for wireless internet are performed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.335-342
• /
• 2013

Nowadays, the traffic type and behavior are extremely diverse due to the growth of network speed and the appearance of various services on Internet. For efficient network operation and management, the importance of application-level traffic identification is more and more increasing in the area of traffic analysis. In recent years traffic identification methodology using statistical features of traffic flow has been broadly studied. However, there are several problems to be considered in the identification methodology base on statistical features of flow to improve the analysis accuracy. In this paper, we recognize these problems by analyzing the ground-truth traffic and propose the solution of these problems. The four problems considered in this paper are the distance measurement of features, the selection of the representative value of features, the abnormal behavior of TCP sessions, and the weight assignment to the feature. The proposed solutions were verified by showing the performance improvement through experiments in campus network.

• Korean Journal of Remote Sensing
• /
• v.20 no.6
• /
• pp.369-382
• /
• 2004

The purpose of this study is the investigation of applicability of LSMA(Linear Spectral Mixture Analysis) on the geological uses with different radiometric and spatial types of sensor images such as Terra ASTER and LANDSAT 7 ETM+. As for the actual application case, geologic mapping for mineral exploration using ASTER and ETM+ at the Mongolian plateau region was carried out. After the pre-processing such as the geometric corrections and calibration of radiance, 7 endmembers, as spectral classes for geologic rock types, related to spectral signature deviation for the given application was determined by the pre-surveyed geological mapping information and the correlation matrix analysis, and total 20 images of ASTER and ETM+ were used to LSMA processing. As the results, fraction maps showing individual mineral types in the study area are presented. It concluded that this approach based on LSMA using ETM+ and ASTER is regarded as one of the effective schemes for geologic remote sensing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Asian-Australasian Journal of Animal Sciences
• /
• v.32 no.8
• /
• pp.1069-1076
• /
• 2019

Objective: Yunnan is not only a frontier zone that connects China with South and Southeast Asia, but also represents an admixture zone between taurine (Bos taurus) and zebu (Bos indicus) cattle. The purpose of this study is to understand the level of genomic diversity and the extent of admixture in each Yunnan native cattle breed. Methods: All 120 individuals were genotyped using Illumina BovineHD BeadChip (777,962 single nucleotide polymorphisms [SNPs]). Quality control and genomic diversity indexes were calculated using PLINK software. The principal component analysis (PCA) was assessed using SMARTPCA program implemented in EIGENSOFT software. The ADMIXTURE software was used to reveal admixture patterns among breeds. Results: A total of 604,630 SNPs was obtained after quality control procedures. Among six breeds, the highest level of mean heterozygosity was found in Zhaotong cattle from Northeastern Yunnan, whereas the lowest level of heterozygosity was detected in Dehong humped cattle from Western Yunnan. The PCA based on a pruned dataset of 233,788 SNPs clearly separated Dehong humped cattle (supposed to be a pure zebu breed) from other five breeds. The admixture analysis further revealed two clusters (K = 2 with the lowest cross validation error), corresponding to taurine and zebu cattle lineages. All six breeds except for Dehong humped cattle showed different degrees of admixture between taurine and zebu cattle. As expected, Dehong humped cattle showed no signature of taurine cattle influence. Conclusion: Overall, considerable genomic diversity was found in six Yunnan native cattle breeds except for Dehong humped cattle from Western Yunnan. Dehong humped cattle is a pure zebu breed, while other five breeds had admixed origins with different extents of admixture between taurine and zebu cattle. Such admixture by crossbreeding between zebu and taurine cattle facilitated the spread of zebu cattle from tropical and subtropical regions to other highland regions in Yunnan.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.97-110
• /
• 2004

As modem web services become enormously complex, web attacks has become frequent and serious. Existing security solutions such as firewalls or signature-based intrusion detection systems are generally inadequate in securing web services, and analysis of raw web log data is simply impractical for most organizations. Visual display of "interpreted" web logs, with emphasis on anomalous web requests, is essential for an organization to efficiently track web usage patterns and detect possible web attacks. In this paper, we discuss various issues related to effective real-time visualization of web usage patterns and anomalies. We implemented a software tool named SAD (session anomaly detection) Viewer to satisfy such need and conducted an empirical study in which anomalous web traffics such as Misuse attacks, DoS attacks, Code-Red worms and Whisker scans were injected. Our study confirms that SAD Viewer is useful in assisting web security engineers to monitor web usage patterns in general and anomalous web sessions in particular.articular.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.139-144
• /
• 2007

A broadcast authentication is important and fundamental consideration for security in wireless sensor networks. Perigg et al suggests ${\mu}-TESLA$ used a key chain. But it is unavoidable the delay of time to authenticate packets. so it is hard to meet the property that most application of sensor are performed in real-time. To cope with these problems we propose an efficient broadcast authentication scheme which has no delay of time and provides re-keying mechanism. we also describe an analysis of security and efficiency for this scheme.