• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.348-358
• /
• 2022

Software fault prediction is a method to compute fault in the software sections using software properties which helps to evaluate the quality of software in terms of cost and effort. Recently, several software fault detection techniques have been proposed to classifying faulty or non-faulty. However, for such a person, and most studies have shown the power of predictive errors in their own databases, the performance of the software is not consistent. In this paper, we propose a hybrid soft computing technique for SFP based on optimal feature extraction and classification (HST-SFP). First, we introduce the bat induced butterfly optimization (BBO) algorithm for optimal feature selection among multiple features which compute the most optimal features and remove unnecessary features. Second, we develop a layered recurrent neural network (L-RNN) based classifier for predict the software faults based on their features which enhance the detection accuracy. Finally, the proposed HST-SFP technique has the more effectiveness in some sophisticated technical terms that outperform databases of probability of detection, accuracy, probability of false alarms, precision, ROC, F measure and AUC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.901-911
• /
• 2012

The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.335-345
• /
• 2024

In the digital era, data security has become an increasingly critical issue, drawing significant attention. Particularly, anti-tampering technology has emerged as a key defense mechanism against indiscriminate hacking and unauthorized access. This paper explores case studies that exemplify the trends in the development and application of TPM (Trusted Platform Module) and software anti-tampering technology in today's digital ecosystem. By analyzing various existing security guides and guidelines, this paper identifies ambiguous areas within them and investigates recent trends in domestic and international research on software anti-tampering. Consequently, while guidelines exist for applying anti-tampering techniques, it was found that there is a lack of methods for evaluating them. Therefore, this paper aims to propose a comprehensive and systematic evaluation framework for assessing both existing and future software anti-tampering techniques. To achieve this, it using various verification methods employed in recent research. The proposed evaluation framework synthesizes these methods, categorizing them into three aspects (functionality, implementation, performance), thereby providing a comprehensive and systematic evaluation approach for assessing software anti-tampering technology in detail.

• Journal of Korea Multimedia Society
• /
• v.17 no.12
• /
• pp.1494-1502
• /
• 2014

Since smartphones are utilized in the ranges from personal usages to governmental data exchanges, known but not patched vulnerabilities in smartphone operating systems are considered as major threats to the public. To minimize potential security breaches on smartphones, it is necessary to estimate possible security threats. So far, there have been numerous studies conducted to evaluate the security risks caused by mobile devices qualitatively, but there are few quantitative manners. For a large scale risk evaluation, a qualitative assessment is a never ending task. In this paper, we try to calculate relative risk levels triggered by software vulnerabilities from unsecured smartphone operating systems (Android and iOS) among 51 Asian countries. The proposed method combines widely accepted risk representation in both theory and industrial fields. When policy makers need to make a strategic decision on mobile security related agendas, they might find the presented approach useful.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4680-4700
• /
• 2015

Broadcast encryption is an efficient way to distribute confidential information to a set of receivers using broadcast channel. It allows the broadcaster to dynamically choose the receiver set during each encryption. However, most broadcast encryption schemes in the literature haven't taken into consideration the receiver's privacy protection, and the scanty privacy preserving solutions are often less efficient, which are not suitable for practical scenarios. In this paper, we propose an efficient dynamic anonymous broadcast encryption scheme that has the shortest ciphertext length. The scheme is constructed over the composite order bilinear groups, and adopts the Lagrange interpolation polynomial to hide the receivers' identities, which yields efficient decryption algorithm. Security proofs show that, the proposed scheme is both secure and anonymous under the threat of adaptive adversaries in standard model.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.201-202
• /
• 2006

In this paper, we achieved software and hardware implementation of SHA-1 hash function for sensor network. We implemented the software to be compatible with TinySec. In hardware design, we optimized operation logics for small area of hardware and minimized data transitions of register memory for low power design. Designed the software and hardware is verified on commercial sensor motes and our secure motes respectively.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.573-583
• /
• 2015

We introduce the idea of a forward-secure undetachable digital signature (FS-UDS) in this paper, which enables mobile agents to generate undetachable digital signatures with forward security of the original signer's signing key. The definition and security notion of an FS-UDS scheme are given. Then, the construction of a concrete FS-UDS scheme is proposed; and the proof of security for the proposed scheme is also provided. In the proposed scheme, mobile agents need not carry the signing key when they generate digital signatures on behalf of the original signer, so the signing key will not be compromised. At the same time, the encrypted function is combined with the original signer's requirement; therefore, misuse of the signing algorithm can be prevented. Furthermore, in the case where a hacker has accessed the signing key of the original signer, he/she is not able to forge a signature for any time period prior to when the key was obtained.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.464-465
• /
• 2014

Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

• International journal of advanced smart convergence
• /
• v.11 no.4
• /
• pp.10-19
• /
• 2022

AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.