• Journal of Information Processing Systems
• /
• v.14 no.1
• /
• pp.6-31
• /
• 2018

With the rapid development of the science and technology, it has been becoming more and more convenient to obtain abundant information via the diverse multimedia medium. However, the contents of the multimedia are easily altered with different editing software, and the authenticity and the integrity of multimedia content are under threat. Forensics technology is developed to solve this problem. We focus on reviewing the blind image forensics technologies for copy-move forgery in this survey. Copy-move forgery is one of the most common manners to manipulate images that usually obscure the objects by flat regions or append the objects within the same image. In this paper, two classical models of copy-move forgery are reviewed, and two frameworks of copy-move forgery detection (CMFD) methods are summarized. Then, massive CMFD methods are mainly divided into two types to retrospect the development process of CMFD technologies, including block-based and keypoint-based. Besides, the performance evaluation criterions and the datasets created for evaluating the performance of CMFD methods are also collected in this review. At last, future research directions and conclusions are given to provide beneficial advice for researchers in this field.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.198-201
• /
• 2022

Recently, new cyber threats targeting new technologies are increasing, and hackers' attack targets are becoming broader and more intelligent. To counter these attacks, major security companies are using traditional EDR (Endpoint Detection and Response) solutions. However, the conventional method does not consider the context, so there is a limit to the accuracy and efficiency of responding to an advanced attack. In order to improve this problem, the need for a security solution centered on XDR (Extended Detection and Response) has recently emerged. In this study, we present effective threat detection and countermeasures in a changing environment through XDR trends and development roadmaps using machine learning-based context analysis.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.3
• /
• pp.639-648
• /
• 2017

Electronic warfare systems for extracting information of the threat signals can be employed under the circumstance where the power of the received signal is weak. To precisely and rapidly detect the threat signals, it is required to use methods exploiting whole energy of the received signals instead of conventional methods using a single received signal input. To utilize the whole energy, numerous sizes of windows need to be implemented in a detector for dealing with all possible unknown length of the received signal because it is assumed that there is no preliminary information of the uncooperative signals. However, this grid search method requires too large computational complexity to be practically implemented. In order to resolve this complexity problem, an approach that reduces the number of windows by selecting the smaller number of representative windows can be considered. However, each representative window in this approach needs to cover a certain amount of interval divided from the considering range. Consequently, the discordance between the length of the received signal and the window sizes results in degradation of the detection performance. Therefore, we propose the weighted energy detector which results in improved detection performance comparing with the conventional energy detector under circumstance where the window size is smaller than the length of the received signal. In addition, it is shown that the proposed method exhibits the same performance under other circumstances.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.566-575
• /
• 2010

In recent, artificial immune system has become an important research direction in the anomaly detection of networks. The conventional artificial immune systems are usually based on the negative selection that is one of the computational models of self/nonself discrimination. A main problem with self and non-self discrimination is the determination of the frontier between self and non-self. It causes false positive and false negative which are wrong detections. Therefore, additional functions are needed in order to detect potential anomaly while identifying abnormal behavior from analogous symptoms. In this paper, we design novel network attack detection and response schemes based on artificial immune system, and evaluate the performance of the proposed schemes. We firstly generate detector set and design detection and response modules through adopting the interaction between dendritic cells and T-cells. With the sequence of buffer occupancy, a set of detectors is generated by negative selection. The detection module detects the network anomaly with a set of detectors and generates alarm signal to the response module. In order to reduce wrong detections, we also utilize the fuzzy number theory that infers the degree of threat. The degree of threat is calculated by monitoring the number of alarm signals and the intensity of alarm occurrence. The response module sends the control signal to attackers to limit the attack traffic.

• Proceedings of the Korean Society for Cognitive Science Conference
• /
• 2006.06a
• /
• pp.39-41
• /
• 2006

A modifiedPosner cue-target paradigm in which neutral, positive and negative (threat) words were presented in peripheral location for cue was used to investigate the difference of engagement component of attention across emotional valence and anxiety level of participants. Results showed an interaction effect between anxiety level of participants and emotional valence of cue in valid trial. This indicates that the engage component of attention is not encapsulated and influenced by anxiety level of participant.

• Proceedings of the KIEE Conference
• /
• 2006.07d
• /
• pp.2087-2088
• /
• 2006

사람의 분석에 의존하는 침입 탐지 기법은 침입의 특징 중 일부를 간과하거나 잘못 파악하여 오류의 여지를 가진다. 이에 우리는 시스템의 행태에서 나타나는 정보들이 그 자체에서 발견되는 위험의 조짐이 침입 탐지의 근거가 되는 시스템을 설계하고자 한다. 본 논문에서는 이러한 시스템을 위해 시스템의 상태 정보 수집, 수집 정보를 바탕으로 한 상태 모형의 구성과 이것의 침입 탐지를 위한 활용 방법을 제안한다.

• Annual Conference of KIPS
• /
• 2021.05a
• /
• pp.205-208
• /
• 2021

4차 산업혁명 시대에는 사이버 시스템과 물리 시스템이 연결된다. ICS(산업제어시스템)에서는 기존의 위협 외에 IT 환경에서 발생할 수 있는 보안 위협에 직면하게 된다. 따라서 OT와 IT가 결합되는 환경에서의 위협에 대한 대응 기술이 필요하다. 본 논문에서는 OT/IT 네트워크에서의 핑거프린팅을 추출하고 이를 기반으로 OT 위협을 탐지하는 구조를 설계한다. 이를 통하여 ICS에서의 보안 위협에 대응하고자 한다.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.13-22
• /
• 2021

Recently network based attack technologies are rapidly advanced and intelligent, the limitations of existing signature-based intrusion detection systems are becoming clear. The reason is that signature-based detection methods lack generalization capabilities for new attacks such as APT attacks. To solve these problems, research on machine learning-based intrusion detection systems is being actively conducted. However, in the actual network environment, attack samples are collected very little compared to normal samples, resulting in class imbalance problems. When a supervised learning-based anomaly detection model is trained with such data, the result is biased to the normal sample. In this paper, we propose to overcome this imbalance problem through One-Class Anomaly Detection using an auto encoder. The experiment was conducted through the NSL-KDD data set and compares the performance with the supervised learning models for the performance evaluation of the proposed method.

• KNOM Review
• /
• v.23 no.1
• /
• pp.10-17
• /
• 2020

As the threat of Distributed Denial-of-Service attacks that exploit weakly secure IoT devices has spread, research on source-side Denial-of-Service attack detection is being activated to quickly detect the attack and the location of attacker. In addition, a collaborative source-side attack detection technique that shares detection results of source-side networks located at individual sites is also being activated to overcome regional limitations of source-side detection. In this paper, we evaluate the performance of a collaborative source-side DDoS attack detection using statistical weights. The statistical weight is calculated based on the detection rate and false positive rate corresponding to the time zone of the individual source-side network. By calculating weighted sum of the source-side DoS attack detection results from various sites, the proposed method determines whether a DDoS attack happens. As a result of the experiment based on actual DNS request to traffic, it was confirmed that the proposed technique reduces false positive rate 2% while maintaining a high attack detection rate.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.22 no.1
• /
• pp.130-135
• /
• 2014

FOD(Foreign Object Debris) has the potential threat to damage aircraft during critical phases of take-off and landing roll with some objects including metal on the runway. FOD can be found anywhere on an airport's air operation areas such as runway, taxiway and apron. It can lead to catastrophic loss of life and airframe, and increased maintenance and operating costs. In this paper, we defined FOD and surveyed its riskiness and necessity of automatic FOD detection system. We compared the requirements of the environment in Korea to the FAA advisory circular. Also we analyzed operation methods of FOD detection systems already installed at some airports. Based on the surveys mentioned above, we propose hybrid type of FOD detection system considering the environment in Korea which uses millimeter wave radar, optical camera and thermal imaging camera to detect FOD efficiently. In management approach, fixed type of the system should be installed for real-time monitoring, and mobile type of the system can be used additionally.