• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.313-319
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.209-215
• /
• 2018

In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.6
• /
• pp.151-158
• /
• 2019

FLUSH+RELOAD attack exposes the most serious security threat among cache side channel attacks due to its high resolution and low noise. This attack is exploited by a variety of malicious programs that attempt to leak sensitive information. In order to prevent such information leakage, it is necessary to detect FLUSH+RELOAD attack in real time. In this paper, we propose a novel run-time detection technique for FLUSH+RELOAD attack by utilizing PCM (Performance Counter Monitor) of processors. For this, we conducted four kinds of experiments to observe the variation of each counter value of PCM during the execution of the attack. As a result, we found that it is possible to detect the attack by exploiting three kinds of important factors. Then, we constructed a detection algorithm based on the experimental results. Our algorithm utilizes machine learning techniques including a logistic regression and ANN(Artificial Neural Network) to learn from different execution environments. Evaluation shows that the algorithm successfully detects all kinds of attacks with relatively low false rate.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2019

Most of security countermeasures have been implemented to cope with continuous increase leakage of technology, but almost security countermeasures are focused on securing the boundary between inside and outside. This is effective for detecting and responding to attacks from the outside, but it is vulnerable to internal security incidents. In order to prevent internal leakage effectively, this study identifies activities corresponding to technology leakage activities and designes technology leakage activity detection items. As a design method, we analyzed the existing technology leakage detection methods based on the previous research and analyzed the technology leakage cases from the viewpoint of technology leakage activities. Through the statistical analysis, the items of detection of the technology leakage outcomes were verified to be appropriate, valid and reliable. Based on the results of this study, it is expected that it will be a basis for designing the technology leaking scenarios based on future research and leaking experiences.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1310-1338
• /
• 2023

As Internet of Things (IoT) applications and devices rapidly grow, cyber-attacks on IoT networks/systems also have an increasing trend, thus increasing the threat to security and privacy. Botnet is one of the threats that dominate the attacks as it can easily compromise devices attached to an IoT networks/systems. The compromised devices will behave like the normal ones, thus it is difficult to recognize them. Several intelligent approaches have been introduced to improve the detection accuracy of this type of cyber-attack, including deep learning and machine learning techniques. Moreover, dimensionality reduction methods are implemented during the preprocessing stage. This research work proposes deep Autoencoder dimensionality reduction method combined with Artificial Neural Network (ANN) classifier as botnet detection system for IoT networks/systems. Experiments were carried out using 3- layer, 4-layer and 5-layer pre-processing data from the MedBIoT dataset. Experimental results show that using a 5-layer Autoencoder has better results, with details of accuracy value of 99.72%, Precision of 99.82%, Sensitivity of 99.82%, Specificity of 99.31%, and F1-score value of 99.82%. On the other hand, the 5-layer Autoencoder model succeeded in reducing the dataset size from 152 MB to 12.6 MB (equivalent to a reduction of 91.2%). Besides that, experiments on the N_BaIoT dataset also have a very high level of accuracy, up to 99.99%.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.85-94
• /
• 2023

In the face of the serious security situation with the increasing threat from North Korea, Korean Army is pursuing a reduction in troops through the performance improvement project of the GOP science-based border security system, which utilizes advanced technology. In order for the GOP science-based border security system to be an effective alternative to the decrease in military resources due to the population decline, it must guarantee a high detection and identification rate and minimize troop intervention by dramatically improving the false detection rate. Recently introduced in Korean Army, the GOP science-based border security system is known to ensure a relatively high detection and identification rate in good weather conditions, but its performance in harsh weather conditions such as rain and fog is somewhat lacking. As an alternative to overcoming this, a radar-based border security system that can detect objects even in bad weather has been proposed. This paper proves the effectiveness of the AI-based scientific border security system based on radar that is being currently tested at the 00th Division through the 2021 Rapid Acquisition Program, and suggests the direction of development for the GOP scientific border security system.

• Korean Journal of Environmental Biology
• /
• v.29 no.4
• /
• pp.286-295
• /
• 2011

Bacteria resistant to various antibiotics have recently become an issue of the utmost importance. Resistant strains are not uncommon, even in municipal drinking water sources. The health threat posed by resistant, pathogenic bacteria has serious ramifications for both public health and agriculture. In this study, we isolated antibiotic resistant bacteria from water samples from the Han River, Korea, which is contaminated by the wastewater from many industrial complexes, hospitals, agricultural and animal husbandry estates, and from wastewater treatment facilities. We determined the degrees of resistance to various antibiotics exhibited by the isolated strains. The similarities between the isolated $E.$ $coli$ strains were examined, using the pulsed field gel electrophoresis and multilocus sequence typing, in order to trace their origins and to explore the syntechnic adaptations and pathogenicity of the various strains and relate these to their genetic sequence. A total of 25 $E.$ $coli$ strains were isolated from six stations along the Han River. All the 25 strains exhibited resistance to ampicillin. We also investigated resistance to amoxicillin, clavulanic acid, cefazolin, cofoxitin, cefotaxime, cefpodoxime, ceftriaxone, cefepime, nalidixic acid, aztreonam, ciprofloxacin, streptomycin, gentamicin, chloramphenicol and imipenem. Based on the ESBL detection, 14 strains belonged to the ESBL producing strains. The number of the clonal complex producing strains was 5 among the 14 isolated strains. The 5 strains were included in the 168, 23, 38, 469, 156 clonal complex, respectively. The rest 9 strains were not included in the clonal complex, but showed independent STs.

• Journal of Internet of Things and Convergence
• /
• v.5 no.2
• /
• pp.95-101
• /
• 2019

Entering the era of the 4^th Industrial Revolution and the Internet of Things, various services are growing rapidly, and various researches are actively underway. Among them, research on abnormal behaviors on various devices that are being used in the IoT is being conducted. In a hyper-connected society, the damage caused by one wrong device can have a serious impact on the various connected systems. In this paper, We propose a technique to cope with the problem that the threats caused by various abnormal behaviors such as anti-debugging scheme, anomalous process detection method and back door detection method on how to increase the safety of the device and how to use the device and service safely in such IoT environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3550-3566
• /
• 2020

As a widely used way to exfiltrate information, wireless covert channel (WCC) brings a serious threat to communication security, which enables the wireless communication process to bypass the authorized access control mechanism to disclose information. Unlike the covert channel on the network layer, wireless covert channels on the physical layer (WCC-P) is a new covert communication mode to implement and improve covert wireless communication. Existing WCC-P scheme modulates the secret message bits into the Gaussian noise, which is also called covert digital communication system based on the joint normal distribution (CJND). Finding the existence of this type of covert channel remains a challenging work due to its high undetectability. In this paper, we exploit the square autocorrelation coefficient (SAC) characteristic of the CJND signal to distinguish the covert communication from legitimate communication. We study the sharp increase of the SAC value when the offset is equal to the symbol length, which is caused by embedding secret information. Then, the SAC value of the measured sample is compared with the threshold value to determine whether the measured sample is CJND sample. When the signal-to-noise ratio reaches 20db, the detection accuracy can reach more than 90%.

• Atmosphere
• /
• v.28 no.2
• /
• pp.163-174
• /
• 2018

In order to assimilate MHS satellite data into the convective scale model at KMA, ATOVS data are reprocessed to utilize the original high-resolution data. And then to improve the preprocessing experiments for cloud detection were performed and optimized to convective-scale model. The experiment which is land scattering index technique added to Observational Processing System to remove contaminated data showed the best result. The analysis fields with assimilation of MHS are verified against with ECMWF analysis fields and fit to other observations including Sonde, which shows improved results on relative humidity fields at sensitive level (850-300 hPa). As the relative humidity of upper troposphere increases, the bias and RMSE of geopotential height are decreased. This improved initial field has a very positive effect on the forecast performance of the model. According to improvement of model field, the Equitable Threat Score (ETS) of precipitation prediction of $1{\sim}20mm\;hr^{-1}$ was increased and this impact was maintained for 27 hours during experiment periods.