• 한국인터넷방송통신학회논문지
• /
• 제16권6호
• /
• pp.287-294
• /
• 2016

APT(Advanced Persistent Threat)공격은 기관, 기업의 정보통신 설비에 대한 중단 또는 핵심정보의 획득을 목적으로 장기간 IT인프라, 업무환경, 임직원 정보 등의 다양한 정보를 수집하고, 이를 바탕으로 제로데이 공격, 사회공학적기법 등을 이용하여 공격을 실행한다. 악성 시그니처 탐지 등의 단편적인 사이버 위협대응 방법으로는 APT 공격과 같이 고도화된 사이버 공격에 대응하기 어렵다. 본 논문에서는 APT 공격 대응 방안 중 하나로 이종 시스템 로그(Heterogeneous System Log)를 빅데이터로 활용하고, 패턴기반 탐지 방법과 이상 징후 탐지 방법을 병합하여 사이버 침해시도를 탐지하는 모델을 제시하고자 한다.

• 한국지능시스템학회논문지
• /
• 제13권4호
• /
• pp.491-498
• /
• 2003

The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

• 한국정보통신학회논문지
• /
• 제17권5호
• /
• pp.1253-1258
• /
• 2013

2010년 천안함 침몰로 인해 수중 폭발체의 위험성이 전시 뿐만 아니라 평시에도 대단히 중요하게 다뤄져야 하며, 그에 따른 방어대책이 필수적으로 필요함을 인지하게 되었다. 다양한 수중무기폭발 체계 중 대표적인 비닉(庇匿) 무기체계인 기뢰를 중심으로 탐지수단, 탐지방법, 위험 제거 방안 등에 대해 연구하며, 특히 탐지를 위한 대표적인 센서인 자력계 등의 데이터를 참조하여 발화확률 모사 시스템을 모델링하고, 아 해군 보유 함형에 따른 수심별 해석을 통해 발화확률 등을 시뮬레이션 하여 효과적인 탐지, 위협제거 및 궁극적인 대기뢰전 전술 등을 연구/제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권8호
• /
• pp.4285-4299
• /
• 2019

Adversarial attack is a technique that causes a malfunction of classification models by adding noise that cannot be distinguished by humans, which poses a threat to a deep learning model. In this paper, we propose an efficient method to detect adversarial images using Gaussian process regression. Existing deep learning-based adversarial detection methods require numerous adversarial images for their training. The proposed method overcomes this problem by performing classification based on the statistical features of adversarial images and clean images that are extracted by Gaussian process regression with a small number of images. This technique can determine whether the input image is an adversarial image by applying Gaussian process regression based on the intermediate output value of the classification model. Experimental results show that the proposed method achieves higher detection performance than the other deep learning-based adversarial detection methods for powerful attacks. In particular, the Gaussian process regression-based detector shows better detection performance than the baseline models for most attacks in the case with fewer adversarial examples.

• 인터넷정보학회논문지
• /
• 제20권2호
• /
• pp.9-19
• /
• 2019

인터넷을 통한 서비스 및 사용자가 급격하게 증가하고 있다. 이에 따라 사이버 공격도 증가하고 있으며, 정보 유출, 금전적 피해 등이 발생하고 있다. 정부, 공공기관, 회사 등은 이렇게 급격한 사이버 공격 중 알려진 악성코드에 대응하기 위하여 시그니처 기반의 탐지규칙을 이용한 보안 시스템을 사용하고 있지만, 시그니처 기반의 탐지규칙을 생성하고 검증하는 데 오랜 시간이 걸린다. 이런 문제를 해결하기 위하여 본 논문에서는 잠재 디리클레 할당 알고리즘을 통한 시그니처 추출과 트래픽 분석 기술 등을 이용하여 시그니처 기반의 탐지규칙 생성 및 검증 시스템을 제안하고 개발하였다. 개발한 시스템을 실험한 결과, 기존보다 훨씬 신속하고, 정확하게 탐지규칙을 생성하고 검증하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권9호
• /
• pp.3258-3273
• /
• 2021

Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.

• International Journal of Computer Science & Network Security
• /
• 제24권1호
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제3권5호
• /
• pp.507-526
• /
• 2009

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 1999년도 하계학술대회 논문집 C
• /
• pp.1373-1375
• /
• 1999

High impedance fault (HIF) is defined as fault the general overcurrent relay can not detect or interrupt. Especially when HIF occur in residential areas, energized high voltage conductor results in fire hazard, equiment damage or personal threat. This paper proposes the model of HIF in transmission line using the ZnO arrester and resistance to be implemented within EMTP. Wavelet transform is efficient and useful for the detection of HIF in power system, because it uses variable windows according to frequency. HIF detection method using wavelet transform can distinguish HIF from similar phenomena like arcfurance load, capacitor bank switching and line switching.

• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.