• Journal of the Korea Convergence Society
• /
• v.9 no.11
• /
• pp.15-21
• /
• 2018

In this study, we try to detect anomalies on the network intrusion detection system by learning only one class. We use KDD CUP 1999 dataset, an intrusion detection dataset, which is used to evaluate classification performance. One class classification is one of unsupervised learning methods that classifies attack class by learning only normal class. When using unsupervised learning, it difficult to achieve relatively high classification efficiency because it does not use negative instances for learning. However, unsupervised learning has the advantage for classifying unlabeled data. In this study, we use one class classifiers based on support vector machines and density estimation to detect new unknown attacks. The test using the classifier based on density estimation has shown relatively better performance and has a detection rate of about 96% while maintaining a low FPR for the new attacks.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.1-7
• /
• 2019

There are various cyber attacks on business PCs. In order to reduce the threat of PC security, we are preventing the vulnerability from being diagnosed beforehand. However, this guideline is difficult to cope with because the domestic vulnerability guide does not update the diagnostic items. In this paper, we examine the cyber infringement cases of PCs and the diagnostic items of foreign technical vulnerabilities in order to cope with security threats. In addition, an improved guide is provided by comparing the differences in the diagnostic items of technical vulnerability from abroad and domestic. Through 41 proposed technical vulnerability improvement items, it was found that various security threats can be coped with. Currently, it is mainly able to respond to only known vulnerabilities, but we hope that applying this guideline will reduce unknown security threats.

• Current Optics and Photonics
• /
• v.3 no.2
• /
• pp.119-127
• /
• 2019

A new secret-key-sharing cryptosystem using optical phase-shifting digital holography is proposed. The proposed secret-key-sharing algorithm is based on the Diffie-Hellman key-exchange protocol, which is modified to an optical cipher system implemented by a two-step quadrature phase-shifting digital holographic encryption method using orthogonal polarization. Two unknown users' private keys are encrypted by two-step phase-shifting digital holography and are changed into three digital-hologram ciphers, which are stored by computer and are opened to a public communication network for secret-key-sharing. Two-step phase-shifting digital holograms are acquired by applying a phase step of 0 or ${\pi}/2$ in the reference beam's path. The encrypted digital hologram in the optical setup is a Fourier-transform hologram, and is recorded on CCDs with 256 quantized gray-level intensities. The digital hologram shows an analog-type noise-like randomized cipher with a two-dimensional array, which has a stronger security level than conventional electronic cryptography, due to the complexity of optical encryption, and protects against the possibility of a replay attack. Decryption with three encrypted digital holograms generates the same shared secret key for each user. Schematically, the proposed optical configuration has the advantage of producing a kind of double-key encryption, which can enhance security strength compared to the conventional Diffie-Hellman key-exchange protocol. Another advantage of the proposed secret-key-sharing cryptosystem is that it is free to change each user's private key in generating the public keys at any time. The proposed method is very effective cryptography when applied to a secret-key-exchange cryptosystem with high security strength.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.647-660
• /
• 2022

Recent works demonstrate that the semi-supervised anomaly detection method functions quite well in the environment with normal data and some anomalous data. However, abnormal data shortages can occur in an environment where it is difficult to reserve anomalous data, such as an unknown attack in the cyber security fields. In this paper, we propose ADA-PH(Abnormal Data Augmentation Method using Perturbation based on Hypersphere), a novel anomalous data augmentation method that is applicable in an environment where abnormal data is insufficient to secure the performance of the semi-supervised anomaly detection method. ADA-PH generates abnormal data by perturbing samples located relatively far from the center of the hypersphere. With the network intrusion detection datasets where abnormal data is rare, ADA-PH shows 23.63% higher AUC performance than anomaly detection without data augmentation and even performs better than the other augmentation methods. Also, we further conduct quantitative and qualitative analysis on whether generated abnormal data is anomalous.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.103-114
• /
• 2022

The Internet of Things (IoT) is one of the fastest technologies that are used in various applications and fields. The concept of IoT will not only be limited to the fields of scientific and technical life but will also gradually spread to become an essential part of our daily life and routine. Before, IoT was a complex term unknown to many, but soon it will become something common. IoT is a natural and indispensable routine in which smart devices and sensors are connected wirelessly or wired over the Internet to exchange and process data. With all the benefits and advantages offered by the IoT, it does not face many security and privacy challenges because the current traditional security protocols are not suitable for IoT technologies. In this paper, we presented a comprehensive survey of the latest studies from 2018 to 2021 related to the security of the IoT and the use of machine learning (ML) and deep learning and their applications in addressing security and privacy in the IoT. A description was initially presented, followed by a comprehensive overview of the IoT and its applications and the basic important safety requirements of confidentiality, integrity, and availability and its application in the IoT. Then we reviewed the attacks and challenges facing the IoT. We also focused on ML and its applications in addressing the security problem on the IoT.

• Journal of Physiology & Pathology in Korean Medicine
• /
• v.18 no.2
• /
• pp.311-343
• /
• 2004

Various aspect of epidemics broke out continually from the middle of Joseon Dynasty due to the famine and drought caused by abnormal climate of the sixteenth century and the war. Thus the Dynasty performed sacrificial rites, isolated the patients and published plenty of medical books related epidemics in order to cure of the patients, and Heojun edited 『Byeokyeoksinbang』 as 'Dangdokyeok' broke out at Gwanbuk(關北) districts in 1613, Heojun explained the cause of Dangdokyeok as meteorology under the feudal conditions, and concluded Simhwa(心火) by fever toxin, Therefore he selected the method of puting out Simhwa by attack of fever toxin. In addition he presented emergency treatment that can maintain the airway by bleeding. To treat Dangdokyeok, Heojun presented lots of prescriptions so as Seungmagalgeuntang(升麻葛根湯), Cheongyeolhaedoksan(淸熱解毒散), Yeongyopaedok-san(連翹敗毒散), Bangpungtongsaongsan(防風通聖散), Jowiseunggitang(調胃升氣湯) and Hwangryeonhaedoktang(黃連解毒湯) etc. And he proposed Samdueum (三豆飮), Realgar(石雄黃) and so on to prevent infection from that. They presume from 120 to 150 years as the period of human adaptation to the first epidemics. Dangdokyeok put a large number of people to death at first, but it wasn't referred at the history any more after Byeokyeoksinbang. So we can say that the treatment of Heojun may be effective. Common cold and dyspeptic cold broke out in our country differently from 'Shanghan(傷寒)' in the China, so we had settled 'pestilence infectious epidemic disease(瘟疫)' while 'epidemic febrile disease(溫病)' of the China. Dangdokyeok of Heojun is similar to 'Scalet fever' belonging to 'virulent heat pathogen(溫毒)', 'newly epidemic febrile disease(新感溫病)'. As a cure of Dangdokyeok, the Korean medicine uses the treatment of removing fever state whereas the western medicine uses the antibiotics to kill the streptococcus. The symptoms of Dangdokyeok are remarkably similar to those of the Scarlatina, so this occupies a high position on the world history of medicine in aspects of the period and details of symptoms. These days we have the problems that the tolerance of antibiotics increases and disease of unknown cause is prevalent. It means the western medicine get to limits. So if we progress epidemiography based on Heojun's medicine, we may contribute to the world history of medicine.

• Korean Security Journal
• /
• no.19
• /
• pp.23-41
• /
• 2009

The purpose of this study is to investigate about security service history on 1930s in Korea. This study used materials by historical facts for the regulations, books and newspapers in 1930s. In 1930s, security service was unknown details of the historical contents so far. There are four parts conclusion of this study: police department of provisional government, security service agency in the provisional government, security service agents of an independence movement, the general society of Korea. Firstly, Korean regional government in Manchuria, which Kokminbu(國民府) organized the security service agency(警護局) for protect government and public security. Most importantly, the security service agency appearanced an important place which were the independence movement and self-governing administration for Koreans in Manchuria. And the security service agency was required by the security service regulations(警護條例) as law. Secondly, diversity activities of security service in police were exposed the duty as 'car escort service(車輛警護)' for offenders, the 'township office guard' from mobsters, 'woodland protect service(林野警護團)' for fire-raisers. security service as police officer were widely application for protection and safety from danger. Thirdly, Mass society was needed to service for public security in daily events such as 'noted singer meeting', 'funeral procession to the graveyard', 'athletic meeting' as private establishment of security service agency in nowadays. people were wanted the private security service(私警護) from 1930s to present. Fourthly, Overseas security service mentioned in attack of politician, protect from poison and security service about train vessel fleet. In 1930s, security service is comprehensive protection which were not only bodyguard, but also safeguard for hazardous materials.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.2
• /
• pp.103-112
• /
• 2010

In sensor networks, because sensors are deployed in an unprotected environment, they are prone to be targets of compromise attack, If the number of compromised nodes increases considerably, the key management in the network is paralyzed. In particular, compromise of Cluster Heads (CHs) in clustered sensor networks is much more threatening than that of normalsensors. Recently, rekeying schemes which update the exposed keys using the keys unknown to the compromised nodes are emerging. However, they cause some security and efficiency problems such as single group key employment in a cluster, passive eviction of compromised nodes, and excessive communication and computation overhead. In this paper, we present a proactive rekeying scheme using renewals of duster organization for clustered sensor networks. In the proposed scheme, each sensor establishes individual keys with neighbors at network boot-up time, and these keys are employed for later transmissions between sensors and their CH. By the periodic cluster reorganization, the compromised nodes are expelled from network and the individual keys employed in a cluster are changed continuously. Besides, newly elected CHs securely agree a key with sink by informing their members to sink, without exchangingany keying materials. The simulation results shows that the proposed scheme remarkably improves the confidentiality and integrity of data in spite of the increase of compromised nodes. Also, they show that the proposed scheme exploits the precious energy resource more efficiently than SHELL.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.