• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1801-1816
• /
• 2014

Because HTTP-related ports are allowed through firewalls, they are an obvious point for launching cyber attacks. In particular, malware uses HTTP protocols to communicate with their master servers. We call this an HTTP-based command and control (C&C) server. Most previous studies concentrated on the behavioral pattern of C&Cs. However, these approaches need a well-defined white list to reduce the false positive rate because there are many benign applications, such as automatic update checks and web refreshes, that have a periodic access pattern. In this paper, we focus on finding new discriminative features of HTTP-based C&Cs by analyzing HTTP activity sets. First, a C&C shows a few connections at a time (low density). Second, the content of a request or a response is changed frequently among consecutive C&Cs (high content variability). Based on these two features, we propose a novel C&C analysis mechanism that detects the HTTP-based C&C. The HAS-Analyzer can classify the HTTP-based C&C with an accuracy of more than 96% and a false positive rate of 1.3% without using any white list.

• Korean Journal of Biological Psychiatry
• /
• v.22 no.3
• /
• pp.140-148
• /
• 2015

Objectives The aim of this study is to investigate the correlation between degenerative changes in brain [i.e., global cortical atrophy (GCA), medial temporal atrophy (MTA), white matter hyperintensities (WMH)] and neurocognitive dysfunction in Korean patients with Alzheimer's disease. Methods A total of 62 elderly subjects diagnosed with Alzheimer's disease were included in this study. The degenerative changes in brain MRI were rated with standardized visual rating scales (GCA or global cortical atrophy, MTA or medial temporal atrophy, and Fazekas scales) and the subjects were divided into two groups according to the degree of degeneration for each scale. Cognitive function was evaluated with Korean version of the Consortium to Establish a Registry for Alzheimer's Disease (CERAD-K) and several clinical features, including apolipoprotein E ${\varepsilon}4$ status, lipid profile and thyroid hormones, were also examined. Chi-square test and Fisher's exact test were performed to analyze the relationship between the degree of cerebral degeneration and neurocognitive functions. Results Demographic and clinical features, except for the age, did not show any significant difference between the two groups divided according to the degree of cerebral degenerative changes. However, higher degree of GCA was shown to be associated with poorer performance in verbal fluency test, word list recall test, and word list recognition test. Higher degree of MTA was shown to be associated with poorer performance in Mini-Mental State Examination in the Korean Version of CERAD Assessment Packet (MMSE-KC), word list recognition test and construction praxis recall test. Higher degree of white matter hyperintensities was shown to be associated with poorer performance in MMSE-KC. Conclusions Our results suggest that severe brain degeneration shown in MRI is associated with significantly poorer performance in neurocognitive tests in patients with Alzheimer's disease. Moreover, the degree of GCA, MTA and white matter hyperintensities, represented by scores from different visual rating scales, seems to affect certain neurocognitive domains each, which would provide useful information in clinical settings.

• Animal Systematics, Evolution and Diversity
• /
• v.26 no.3
• /
• pp.191-196
• /
• 2010

The Oriental White Stork (Ciconia boyciana) and the Crested Ibis (Nipponia nippon) are wetland species listed as "Endangered" on the IUCN Red List of Threatened Species. The two species were once common on the Korean peninsula, but have experienced a severe population reduction in the past decades. Currently, they are officially extinct in Korea. At present, reintroduction programs to release the birds to the wild are in progress in Korea as well as in Japan. In this study, we surveyed the historic breeding sites of the two species using the literature and face-to-face interviews with local people as a step toward determining appropriate breeding habitats for reintroduction. We found 26 historic breeding sites for the Oriental White Stork in Chungcheong-do and Gyeonggi-do, but did not find any breeding sites for the Crested Ibis. These findings suggest that the Oriental White Stork was resident, while the Crested Ibis was a winter visitor to Korea. Based on these results, we discuss the possibilities for successful reintroduction of the two species in Korea.

• Journal of the Korean Wood Science and Technology
• /
• v.41 no.4
• /
• pp.327-336
• /
• 2013

Anatomical characteristics of White Jabon (Arthocephalus cadamba) and Red Jabon (Arthocephalus macrophyllus) were investigated by IAWA hardwood feature list. Both species were diffuse-porous, and radial multiple pore with 2~3 rows was mostly observed. Tangential diameter of vessel lumina was 100 to $200{\mu}m$, and vessels per square millimeter were 5 to 20. White Jabon has more vessels than Red Jabon. The number of solitary pore per square millimeter in both species was similar, but more pore multiple was observed in White Jabon. Axial parenchyma diffuse was observed in both species, but axial parenchyma of White Jabon was hardly identified on the cross section. Rays were classified into "body ray cells procumbent with over 4 rows of upright/square marginal cells" type and partly "all ray cells upright and/or square" type on radial section. Ray width 1 to 3 cells and 1 to 2 cells observed in White Jabon and Red Jabon, respectively. Ray height of White Jabon was $420{\mu}m$ and Red Jabon $474{\mu}m$. Fiber length was the range of 900 to $1,600{\mu}m$ in both species, and it showed a tendency to increase from pith to bark. Consequently, it is considered that pore multiple, ray width and axial parenchyma are to be suggested the keys for identification of both species.

• Ecology and Resilient Infrastructure
• /
• v.2 no.3
• /
• pp.191-197
• /
• 2015

Invasive alien species are considered to be one of the main factors that cause biodiversity loss. Establishment of management strategies through continuous monitoring and risk assessment is a key element for invasive alien species management policy. In the present study, we introduce examples of ecological risk assessment tools developed in Japan, Germany-Austria and Belgium. Invasive alien species have been designated in Japan based on the assessment of risks to ecosystems, human health and primary industry. German-Austrian Black List Information System categorized alien species into Black List, White List and Grey List according to their risks to biodiversity. In the Harmonia Information System developed in Belgium, invasiveness, adverse impacts on native species and ecosystem functions and invasion stages were assessed and alien species were categorized into Black List, Watch List and Alert List. These international risk assessment tools may be helpful to improve our national risk assessment protocol for the prioritization of invasive alien species management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.757-766
• /
• 2013

The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code 'chest' has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user's smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.171-180
• /
• 2007

The financial crime that used morale anger Phishing, Pharming, Vishing, SMiSing etc. will gain during recent cyber crimes. We are study systematically whether or not leakage of information and infringement can how easily occur to Phishing, Vishing, SMiSing using a social engineering technique and VoIP at these papers through experiment. A hacker makes Phishing, Vishing site, and test an information infringement process of a user through PiSing mail and a virus, a nasty code, Vishing, a SMiSing character, disarmament of Keylogger prevention S/W etc. as establish server. Information by Phishing, Vishing, SMiSing is infringed with leakage in the experiment results, and confirm, and test certified certificate and White List and a certified authentication mark, plug-in program installation etc. to prevention, and security becomes, and demonstrate. Technical experiment and prevention regarding Phishing of this paper and Vishing attack reduce the damage of information infringement, and be education for Ubiquitous information security will contribute in technical development.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.47-54
• /
• 2012

Sharing cross-site resources has been adopted by many recent websites in the forms of service-mashup and social network services. In this change, exploitation of the new vulnerabilities increases, which includes inserting malicious codes into the interaction points between clients and services instead of attacking the websites directly. In this paper, we present a system model to identify malicious script codes in the web contents by means of a remote verification while the web contents downloaded from multiple trusted origins are executed in a client's browser space. Our system classifies verification items according to the origin of request based on the information on the service code implementation and stores the verification results into three databases composed of white, gray, and black lists. Through the experimental evaluations, we have confirmed that our system provides clients with increased security by effectively detecting malicious scripts in the mashup web environment.

• Publications of The Korean Astronomical Society
• /
• v.30 no.2
• /
• pp.201-204
• /
• 2015

The common-envelope process is a complicated phase in binary evolution. A lot of effort has been dedicated to study the common-envelope stage, but many questions related to this process are yet to be answered. If one member of the binary survives the common-envelope phase, the binary will emerge as a white dwarf accompanied by a low-mass main sequence star in close orbit, often referred as a post common-envelope binary (PCEB). SDSS J0745+2631 is among the list of newly found PCEBs from the Sloan Digital Sky Survey (SDSS). This star is proposed to be a strong eclipsing system candidate due to the ellipsoidal modulation in its light curve. In this work, we aim to confirm the eclipsing nature of SDSS J0745+2631 and to determine the stellar and orbital parameters using the software Binary Maker 3.0 (BM3.0). We detected the primary eclipse in the light curve of SDSS J0745+2631 in our follow-up observation from January 2014 using the ULTRASPEC instrument at the Thai National Observatory. The data obtained on 7th and 8th January 2014 in g filter show an evident drop in brightness during the eclipse of the white dwarf, but this eclipse is less prominent in the data taken on the next night using a clear filter. According to our preliminary model, we find that SDSS J0745+2631 hosts a rather hot white dwarf with an effective temperature of 11500K. The companion star is a red dwarf star with a temperature of 3800K and radius of 0.3100 $R_{\odot}$. The red dwarf star almost fills its Roche lobe, causing a large ellipsoidal modulation. The mass ratio of the binary given by the Binary Maker 3.0 (BM3.0) model is M2/M1 = 0.33.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.