• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.431-438
• /
• 2019

Fileless malware uses memory injection attacks to hide traces of payloads to perform malicious works. During the memory injection attack, an attack named "process hollowing" is a method of creating paused benign process like system processes. And then injecting a malicious payload into the benign process allows malicious behavior by pretending to be a normal process. In this paper, we propose a method to detect the memory injection regardless of whether or not the malicious action is actually performed when a process hollowing attack occurs. The replication process having same execution condition as the process of suspending the memory injection is executed, the data set belonging to each process virtual memory area is compared using the fuzzy hash, and the similarity is calculated.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.389-395
• /
• 2022

With the evolution of technology, cyber physical systems (CPSs) are being upgraded, and new types of cyber attacks are being discovered accordingly. There are many forms of cyber attack, and all cyber attacks are made to manipulate the target systems. A representative system among cyber physical systems is a cyber physical power system (CPPS), that is, a smart grid. Smart grid is a new type of power system that provides reliable, safe, and efficient energy transmission and distribution. In this paper, specific types of cyber attacks well known as false data injection attacks targeting state estimation and energy distribution of smart grid, and protection strategies for defense of these attacks and dynamic monitoring for detection are described.

• Design & Manufacturing
• /
• v.17 no.3
• /
• pp.34-40
• /
• 2023

In this study, real-time collection of mold vibration signals during injection molding processes was achieved through IoT devices installed on the mold surface. To analyze changes in the collected vibration signals, injection molding was performed under six different process conditions. Analysis of the mold vibration signals according to process conditions revealed distinct trends and patterns. Based on this result, cosine similarity was applied to compare pattern changes in the mold vibration signals. The similarity in time and acceleration vector space between the collected data was analyzed. The results showed that under identical conditions for all six process settings, the cosine similarity remained around 0.92±0.07. However, when different process conditions were applied, the cosine similarity decreased to the range of 0.47±0.07. Based on these results, a cosine similarity threshold of 0.60~0.70 was established. When applied to the analysis of mold vibration signals, it was possible to determine whether the molding process was stable or whether variations had occurred due to changes in process conditions. This establishes the potential use of cosine similarity based on mold vibration signals in future applications for real-time monitoring of molding process changes and anomaly detection.

• Analytical Science and Technology
• /
• v.33 no.1
• /
• pp.42-48
• /
• 2020

Bromate is a disinfection by-product generated mainly from the oxidation of bromide during the ozonation and disinfection process in order to remove pathogenic microorganism of drinking water, and classified as a possible human carcinogen by International Agency for Research of Cancer (IARC) and World Health Organization (WHO). For the purpose of determining the trace level concentration of bromate, several sensitive techniques are applied mostly based on suppressed conductivity detection and UV/Visible detection after postcolumn reaction (PCR). In this study, the suppressed conductivity detection method and the PCR-UV/Visible detection method through the triiodide reaction were compared to analyze the trace bromate in water samples and estimated for the availability of these analytical methods. In addtion, the state-of-the-art techniques was applied for the determination of trace level bromate in various water matrices, i.e., soft drinking water, hard drinking water, mineral water, swimming pool water, and raw water. In comparison of two analytical methods, it was found that the conductivity detection had the suitable advantage to simultaneously analyze bromate and inorganic anions, however, the bromate might not be precisely quantified due to the matrix effect especially by chloride ion. On the other hand, the trace bromate was analyzed effectively by the method of PCR-UV/Visible detection through triiodide reaction to satisfactorily minimize the matrix interference of chloride ion in various water samples, showing the good linearity and reproducibility. Furthermore, the method detection limit (MDL) and recovery were 0.161 ㎍/L and 101.0-108.1 %, respectively, with a better availability compared to conductivity detection.

• Proceedings of the KSAR Conference
• /
• 2001.03a
• /
• pp.53-53
• /
• 2001

Two trials were conducted in a commercial dairy farm on heifer synchronization with PGF$_2$ $\alpha$. Animals showing estrus following the first injection were bred and animals not showing estrus were given the second injection 10 days later. In the first trial, the injection sites were rump and rump. In the second trial, the injection sites were rump and shoulder. Estrous detection was peformed 24 h after injection. Animals were bred by the same technician. In the first trial, the response rate for the first injection was 51.4% and the subsequent pregnancy rate of these animals was 60.0%. The response rate in the second injection was 57.1% and the pregnancy rate was 50.0%. In the second trial, the response rate in the first injection on the rump was 48.7% and the subsequent pregnancy rate was 70.6%. The second injection was given on the shoulder and the response rate was 60.0% and the subsequent pregnancy rate was 25.0%. The data suggests that the site of PGF2 $\alpha$ administration was critical to achieve success in estrous synchronization and pregnancy rates.

• Progress in Medical Physics
• /
• v.17 no.1
• /
• pp.32-39
• /
• 2006

To assess the ability of an extravasation detection accessory (EDA) system to detect clinically important extravascular injection of iodinated contrast material delivered with an automated power injector. Fifty patients referred for contrast material enhanced body computed tomography studied in a prospective, observation study in which the EDA system was used to identify and interrupt any injection associated with clinically Important extravasation. The presence or absence of extravasation was definitively established with multi-detector CT at the injection site (injection rate, $2.0{\sim}2.5$ mL/sec). There were two true positive, extravasation volumes $22{\sim}25$ mL. The EDA system had sensitivity in the detection of clinically important extravasation. The EDA system is easy to use, safe, and accurate In the monitoring of intravenous injections for extravasation, which may prove especially useful in CT applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2168-2187
• /
• 2021

The smart grid replaces the traditional power structure with information inventiveness that contributes to a new physical structure. In such a field, malicious information injection can potentially lead to extreme results. Incorrect, FDI attacks will never be identified by typical residual techniques for false data identification. Most of the work on the detection of FDI attacks is based on the linearized power system model DC and does not detect attacks from the AC model. Also, the overwhelming majority of current FDIA recognition approaches focus on FDIA, whilst significant injection location data cannot be achieved. Building on the continuous developments in deep learning, we propose a Deep Learning based Locational Detection technique to continuously recognize the specific areas of FDIA. In the development area solver gap happiness is a False Data Detector (FDD) that incorporates a Convolutional Neural Network (CNN). The FDD is established enough to catch the fake information. As a multi-label classifier, the following CNN is utilized to evaluate the irregularity and cooccurrence dependency of power flow calculations due to the possible attacks. There are no earlier statistical assumptions in the architecture proposed, as they are "model-free." It is also "cost-accommodating" since it does not alter the current FDD framework and it is only several microseconds on a household computer during the identification procedure. We have shown that ANN-MLP, SVM-RBF, and CNN can conduct locational detection under different noise and attack circumstances through broad experience in IEEE 14, 30, 57, and 118 bus systems. Moreover, the multi-name classification method used successfully improves the precision of the present identification.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• Transactions of Materials Processing
• /
• v.15 no.9 s.90
• /
• pp.667-672
• /
• 2006

Agglutination is one of the most commonly employed reactions in clinical diagnosis. In this paper, we have designed and fabricated nickel mold insert for injection molding of a microfluidic lab-on-a-chip for the purpose of the efficient detection of agglutination. In the presented microfluidic lab-on-a-chip, two inlets for sample blood and reagent, flow guiding microchannels, improved serpentine laminating micromixer(ISLM) and reaction microwells are fully integrated. The ISLM, recently developed by our group, can highly improve mixing of the sample blood and reagent in the microchannel, thereby enhancing reaction of agglutinogens and agglutinins. The reaction microwell was designed to contain large volume of about $25{\mu}l$ of the mixture of sample blood and reagent. The result of agglutination in the reaction microwell could be determined by means of the level of the light transmission. To achieve the cost-effectiveness, the microfluidic lab-on-a-chip was realized by the injection molding of COC(cyclic olefin copolymer) and thermal bonding of two injection molded COC substrates. To define microfeatures in the microfluidic lab-on-a-chip precisely, the nickel mold inserts of lab-on-a-chip for the injection molding were fabricated by combining the UV photolithography with a negative photoresist SU-8 and the nickel electroplating process. The microfluidic lab-on-a-chip developed in this study could be applied to various clinical diagnosis based on agglutination.

• Proceedings of the Korean Vacuum Society Conference
• /
• 2009.08a
• /
• pp.54-54
• /
• 2009