• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.429-436
• /
• 2018

Electronic documents are efficient to be created and managed, but they are liable to lose their originality because copies are created during distribution and delivery. For this reason, various security technologies for electronic documents have been applied. However, most security technologies currently used are for document management such as file access privilege control, file version and history management, and therefore can not be used in environments where authenticity is absolutely required, such as confidential documents. In this paper, we propose a method to detect document forgery and tampering through analysis of file system without installing an agent inside the instance operating system in cloud computing environment. BubbleDoc monitors the minimum amount of virtual volume storage in an instance, so it can efficiently detect forgery and tampering of documents. Experimental results show that the proposed technique has 0.16% disk read operation overhead when it is set to 1,000ms cycle for monitoring for document falsification and modulation detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5819-5840
• /
• 2018

Considering the topology of hierarchical tree structure, each cluster in WSNs is faced with various attacks launched by malicious nodes, which include network eavesdropping, channel interference and data tampering. The existing intrusion detection algorithm does not take into consideration the resource constraints of cluster heads and sensor nodes. Due to application requirements, sensor nodes in WSNs are deployed with approximately uncorrelated security weights. In our study, a novel and versatile intrusion detection system (IDS) for the optimal defense strategy is primarily introduced. Given the flexibility that wireless communication provides, it is unreasonable to expect malicious nodes will demonstrate a fixed behavior over time. Instead, malicious nodes can dynamically update the attack strategy in response to the IDS in each game stage. Thus, a multi-stage intrusion detection game (MIDG) based on Bayesian rules is proposed. In order to formulate the solution of MIDG, an in-depth analysis on the Bayesian equilibrium is performed iteratively. Depending on the MIDG theoretical analysis, the optimal behaviors of rational attackers and defenders are derived and calculated accurately. The numerical experimental results validate the effectiveness and robustness of the proposed scheme.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2009.01a
• /
• pp.572-577
• /
• 2009

This paper proposes a novel reversible image authentication method that requires neither location map nor memorization of parameters. The proposed method detects image tampering and further localizes tampered regions. Though this method once distorts an image to hide data for tamper detection, it recovers the original image from the distorted image unless no tamper is applied to the image. The method extracts hidden data and recovers the original image without memorization of any location map that indicates hiding places and of any parameter used in the algorithm. This feature makes the proposed method practical. Simulation results show the effectiveness of the proposed method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.667-670
• /
• 2013

Noise is unwanted in high quality images, but it can aid image tampering. For example, noise can be intentionally added in image to conceal tampered regions or to create special visual effects. It may also be introduced unknowingly during camera imaging process, which makes the noise levels inconsistent in splicing images. In this paper, we present an image forgery detection method using a noise dependent watershed transformation. Image is segmented into objects for initial noise estimation by the watershed transformation, and different noise level in objects are estimated to obtain final decision result. Experimental results of the proposed method on natural images are presented.

• Journal of Korea Game Society
• /
• v.16 no.1
• /
• pp.83-92
• /
• 2016

An online game is a huge distributed system comprised of servers and untrusted clients. In such circumstances, cheaters may employ abnormal behaviors through client modification or network packet tampering. Client-side detection methods have the merit of distributing the burden to clients but can easily be breached. In the other hand, server-side detection methods are trustworthy but consume tremendous amount of resources. Therefore, this paper proposes a security reinforcement method which involves both the client and the server. This method is expected to provide meaningful security fortification while minimizing server-side stress.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• Journal of Internet Computing and Services
• /
• v.19 no.4
• /
• pp.7-13
• /
• 2018

The methods for detecting copy move frogery (CMF) are divided into two categories, block-based methods and keypoint-based methods. Block-based methods have a high computational cost because a large number of blocks should be examined for CMF detection. In addition, the forgery detection may fail if a tampered region undergoes geometric transformation. On the contrary, keypoint-based methods can overcome the disadvantages of the block-based approach, but it can not detect a tampered region if the CMF forgery occurs in the low entropy region of the image. Therefore, in this paper, we propose a method to detect CMF forgery in all areas of image by combining keypoint-based and block-based methods. The proposed method first performs keypoint-based CMF detection on the entire image. Then, the areas for which the forgery check is not performed are selected and the block-based CMF detection is performed for them. Therefore, the proposed CMF detection method makes it possible to detect CMF forgery occurring in all areas of the image. Experimental results show that the proposed method achieves better forgery detection performance than conventional methods.

• Journal of Ubiquitous Convergence Technology
• /
• v.2 no.1
• /
• pp.18-26
• /
• 2008

The invariance relation existing in the non-negative matrix factorization (NMF) is used for constructing robust image hashes in this work. The image is first re-scaled to a fixed size. Low-pass filtering is performed on the luminance component of the re-sized image to produce a normalized matrix. Entries in the normalized matrix are pseudo-randomly re-arranged under the control of a secret key to generate a secondary image. Non-negative matrix factorization is then performed on the secondary image. As the relation between most pairs of adjacent entries in the NMF's coefficient matrix is basically invariant to ordinary image processing, a coarse quantization scheme is devised to compress the extracted features contained in the coefficient matrix. The obtained binary elements are used to form the image hash after being scrambled based on another key. Similarity between hashes is measured by the Hamming distance. Experimental results show that the proposed scheme is robust against perceptually acceptable modifications to the image such as Gaussian filtering, moderate noise contamination, JPEG compression, re-scaling, and watermark embedding. Hashes of different images have very low collision probability. Tampering to local image areas can be detected by comparing the Hamming distance with a predetermined threshold, indicating the usefulness of the technique in digital forensics.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.136-144
• /
• 2022

Construction sites are characterized by dangerous situations and environments that cause fatal accidents. Potential risk detection needs to be improved by continuously monitoring site conditions. However, the current labor-intensive inspection practice has many limitations in monitoring dangerous conditions at construction sites. Computer vision technology that can quickly analyze and collect site conditions from images has been in the spotlight as a solution. Nonetheless, inspection results obtained via computer vision are still stored and managed in centralized systems vulnerable to tampering with information by the central node. Blockchain has been used as a reliable and efficient decentralized information management system. Despite its potential, only limited research has been conducted integrating computer vision and blockchain. Therefore, to solve the current safety management problems, the authors propose a framework for construction site inspection that integrates object detection and blockchain network, enabling efficient and reliable remote inspection. Object detection is applied to enable the automatic analysis of site safety conditions. As a result, the workload of safety managers can be reduced with inspection results stored and distributed reliably through the blockchain network. In addition, errors or forgery in the inspection process can be automatically prevented and verified through a smart contract. As site safety conditions are reliably shared with project participants, project participants can remotely inspect site conditions and make safety-related decisions in trust.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.