• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1076-1079
• /
• 2012

스마트폰의 사용이 생활에 필수적인 요소가 되었다. 스마트폰 특징의 가장 핵심적인 부분이 다양한 콘텐츠를 사용자의 취향에 맞게 선택 할 수 있다는 점이기에 스마트폰의 콘텐츠 시장 또한 빠르게 커지고 있다. 오픈 마켓인 안드로이드의 특성 상 누구나 어플리케이션을 만들어 원하는 곳에 배포할 수 있고 어플리케이션을 다운받을 수 있는 소스도 한정되어 있지 않기 때문에 스마트폰 보안을 위협하는 악의적인 어플리케이션에 노출되기 쉽다. 개인적인 정보가 저장되어 있는 핸드폰의 특징 상 악성코드에 노출 될 경우 전화번호부 유출로 인한 인한 스팸이나 피싱에서 크게는 금융정보 유출까지, 입을 수 있는 피해가 크다. 이를 방지하기 위해 클라우드 컴퓨팅을 이용해 단계적으로 악의적인 어플리케이션을 걸러 내고 클라우드 서버에 어플리케이션 실행 환경을 제공함으로써 사용자의 기기를 안전하게 보호 할 수 있는 시스템을 제안한다.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.479-490
• /
• 2013

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.383-386
• /
• 2014

Due to the development of communication technology, a conventional major business through PC, laptop or Tablet PC can be performed via a smartphone and it is increasing the user's convenience. At this point, the user prefers to connect to the Internet using the wireless network because it occurs an additional charge according to the amount of data to be transmitted when using a data communication through 3G or 4G. However, when using a wireless network, there is a possibility of several attacks such as easily steal or modulate the information from the outside or to gain access to personal information stored in the user's smartphone with man-in-the-middle attacks by using the fake AP. IIn this paper, we describe how you can detect the AP when you use LAN of the smartphone, were analyzed for this vulnerability, has not been approved. Furthermore, Also, we discuss ways which can enhance the security when user the access to the internet services (i.e., internet, public/private cloud service, etc.) via wireless network in smartphone.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.1
• /
• pp.63-68
• /
• 2021

Recently there is sharply increasing interest in watching and creating video contents such as YouTube. However, creating such video contents without privacy protection technique can expose other people in the background in public, which is consequently violating their privacy rights. This paper seeks to remedy these problems and proposes a technique that identifies faces and protecting portrait rights by blurring the face. The key contribution of this paper lies on our deep-learning technique with low detection error and high computation that allow to protect portrait rights in real-time videos. To reduce errors, an efficient tracking algorithm was used in this system with face detection and face recognition algorithm. This paper compares the performance of the proposed system with and without the tracking algorithm. We believe this system can be used wherever the video is used.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.12
• /
• pp.127-134
• /
• 2020

Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.817-827
• /
• 2015

In this modern society, people are having a close relationship with smartphone. This makes easier for hackers to gain the user's information by installing the malware in the user's smartphone without the user's authority. This kind of action are threats to the user's privacy. The malware characteristics are different to the general applications. It requires the user's authority. In this paper, we proposed a new classification method of user requirements method by each application using the Principle Component Analysis(PCA) and Probabilistic K-Nearest Neighbor(PKNN) methods. The combination of those method outputs the improved result to classify between malware and general applications. By using the K-fold Cross Validation, the measurement precision of PKNN is improved compare to the previous K-Nearest Neighbor(KNN). The classification which difficult to solve by KNN also can be solve by PKNN with optimizing the discovering the parameter k and ${\beta}$. Also the sample that has being use in this experiment is based on the Contagio.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.240-243
• /
• 2021

Recently, there have been research results of applying Big data and AI technologies to the evaluation and individual learning for education. It is information technology innovations that collect dynamic and complex data, including student personal records, physiological data, learning logs and activities, learning outcomes and outcomes from social media, MOOCs, intelligent tutoring systems, LMSs, sensors, and mobile devices. In addition, e-learning was generated a large amount of learning data in the COVID-19 environment. It is expected that learning analysis and AI technology will be applied to extract meaningful patterns and discover knowledge from this data. On the learner's perspective, it is necessary to identify student learning and emotional behavior patterns and profiles, improve evaluation and evaluation methods, predict individual student learning outcomes or dropout, and research on adaptive systems for personalized support. This study aims to contribute to research in the field of education by researching and classifying machine learning technologies used in anomaly detection and recommendation systems for educational data.

• The Journal of Society for e-Business Studies
• /
• v.18 no.4
• /
• pp.315-326
• /
• 2013

Users in social media post various types of opinions such as product reviews and movie reviews. It is a common trend that customers get assistance from the opinions in making their decisions. However, as opinion usage grows, distorted feedbacks also have increased. For example, exaggerated positive opinions are posted for promoting target products. So are negative opinions which are far from common evaluations. Finding these biased opinions becomes important to keep social media reliable. Techniques of opinion mining (or sentiment analysis) have been developed to determine sentiment polarity of opinionated documents. These techniques can be utilized for finding the biased opinions. However, the previous techniques have some drawback. They categorize the text into only positive and negative, and they also need a large amount of training data to build the classifier. In this paper, we propose methods for discovering the biased opinions which are skewed from the overall common opinions. The methods are based on angle based outlier detection and personalized PageRank, which can be applied without training data. We analyze the performance of the proposed techniques by presenting experimental results on a movie review dataset.