• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.401-402
• /
• 2024

인공지능 기술은 사회 전반에 걸쳐 다양한 분야에서 활용되고 있다. 그러나 인공지능 기술의 발전과 함께 인공지능 기술을 악용한 적대적 공격의 위험성도 높아지고 있다. 적대적 공격은 작은 왜곡으로도 의료, 교통, 커넥티드카 등 인간의 생명과 안전에 직결되는 인공지능 학습 모델의 성능에 악영향을 미치기 때문에 효과적인 탐지 기술이 요구되고 있다. 본 논문에서는 설명 가능한 AI 를 활용한 적대적 공격을 탐지하는 최신 연구 동향을 분석한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1419-1429
• /
• 2017

Recently, environment based authentication technique had proposed reinforced authentication, which generating statistical model per user after user login history classifies into account takeover or legitimate login. But reinforced authentication is likely to be attacked if user was not attacked in past. To improve this problem in this paper, we propose unconsciousness authentication technique that generates 2-Class user model, which trains user's environmental information and others' one using machine learning algorithms. To evaluate performance of proposed technique, we performed evasion attacks: non-knowledge attacker that does not know any information about user, and sophisticated attacker that only knows one information about user. Experimental results against non-knowledge attacker show that precision and recall of Class 0 were measured as 1.0 and 0.998 respectively, and experimental results against sophisticated attacker show that precision and recall of Class 0 were measured as 0.948 and 0.998 respectively.

• Journal of Digital Convergence
• /
• v.17 no.7
• /
• pp.285-292
• /
• 2019

With the popularization of PC, SNS and IoT, a lot of data is generated and the amount is increasing exponentially. Artificial neural network learning is a topic that attracts attention in many fields in recent years by using huge amounts of data. Artificial neural network learning has shown tremendous potential in speech recognition and image recognition, and is widely applied to a variety of complex areas such as medical diagnosis, artificial intelligence games, and face recognition. The results of artificial neural networks are accurate enough to surpass real human beings. Despite these many advantages, privacy problems still exist in artificial neural network learning. Learning data for artificial neural network learning includes various information including personal sensitive information, so that privacy can be exposed due to malicious attackers. There is a privacy risk that occurs when an attacker interferes with learning and degrades learning or attacks a model that has completed learning. In this paper, we analyze the attack method of the recently proposed neural network model and its privacy protection method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.3-13
• /
• 2010

Differential Fault Analysis (DFA) is widely known for one of the most efficient method analyzing block cipher. In this paper, we propose a new type of DFA on DES (Data Encryption Standard). DFA on DES was first introduced by Biham and Shamir, then Rivain recently introduced DFA on DES middle rounds (9-12 round). However previous attacks on DES can only be applied to the encryption process. Meanwhile, we first propose the DFA on DES key-schedule. In this paper, we proposed a more efficient DFA on DES key schedule with random fault. The proposed DFA method retrieves the key using a more practical fault model and requires fewer faults than the previous DFA on DES.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.10
• /
• pp.502-510
• /
• 2007

Private Matching is a problem of computing the intersection of private datasets of two parties. One could envision the usage of private matching for Insurance fraud detection system, Do-not-fly list, medical databases, and many other applications. In 2004, Freedman et at. [1] introduced a probabilistic solution for this problem, and they extended it to malicious adversary model and multi-party computation. In this paper, we propose a new deterministic protocol for private matching with perfect correctness. We apply this technique to adversary models, achieving more reliable and higher speed computation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.5B
• /
• pp.304-309
• /
• 2008

This paper propose the traffic anomaly detection scheme based time series model. We apply ARIMA prediction model to this scheme and transform the value of the abnormal symptom into the probability value to maximize the traffic anomaly symptom detection. For this, we have evaluated the abnormal detection performance for the proposed model using total traffic and web traffic included the attack traffic. We will expect to have an great effect if this scheme is included in some network based intrusion detection system.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.13-21
• /
• 2024

Recently, with the rapid expansion of networks driven by the advancements of the Fourth Industrial Revolution, cybersecurity threats are becoming increasingly severe. Traditional signature-based Network Intrusion Detection Systems (NIDS) are effective in detecting known attacks but show limitations when faced with new threats such as Advanced Persistent Threats (APT). Additionally, deep learning models based on supervised learning can lead to biased decision boundaries due to the imbalanced nature of network traffic data, where normal traffic vastly outnumbers malicious traffic. To address these challenges, this paper proposes a network intrusion detection method based on one-class models that learn only from normal data to identify abnormal traffic. The effectiveness of this approach is validated through experiments using the Deep SVDD and MemAE models on the NSL-KDD dataset. Comparative analysis with supervised learning models demonstrates that the proposed method offers superior adaptability and performance in real-world scenarios.

• Korea Information Processing Society Review
• /
• v.30 no.4
• /
• pp.19-24
• /
• 2023

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.17-29
• /
• 2017

Various cyber attacks against our society and the government are continuing, and cases and damages are reported from time to time. And the area of cyber attack is not limited to cyberspace, but it is expanding into physical domain and affecting it. In the military arena, we have established and implemented the principle of responding proportionally to enemy physical attacks. This proportionality principle is also required in the version where the region is expanding. In order to apply it, it is necessary to have a quantitative and qualitative countermeasure against cyber attack. However, due to the nature of cyber attacks, it is not easy to assess the damage accurately and it is difficult to respond to the proportionality principle and the proportional nature. In this study, we calculated the damage scale by quantitatively and qualitatively evaluating the cyber attack damage using the Gorden-Lobe model and the security scoring technique based on the scenario. It is expected that the calculated results will be provided as appropriate level and criterion to counteract cyber attack.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.11-18
• /
• 2017

Now the ways in which information is exchanged by computers are changing, a variety of this information exchange method also requires corresponding change of responding to an illegal attack. Among these illegal attacks, the IP spoofing attack refers to the attack whose process are accompanied by DDoS attack and resource exhaustion attack. The way to detect an IP spoofing attack is by using traceback information. The basic traceback information analysis method is implemented by comparing and analyzing the normal router information from client with routing information existing in routing path on the server. There fore, Such an attack detection method use all routing IP information on the path in a sequential comparison. It's difficulty to responding with rapidly changing attacks in time. In this paper, all IP addresses on the path to compute in a coordinate manner. Based on this, it was possible to analyze the traceback information to improve the number of traceback required for attack detection.