• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.193-200
• /
• 2022

Unknown cryptographic communication protocols may have advantage of guaranteeing personal and data privacy, but when used for malicious purposes, it is almost impossible to identify and respond to using existing network security equipment. In particular, there is a limit to manually analyzing a huge amount of traffic in real time. Therefore, in this paper, we attempt to identify packets of unknown cryptographic communication protocols and separate fields comprising a packet by using machine learning techniques. Using sequential patterns analysis, hierarchical clustering, and Pearson's correlation coefficient, we found that the structure of packets can be automatically analyzed even for an unknown cryptographic communication protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.1
• /
• pp.75-84
• /
• 2018

Increasing the operation rate of components and stabilizing the operation through timely management of the core parts are crucial for improving the efficiency of the railroad maintenance industry. The demand for diagnosis technology to assess the condition of rolling stock components, which employs history management and automated big data analysis, has increased to satisfy both aspects of increasing reliability and reducing the maintenance cost of the core components to cope with the trend of rapid maintenance. This study developed a big data platform-based system to manage the rolling stock component condition to acquire, process, and analyze the big data generated at onboard and wayside devices of railroad cars in real time. The system can monitor the conditions of the railroad car component and system resources in real time. The study also proposed a machine learning technique that enabled the distributed and parallel processing of the acquired big data and automatic component fault diagnosis. The test, which used the virtual instance generation system of the Amazon Web Service, proved that the algorithm applying the distributed and parallel technology decreased the runtime and confirmed the fault diagnosis model utilizing the random forest machine learning for predicting the condition of the bearing and wheel parts with 83% accuracy.

• The Journal of Society for e-Business Studies
• /
• v.26 no.3
• /
• pp.1-20
• /
• 2021

As the Great Reset is discussed at the World Economic Forum due to the COVID-19 pandemic, artificial intelligence, the driving force of the 4th industrial revolution, is also in the spotlight. However, corporate research in the field of artificial intelligence is still scarce. Since 2000, related research has focused on how to create value by applying artificial intelligence to existing companies, and research on how startups seize opportunities and enter among existing businesses to create new value can hardly be found. Therefore, this study analyzed the cases of startups using the comprehensive framework of the multi-level perspective with the research question of how artificial intelligence based startups, a sub-industry of software, have different innovation patterns from the existing software industry. The target firms are gazelle firms that have been certified as venture firms in South Korea, as start-ups within 7 years of age, specializing in machine learning modeling purposively sampled in the medical, finance, marketing/advertising, e-commerce, and manufacturing fields. As a result of the analysis, existing software companies have achieved process innovation from an enterprise-wide integration perspective, in contrast machine learning technology based startups identified unit processes that were difficult to automate or create value by dismantling existing processes, and automate and optimize those processes based on data. The contribution of this study is to analyse the birth of artificial intelligence-based startups and their innovation patterns while validating the framework of an integrated multi-level perspective. In addition, since innovation is driven based on data, the ability to respond to data-related regulations is emphasized even for start-ups, and the government needs to eliminate the uncertainty in related systems to create a predictable and flexible business environment.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.87-94
• /
• 2022

Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.21 no.4
• /
• pp.64-80
• /
• 2018

In Korea, citizens can only know general information about crime. Thus it is difficult to know how much they are exposed to crime. If the police can predict the crime risky area, it will be possible to cope with the crime efficiently even though insufficient police and enforcement resources. However, there is no prediction system in Korea and the related researches are very much poor. From these backgrounds, the final goal of this study is to develop an automated crime prediction system. However, for the first step, we build a big data set which consists of local real crime information and urban physical or non-physical data. Then, we developed a crime prediction model through machine learning method. Finally, we assumed several possible scenarios and calculated the probability of crime and visualized the results in a map so as to increase the people's understanding. Among the factors affecting the crime occurrence revealed in previous and case studies, data was processed in the form of a big data for machine learning: real crime information, weather information (temperature, rainfall, wind speed, humidity, sunshine, insolation, snowfall, cloud cover) and local information (average building coverage, average floor area ratio, average building height, number of buildings, average appraised land value, average area of residential building, average number of ground floor). Among the supervised machine learning algorithms, the decision tree model, the random forest model, and the SVM model, which are known to be powerful and accurate in various fields were utilized to construct crime prevention model. As a result, decision tree model with the lowest RMSE was selected as an optimal prediction model. Based on this model, several scenarios were set for theft and violence cases which are the most frequent in the case city J, and the probability of crime was estimated by $250{\times}250m$ grid. As a result, we could find that the high crime risky area is occurring in three patterns in case city J. The probability of crime was divided into three classes and visualized in map by $250{\times}250m$ grid. Finally, we could develop a crime prediction model using machine learning algorithm and visualized the crime risky areas in a map which can recalculate the model and visualize the result simultaneously as time and urban conditions change.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.448-451
• /
• 2022

주식과 암호화폐 거래는 매매방식에 있어서 유사한 점이 있지만 기업의 사업분야, 자본금, 순이익 등의 경영현황과 미래가치에 영향을 많이 받는 주식과는 다르게 암호화폐는 실물 실체가 없으며 탈중앙화, 전산화된 데이터를 기반으로 하며 심리적인 요소가 크게 작용하여 단기적인 변동이 클 수 있다. 본 연구에서는 이러한 암호화폐 거래의 특성을 활용하여 특정 암호화폐에 관련된 뉴스기사들을 수집하고 그 암호화폐의 가격 변화 데이터와 연관되어 가격예측 딥러닝 모델을 생성하고 해당 암호화폐에 대한 신규 뉴스기사가 발생되었을 때 이를 이용하여 매수, 매도, 관망 등과 같은 매매 정보를 예측 적용할 수 있게 하였다. 첫째, 뉴스 기사에서 언급한 암호화폐를 매수, 매도, 관망 중 어느 편이 좋을 것인지 추천하는 알고리즘을 구현하였고, 둘째, 매수 이후 매매 차익을 위한 매도 시점이나 매도 이후 저가매수에 유리한 시점을 제안하는 알고리즘을 구현하였다. 또한, 실시간 뉴스기사 수집 및 예측한 매매 판단에 따라 매매 자동화 시스템을 구현하여 수익률을 직접 확인함으로써 그 유효성을 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.391-392
• /
• 2021

해마다 실내 냉방기 냉매누설 문제가 고질적으로 반복되며 소비자들의 피해도 커져가고 있다. 특히 제조사와 설치 업체가 다른 경우 냉매 누수의 원인이 제품인지, 설치하자인지 책임소재를 두고 갈등을 빚는 경우가 빈번하다. 이에 더 이상 소비자들의 피해를 막기 위해 냉매누설 검출 방안 마련이 필요해 보인다. 본 연구에서는 실내 냉방기 설치 후 냉매누설 검출을 위한 별도의 하드웨어 장치 추가 없이 냉방기의 운영을 위해 설치된 센서들의 값을 이용하여 냉매누설의 유무를 판단할 수 있는 방안을 제안하는 것을 목적으로 한다. 데이터 분석을 위하여 제조사의 제품 출하 전 현장 테스트 단계에서 측정한 온도값, 전류값, 습도값을 취합하여 데이터 셋을 구축하였다. 이때 자동화된 머신러닝(AutoML)을 이용하여 데이터의 80%를 훈련 데이터로 20%를 테스트 데이터로 사용하여 냉매량 80%는 1, 그 이하는 0으로 훈련시켰다. 구축한 데이터 셋을 이용하여 훈련시킨 결과 99% 정확도로 냉매누설 검출을 분별할 수 있었다. 또한 냉매누설과 관련성이 높은 중요 특징 4개를 추출할 수 있었다. 본 연구를 통하여 별도의 하드웨어 장치 추가 없이 소프트웨어적인 접근 방법으로 문제를 해결할 수 있는 feasibility를 확인할 수 있었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.587-596
• /
• 2024

Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

• Journal of Wetlands Research
• /
• v.26 no.3
• /
• pp.197-203
• /
• 2024

The algal blooms in rivers can negatively affect water source management and water treatment processes, necessitating continuous management. In this study, a multi-classification model was developed to predict the concentration of chlorophyll-a (chl-a), one of the key indicators of algal blooms, using Tabular Prior Fitted Networks (TabPFN), a novel deep learning algorithm known for its relatively superior performance on small tabular datasets. The model was developed using daily observation data collected at Buyeo water quality monitoring station from January 1, 2014, to December 31, 2022. The collected data were averaged to construct input data sets with measurement frequencies of 1 day, 3 days, 6 days, 12 days. The performance comparison of the four models, constructed with input data on observation frequencies of 1 day, 3 days, 6 days, and 12 days, showed that the model exhibits stable performance even when the measurement frequency is longer and the number of observations is smaller. The macro average for each model were analyzed as follows: Precision was 0.77, 0.76, 0.83, 0.84; Recall was 0.63, 0.65, 0.66, 0.74; F1-score was 0.67, 0.69, 0.71, 0.78. For the weighted average, Precision was 0.76, 0.77, 0.81, 0.84; Recall was 0.76, 0.78, 0.81, 0.85; F1-score was 0.74, 0.77, 0.80, 0.84. This study demonstrates that the chl-a prediction model constructed using TabPFN exhibits stable performance even with small-scale input data, verifying the feasibility of its application in fields where the input data required for model construction is limited.