• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.89-100
• /
• 2011

As the Internet usage with web browser is more increasing, the web-based malware which is distributed in websites is going to more serious problem than ever. The central type malicious website detection method based on crawling has the problem that the cost of detection is increasing geometrically if the crawling level is lowered more. In this paper, we proposed a security tool based on web browser which can detect the malicious web pages dynamically and support user's safe web browsing by stopping navigation to a certain malicious URL injected to those web pages. By applying these tools with many distributed web browser users, all those users get to participate in malicious website detection and feedback. As a result, we can detect the lower link level of websites distributed and dynamically.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.9
• /
• pp.1187-1192
• /
• 2020

The dronebot combat system is a representative model of the future battlefield in the 4th industrial revolution. In dronebot, unmanned reconnaissance tankrobot can minimize human damage and reduce cost with higher combat power than humans. However, since the battlefield environment is very complex such as obstacles and enemy situations, it is also necessary for the pilot to control the tankrobot. Tankrobot are robots with new ICT technology, capable of hacking attacks, and if there is an abnormality in control, it can pose a threat to manipulation and control. A Bluetooth sniffing attack was performed on the communication section of the tankrobot and the controller to introduce a vulnerability to Bluetooth, and a countermeasure using MAC address exposure prevention and communication section encryption was proposed as a security measure. This paper first presented the vulnerability of tankrobot to be operated in future military operations, and will be the basic data that can be used for defense dronebot units.

• Journal of Internet of Things and Convergence
• /
• v.8 no.2
• /
• pp.79-84
• /
• 2022

This paper presents an enhancement method of document restoration capability which is robust for security, loss, and contamination, It is based on two methods, that is, encryption and DnCNN(DeNoise Convolution Neural Network). In order to implement this encryption method, a mathematical model is applied as a spatial frequency transfer function used in optics of 2D image information. Then a method is proposed with optical interference patterns as encryption using spatial frequency transfer functions and using mathematical variables of spatial frequency transfer functions as ciphers. In addition, by applying the DnCNN method which is bsed on deep learning technique, the restoration capability is enhanced by removing noise. With an experimental evaluation, with 65% information loss, by applying Pre-Training DnCNN Deep Learning, the peak signal-to-noise ratio (PSNR) shows 11% or more superior in compared to that of the spatial frequency transfer function only. In addition, it is confirmed that the characteristic of CC(Correlation Coefficient) is enhanced by 16% or more.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.445-452
• /
• 2022

Class distribution of unbalanced data is an important part of the digital world and is a significant part of cybersecurity. Abnormal activity of unbalanced data should be found and problems solved. Although a system capable of tracking patterns in all transactions is needed, machine learning with disproportionate data, which typically has abnormal patterns, can ignore and degrade performance for minority layers, and predictive models can be inaccurately biased. In this paper, we predict target variables and improve accuracy by combining estimates using Synthetic Minority Oversampling Technique (SMOTE) and Light GBM algorithms as an approach to address unbalanced datasets. Experimental results were compared with logistic regression, decision tree, KNN, Random Forest, and XGBoost algorithms. The performance was similar in accuracy and reproduction rate, but in precision, two algorithms performed at Random Forest 80.76% and Light GBM 97.16%, and in F1-score, Random Forest 84.67% and Light GBM 91.96%. As a result of this experiment, it was confirmed that Light GBM's performance was similar without deviation or improved by up to 16% compared to five algorithms.

• Journal of Convergence for Information Technology
• /
• v.12 no.5
• /
• pp.15-20
• /
• 2022

This research studied the evaluation of reliability among the software quality characteristics: suitability, reliability, usability, portability, maintainability, performance efficiency, security, and compatibility. It proposes a quantitative evaluation of reliability in the measurement of software quality. This study introduces a method for measuring the failure rate included in maturity during reliability evaluation, which is one of the characteristics of software quality, and is a study with experimental data on how the failure rate changes depending on the form of failure data. Focusing on software testing, the failure rate was measured and compared according to the type of failure data by applying it to the software reliability growth model, focusing on the number of failures per day. The failure rate was measured around the failure time found through the 6-day test, and the failure rate was compared with the failure rate proposed by the international standard ISO/IEC 25023 using the measurement results, and the application was reviewed according to the data type.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1069-1080
• /
• 2022

Zero trust, which means never trust anything before verifying it, is emerging as a hot issue in security field. After authenticating users, zero trust establishes network boundaries so that only networks in the trusted range can be accessed. This concept is also consistent with the concept of SDP, which performs pre-verification and creates a network boundary with a dynamic firewall so that clients can access only as many as they have permission to connect. Therefore, we recommend the SDP model as an example of how zero trust can be achieved in a zero trust architecture. In this paper, we point out the areas where SDP needs to be modified for zero trust and suggest ways to overcome them. In addition, we propose an onboarding method, which is one of the processes for becoming an SDP entity, and present performance measurement results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.751-763
• /
• 2022

With the recent increase in spending growth in the IoT sector worldwide, the importance of lightweight block ciphers to encrypt them is also increasing. The lightweight block cipher PIPO algorithm proposed in ICISC 2020 is an SPN-structured cipher using an unbalanced bridge structure. The white box attack model refers to a state in which an attacker may know the intermediate value of the encryption operation. As a technique to cope with this, Chow et al. proposed a white box implementation technique and applied it to DES and AES in 2002. In this paper, we propose a white box PIPO applying a white box implementation to a lightweight block cipher PIPO algorithm. In the white box PIPO, the size of the table decreased by about 5.8 times and the calculation time decreased by about 17 times compared to the white box AES proposed by Chow and others. In addition, white box PIPO was used for mobile security products, and experimental results for each test case according to the scope of application are presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.687-697
• /
• 2023

Botnets, whose attack patterns are becoming more sophisticated and diverse, are recognized as one of the most serious cybersecurity threats today. This paper revisits the experimental results of botnet detection using autoencoder, a semi-supervised deep learning model, for UGR and CTU-13 data sets. To prepare the input vectors of autoencoder, we create data points by grouping the NetFlow records into sliding windows based on source IP address and aggregating them to form features. In particular, we discover a simple power-law; that is the number of data points that have some flow-degree is proportional to the number of NetFlow records aggregated in them. Moreover, we show that our power-law fits the real data very well resulting in correlation coefficients of 97% or higher. We also show that this power-law has an impact on the learning of autoencoder and, as a result, influences the performance of botnet detection. Furthermore, we evaluate the performance of autoencoder using the area under the Receiver Operating Characteristic (ROC) curve.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.549-559
• /
• 2023

As mobile edge computing (MEC) is gaining attention as a core technology of 5G networks, edge AI technology of 5G network environment based on mobile user data is recently being used in various fields. However, as in traditional AI security, there is a possibility of adversarial interference of standard 5G network functions within the core network responsible for edge AI core functions. In addition, research on data poisoning attacks that can occur in the MEC environment of standalone mode defined in 5G standards by 3GPP is currently insufficient compared to existing LTE networks. In this study, we explore the threat model for the MEC environment using NWDAF, a network function that is responsible for the core function of edge AI in 5G, and propose a feature selection method to improve the performance of detecting data poisoning attacks for Leaf NWDAF as some proof of concept. Through the proposed methodology, we achieved a maximum detection rate of 94.9% for Slowloris attack-based data poisoning attacks in NWDAF.