• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.7
• /
• pp.265-274
• /
• 2019

The reliability test performed when developing the weapon system software is classified into static test and dynamic test. In static test, checking the coding rules, vulnerabilities and source code metric are performed without executing the software. In dynamic test, its functions are verified by executing the actual software based on requirements and the code coverage is measured. The purpose of this static/dynamic test is to find out defects that exist in the software. However, there still exist defects that can't be detected only by the current reliability test on the weapon system software. In this paper, whether defects that may occur in the software can be detected by static test and dynamic test of the current reliability test on the weapon system is analyzed through experiments. As a result, we provide guidance on improving the reliability test of weapon system software, especially the dynamic test.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Korean Journal of Remote Sensing
• /
• v.39 no.6_2
• /
• pp.1651-1669
• /
• 2023

Sea ice currently covers approximately 7% of the world's ocean area, primarily concentrated in polar and high-altitude regions, subject to seasonal and annual variations. It is very important to analyze the area and type classification of sea ice through time series monitoring because sea ice is formed in various types on a large spatial scale, and oil and gas exploration and other marine activities are rapidly increasing. Currently, research on the type and area of sea ice is being conducted based on high-resolution satellite images and field measurement data, but there is a limit to sea ice monitoring by acquiring field measurement data. High-resolution optical satellite images can visually detect and identify types of sea ice in a wide range and can compensate for gaps in sea ice monitoring using Geostationary Ocean Color Imager-II (GOCI-II), an ocean satellite with short time resolution. This study tried to find out the possibility of utilizing sea ice monitoring by training a rule-based machine learning model based on learning data produced using high-resolution optical satellite images and performing detection on GOCI-II images. Learning materials were extracted from Liaodong Bay in the Bohai Sea from 2021 to 2022, and a Random Forest (RF) model using GOCI-II was constructed to compare qualitative and quantitative with sea ice areas obtained from existing normalized difference snow index (NDSI) based and high-resolution satellite images. Unlike NDSI index-based results, which underestimated the sea ice area, this study detected relatively detailed sea ice areas and confirmed that sea ice can be classified by type, enabling sea ice monitoring. If the accuracy of the detection model is improved through the construction of continuous learning materials and influencing factors on sea ice formation in the future, it is expected that it can be used in the field of sea ice monitoring in high-altitude ocean areas.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.6
• /
• pp.34-51
• /
• 2008

Today, the Internet is a part of our life. For that reason, we regard revealing characteristics of Internet traffic as an important research theme. However, Internet traffic cannot be easily manipulated because it usually occupy huge capacity. This problem is a serious obstacle to analyze Internet traffic. Many researchers use various sampling techniques to reduce capacity of Internet traffic. In this paper, we compare several famous sampling techniques, and propose efficient sampling scheme. We chose some sampling techniques such as Systematic Sampling, Simple Random Sampling and Stratified Sampling with some sampling intensities such as 1/10, 1/100 and 1/1000. Our observation focused on Traffic Volume, Entropy Analysis and Packet Size Analysis. Both the simple random sampling and the count-based systematic sampling is proper to general case. On the other hand, time-based systematic sampling exhibits relatively bad results. The stratified sampling on Transport Layer Protocols, e.g.. TCP, UDP and so on, shows superior results. Our analysis results suggest that efficient sampling techniques satisfactorily maintain variation of traffic stream according to time change. The entropy analysis endures various sampling techniques well and fits detecting anomalous traffic. We found that a traffic volume diminishment caused by bottleneck could induce wrong results on the entropy analysis. We discovered that Packet Size Distribution perfectly tolerate any packet sampling techniques and intensities.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1123-1129
• /
• 2015

Macro(automatic hunting) of mobile game is a program that touch the screen by defined rules like a game bot in PC online games, and it is used by make various ways like android application or windows application program. This gives honest users deprivation and make to lose their interest. Finally they would leave the game and gradually game life would be shorten. Although many studies to prevent these problems in PC online game are conducted, applying mobile game to PC's way is difficult because mobile games are limited to use the network and device performance is different with PC. In this paper, we propose a framework for macro detection by using the touch event information. A touch event on the mobile game is a necessary control command to the game. Because macro touches the screen with the same pattern, there is a difference between normal user's behavior and macro's operation. In mobile games that casual games are mostly, Touch event is the best difference that identify normal user against macro for a short period of time. As a result of detecting macros used in real mobile game by using the proposed framework it showed 100% accuracy and 0% false positive rate.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.1-6
• /
• 2020

In this study, we propose an association inference model based on data bias optimization for road hazard detection. This is a mining model based on association analysis to collect user's personal characteristics and surrounding environment data and provide traffic accident prevention services. This creates transaction data composed of various context variables. Based on the generated information, a meaningful correlation of variables in each transaction is derived through correlation pattern analysis. Considering the bias of classified categorical data, pruning is performed with optimized support and reliability values. Based on the extracted high-level association rules, a risk detection model for personal characteristics and driving road conditions is provided to users. This enables traffic services that overcome the data bias problem and prevent potential road accidents by considering the association between data. In the performance evaluation, the proposed method is excellently evaluated as 0.778 in accuracy and 0.743 in the Kappa coefficient.

• The Journal of the Acoustical Society of Korea
• /
• v.43 no.2
• /
• pp.214-224
• /
• 2024

Sonobuoys are disposable devices that utilize sound waves for information gathering, detecting engine noises, and capturing various acoustic characteristics. They play a crucial role in accurately detecting underwater targets, making them effective detection systems in anti-submarine warfare. Existing sonobuoy deployment methods in multistatic systems often rely on fixed patterns or heuristic-based rules, lacking efficiency in terms of the number of sonobuoys deployed and operational time due to the unpredictable mobility of the underwater targets. Thus, this paper proposes an optimal sonobuoy placement strategy for Unmanned Aerial Vehicles (UAVs) to overcome the limitations of conventional sonobuoy deployment methods. The proposed approach utilizes reinforcement learning in a simulation-based experimental environment that considers the movements of the underwater targets. The Unity ML-Agents framework is employed, and the Proximal Policy Optimization (PPO) algorithm is utilized for UAV learning in a virtual operational environment with real-time interactions. The reward function is designed to consider the number of sonobuoys deployed and the cost associated with sound sources and receivers, enabling effective learning. The proposed reinforcement learning-based deployment strategy compared to the conventional sonobuoy deployment methods in the same experimental environment demonstrates superior performance in terms of detection success rate, deployed sonobuoy count, and operational time.

• Journal of Korea Multimedia Society
• /
• v.20 no.11
• /
• pp.1759-1767
• /
• 2017

Although Open API has been invigorated by advancements in the software industry, diverse types of malicious code have also increased. Thus, many studies have been carried out to discriminate the behaviors of malicious code based on API data, and to determine whether malicious code is included in a specific executable file. Existing methods detect malicious code by analyzing signature data, which requires a long time to detect mutated malicious code and has a high false detection rate. Accordingly, in this paper, we propose a method that analyzes and detects malicious code using association rule mining and an Naive Bayes classification. The proposed method reduces the false detection rate by mining the rules of malicious and normal code APIs in the PE file and grouping patterns using the DHP(Direct Hashing and Pruning) algorithm, and classifies malicious and normal files using the Naive Bayes.