• Journal of Korean Institute of Fire Science & Engineering
• /
• v.2 no.3
• /
• pp.9-13
• /
• 2001

• The Safety technology
• /
• no.178
• /
• pp.54-57
• /
• 2012

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.77-85
• /
• 2014

Recently, several environment damage caused by malicious or suspicious code is increasing. We study comprehensive response system actively for malware detection. Suspicious code is installed on your PC without your consent, users are unaware of the damage. Also, there are need to technology for realtime processing of Big Data. We must develope advanced technology for malware detection. We must analyze the static, dynamic of executable file for fundamentally malware detection in recently and verified by a reputation for verification. It is need to judgment of similarity for realtime response with big data. In this paper, we proposed realtime detection and verification technology using multiple filter. Our malware study suggests a new direction of realtime malware detection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1415-1425
• /
• 2018

MMORPG genre is based on the belief that all users in virtual world are equal. All users are able to obtain the corresponding wealth or status as they strive under the same resource, time. However, game bot is the main factor for harming this fair competition, causing benign gamers to feel a relative deprivation and deviate from the game. Game bots mainly form GFG(Gold Farming Group), which collects the goods in the game indiscriminately and adversely affects the economic system of the game. A general game bot detection algorithm is useful for detecting each bot, but it only covers few portions of GFG, not the whole, so it needs a wider range of detecting method. In this paper, we propose a method of detecting GFG based on items used in MMORPG genre. Several items that are mainly traded in the game were selected and the flows of those items were represented by a network. We Identified the characteristics of exchanging items of GFG bots and can identify the GFG's item trade network with real datasets from one of the popular online games.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.35-45
• /
• 2004

In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.17-24
• /
• 2022

Recently, machine learning-based cyber attack detection and classification research has been actively conducted, achieving a high level of detection accuracy. However, low-spec IoT devices and large-scale network traffic make it difficult to apply machine learning-based detection models in IoT environment. Therefore, In this paper, we propose an efficient IoT attack detection and classification method through PCA(Principal Component Analysis) and LightGBM(Light Gradient Boosting Model) using datasets collected in a MQTT(Message Queuing Telementry Transport) IoT protocol environment that is also used in the defense field. As a result of the experiment, even though the original dataset was reduced to about 15%, the performance was almost similar to that of the original. It also showed the best performance in comparative evaluation with the four dimensional reduction techniques selected in this paper.

• Journal of the Korea Convergence Society
• /
• v.8 no.8
• /
• pp.51-57
• /
• 2017

A wireless sensor network is composed of many resource constrained sensor nodes. These networks are attacked by malicious attacks like DDoS and routing attacks. In this paper, we propose the intrusion detection and prevention system using convergence of software-defined networking and security technology in wireless sensor networks. Our proposed scheme detects various intrusions in a central server by accumulating log messages of OpenFlow switch through SDN controller and prevents the intrusions by configuring OpenFlow switch. In order to validate our proposed scheme, we show it can detect and prevent some malicious attacks in wireless sensor networks.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.59-70
• /
• 2013

Along with the rapid development of the wireless network (Wireless Network) technology for secure wireless communications, security problems have emerged as an important issue. In order to operate the wireless network intrusion detection system detects the agent installed on each wireless node should be. Ad-hoc network structures scattered in the AP over a wireless network without the node is a structure that makes it possible to communicate to connect. Intrusion detection agent to be installed on the node, and the corresponding energy consumption occurs when the survival time is reduced. On a node that can monitor a lot of traffic in order to increase the effect of intrusion detection, an intrusion detection agent should be placed. Therefore, in this paper, by taking advantage of the structure of Ad-hoc wireless network, considering the maximum living time of the network, while at the same time, the effectiveness of intrusion detection and intrusion detection by proposing a plan for installing the agent. Also improve the system performance by reducing the network load on each network, a system designed for data aggregation to reduce data redundancy, network energy consumption by reducing.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.145-154
• /
• 2022

Recently, the widespread proliferation and high sophistication of botnets are having serious consequences not only for enterprises and users, but also for cyber warfare between countries. Therefore, research to detect botnets is steadily progressing. However, the DGA-based botnet has a high detection rate with the existing signature and statistics-based technology, but also has a high limit in the false positive rate. Therefore, in this paper, we propose a detection model using text-based n-gram to detect DGA-based botnets. Through the proposed model, the detection rate, which is the limit of the existing detection technology, can be increased and the false positive rate can also be minimized. Through experiments on large-scale domain datasets and normal domains used in various DGA botnets, it was confirmed that the performance was superior to that of the existing model. It was confirmed that the false positive rate of the proposed model is less than 2 to 4%, and the overall detection accuracy and F1 score are both 97.5%. As such, it is expected that the detection and response capabilities of DGA-based botnets will be improved through the model proposed in this paper.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.181-188
• /
• 2019

Recently, attempts to apply artificial intelligence technology to create the normal profile in Anomaly-based intrusion detection systems have been made actively. But existing studies that proposed the application of artificial intelligence technology mostly focus on improving the structure of artificial neural networks and finding optimal hyper-parameter values, and fail to address various problems that may arise from the misconfiguration of learning data. In this paper, we identify the main problems that may arise due to the misconfiguration of learning data through experiment. And we also propose a novel approach that can address such problems and improve the detection performance through reconstruction of learning data.