• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.63-73
• /
• 2002

Recently, intrusions into a computer have been increased rapidly and also various intrusion methods have been developed. As a result. many researches have been performed to detect the activities of intruders effectively In this paper, a new association mining algorithm for anomaly network intrusion detection is proposed. For this purpose, the proposed algorithm is composed of two different phases: intra-packet association and inter-packet association. The performance of the proposed anomaly detection system is evaluated based on several experiment according to various system parameters in order to identify their practical ranges for maximizing its detection rate. As a result, an anomaly can be detected effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.127-137
• /
• 2019

The growth in smartphone service has given rise to an increase in frequency and importance of authentication. Existing smartphone authentication mechanisms such as passwords, pattern lock and fingerprint recognition require a high level of awareness and authenticate users temporarily with a point-of-entry techniques. To overcome these disadvantages, there have been active researches in behavior-based authentication. However, previous studies focused on enhancing the accuracy of the authentication. Since authentication is directly used by people, it is necessary to reflect actual users' perception. This paper proposes user perception on behavior-based authentication with feature analysis. We conduct user survey to empirically understand user perception regarding behavioral authentication with selected authentication features. Then, we analyze acceptance of the behavioral authentication to provide continuous authentication with minimal awareness while using the device.

• Journal of Korea Game Society
• /
• v.11 no.1
• /
• pp.121-129
• /
• 2011

In an online-game, the various game service victimized cases are generated by the bots program or auto program. Particularly, the abnormal collection of the game money and item loses the inherent fun of a game. It reaches ultimately the definite bad effect to the game life cycle. This paper collects and analyzes the pattern of game behavior change for the bots detection method. By using the game activity changing information of the human and game activity changing information of the bots, the degree of resemblance was measured. It utilized in the bots detection method. In an experiment, by using the served online-game, the model of a user and bots were generated and similarity was distinguished. And the reasonable result was confirmed.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.2
• /
• pp.7-13
• /
• 2017

Many systems rely on reliable timestamps to determine the time of a particular action or event. This is especially true in digital investigations where investigators are attempting to determine when a suspect actually committed an action. The challenge, however, is that objects are not updated at the exact moment that an event occurs, but within some time-span after the actual event. In this work we define a simple model of digital systems with objects that have associated timestamps. The model is used to predict object update patterns for objects with associated timestamps, and make predictions about these update time-spans. Through empirical studies of digital systems, we show that timestamp update patterns are not instantaneous. We then provide a method for calculating the distribution of timestamp updates on a particular system to determine more accurate action instance times.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.4
• /
• pp.443-454
• /
• 2001

Software design patterns are reusable solutions to recurring problems that occur during software development. As programmers gain experience, they recognize the similarity of new problems to problems they have solved before. With even more experience, they recognize that solutions for similar problems follow recurring patterns. In this paper, as one of these reusable design-patterns, the Intermediator pattern for the efficient communication between business component is designed and implemented. Existent business components were way that follow Facade pattern. But Facade pattern is almost like the existing Interface pattern in that the communication of all the object outside the set is done by only one representative object, and this causes the traffic system to be overloaded. Therefore, the Intermediator pattern supplements the traffic overloads by improving the inefficient system of business components' communication through multi-interface, and make all communication behavior between objects done by Intermediator object which controls all actual behavior by way of Intermediator method implementation. Consequently, the Intermediator pattern is designed and implemented in this paper can bring down the level of coupling and raise the cohesion among objects, and refer to many of other object flexibly through several interfaces.

• Journal of Industrial Convergence
• /
• v.21 no.12
• /
• pp.55-62
• /
• 2023

Recent ransomware attacks employ various techniques and pathways, posing significant challenges in early detection and defense. Consequently, the scale of damage is continually growing. This paper introduces a machine learning-based approach for effective ransomware detection by focusing on file encryption and encryption patterns, which are pivotal functionalities utilized by ransomware. Ransomware is identified by analyzing password behavior and encryption patterns, making it possible to detect specific ransomware variants and new types of ransomware, thereby mitigating ransomware attacks effectively. The proposed machine learning-based encryption behavior detection technique extracts encryption and encryption pattern characteristics and trains them using a machine learning classifier. The final outcome is an ensemble of results from two classifiers. The classifier plays a key role in determining the presence or absence of ransomware, leading to enhanced accuracy. The proposed technique is implemented using the numpy, pandas, and Python's Scikit-Learn library. Evaluation indicators reveal an average accuracy of 94%, precision of 95%, recall rate of 93%, and an F1 score of 95%. These performance results validate the feasibility of ransomware detection through encryption behavior analysis, and further research is encouraged to enhance the technique for proactive ransomware detection.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.2
• /
• pp.261-266
• /
• 2014

The current status of domestic monitoring centers was reviewed and the pattern-based security monitoring system and the centralized security monitoring system, both of which are the characteristics of security monitoring systems, were analyzed together with their advantages and disadvantages. In addition, as for a development plan of domestic security monitoring systems, in order to improve the problems of the existing pattern-based centralized monitoring system, Honeynet and Darknet, which are based on anomalous behavior detection, were analyzed and their application plans were described.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04b
• /
• pp.172-174
• /
• 2001

침입 탐지란 컴퓨터와 네트워크 지원에 대한 유해한 침입 행동을 식별하고 대응하는 과정이다. 점차적으로 시스템에 대한 침입 유형들이 복잡해지고 전문적으로 이루어지면서 빠르고 정확한 대응을 할 수 있는 시스템이 요구되고 있다. 이에 따라, 대용량의 데이터를 지능적으로 분석하여 의미있는 정보를 추출하는 데이터 마이닝 기법을 적용함으로써 지능적이고 자동화된 탐지를 수행할 수 있도록 한다. 본 논문에서는 학습 데이터를 각각 사례로 데이터베이스에 저장한 후, 실험 데이터가 입려되면 가장 가까운 거리에 있는 학습 데이터의 크래스로 분류하는 사례 기반 학습을 이용하여 빠르게 사용자의 이상 행위에 대해 판정한다. 그러나 많은 사례로 인해 기억 공간이 늘어날 경우 시스템의 성능이 저하되는 문제점을 고려하여, 빈발 에피소드 알고리즘을 수행하여 발견한 순차 패턴을 사례화하여 정상 행위 프로파이로 사용하는 순차패턴에 대한 사례 기반 학습을 제안한다. 이로써, 시스템 성능의 저하율을 낮추고 빠르며 정확하게 지능적인 침입 탐지를 수행할 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.949-952
• /
• 2002

비정상 행위를 탐지하는 네트워크 기반 침입탐지 시스템은 다른 네트워크 환경에서도 같은 학습정확도와 탐지 성능을 보여야 한다. 그러나 학습을 통한 패턴생성 알고리즘의 특성에 따라 정확도의 불일치가 나타날 수 있으며, 이에 따른 탐지 성능 또한 네트워크 환경에 따라 다르게 보고될 수 있는 가능성을 가진다. 본 논문은 침입탐지를 위한 학습 알고리즘으로 Instance 기반의 알고리즘인 IBL(Instance Based Learning)을 선택하여 학습시간의 단축과 패턴생성에 따른 분류근거의 명확성을 고려하였으며, 학습 환경 즉, 네트워크 환경의 차이에서 나타날 수 있는 정확도의 저하를 고려하여 COBWEB 과 C4.5 로 구성된 평가 요소를 침입탐지 모델에 추가함으로써 네트워크 보안관리자에게 좀더 유연한 비정상 행위 수준 탐지결과를 보고할 수 있게 하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.754-756
• /
• 2001

컴퓨터 사용증가와 함께 컴퓨터 바이러스 또한 증가하고 있다. 바이러스 검사 프로그램은 바이러스의 특정 문자열(signature)을 찾아 문자열 검색도구와 프로세스의 행동을 모니터링 하는 감시도구(general purpose monitor)의 두 가지 형태가 있으며, 각각은 미 발견 바이러스에 대한 취약성과 시스템 오버헤드를 단점으로 가지고 있다. 또한, 최근에 제안된 면역 시스템은 계산 복잡도나 시스템 구성면에서 지나친 부담을 가지고 있다. 본 논문에서는 바이러스들의 행위를 추출 할 수 있도록 하기 위하여, 언어 압축 알고리즘을 이용하여 바이러스 행동 패턴을 추출하는 방법을 고안하였고, 몇 가지 바이러스를 이용하여 실험해 보았다. 그 결과 실제 학습에 이용한 바이러스가 아니더라도 유사한 동작을 하는 바이러스에 대해서는 면역성을 가질 수 있었다.