• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.704-719
• /
• 2024

Botnet pandemics are becoming more prevalent with the growing use of mobile phone technologies. Mobile phone technologies provide a wide range of applications, including entertainment, commerce, education, and finance. In addition, botnet refers to the collection of compromised devices managed by a botmaster and engaging with each other via a command server to initiate an attack including phishing email, ad-click fraud, blockchain, and much more. As the number of botnet attacks rises, detecting harmful activities is becoming more challenging in handheld devices. Therefore, it is crucial to evaluate mobile botnet assaults to find the security vulnerabilities that occur through coordinated command servers causing major financial and ethical harm. For this purpose, we propose a hybrid analysis approach that integrates permissions and API and experiments on the machine-learning classifiers to detect mobile botnet applications. In this paper, the experiment employed benign, botnet, and malware applications for validation of the performance and accuracy of classifiers. The results conclude that a classifier model based on a simple decision tree obtained 99% accuracy with a low 0.003 false-positive rate than other machine learning classifiers for botnet applications detection. As an outcome of this paper, a hybrid approach enhances the accuracy of mobile botnet detection as compared to static and dynamic features when both are taken separately.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.5
• /
• pp.345-349
• /
• 2009

Social bookmarking systems are a typical web 2.0 service based on folksonomy, providing the platform for storing and sharing bookmarking information. Spammers in social bookmarking systems denote the users who abuse the system for their own interests in an improper way. They can make the entire resources in social bookmarking systems useless by posting lots of wrong information. Hence, it is important to detect spammers as early as possible and protect social bookmarking systems from their attack. In this paper, we applied a diverse set of machine learning approaches, i.e., decision tables, decision trees (ID3), $na{\ddot{i}}ve$ Bayes classifiers, TAN (tree-augment $na{\ddot{i}}ve$ Bayes) classifiers, and artificial neural networks to this task. In our experiments, $na{\ddot{i}}ve$ Bayes classifiers performed significantly better than other methods with respect to the AUC (area under the ROC curve) score as veil as the model building time. Plausible explanations for this result are as follows. First, $na{\ddot{i}}ve$> Bayes classifiers art known to usually perform better than decision trees in terms of the AUC score. Second, the spammer detection problem in our experiments is likely to be linearly separable.

• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.303-316
• /
• 2011

Data aggregation is important in wireless sensor networks. However, it also introduces many security problems, one of which is that a compromised node may inject false data or drop a message during data aggregation. Most existing solutions rely on encryption, which however requires high computation and communication cost. But they can only detect the occurrence of an attack without finding the attacking node. This makes sensor nodes waste their energy in sending false data if attacks occur repeatedly. Even an existing work can identify the location of a false data injection attack but it has a limitation that at most 50% of total sensor nodes can participate in data transmission. Therefore, a novel approach is required such that it can identify an attacker and also increase the number of nodes which participate in data transmission. In this paper, we propose a monitoring-based secure data aggregation protocol to prevent against a compromised aggregator which injects false data or drops a message. The proposed protocol consists of aggregation tree construction and secure data aggregation. In secure data aggregation, we use integration of abnormal data detection with monitoring and a minimal cryptographic technique. The simulation results show the proposed protocol increases the number of participating nodes in data transmission to 95% of the total nodes. The proposed protocol also can identify the location of a compromised node which injects false data or drops a message. A communication overhead for tracing back a location of a compromised node is O(n) where n is the total number of nodes and the cost is the same or better than other existing solutions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.706-715
• /
• 2004

In this paper, to decide the watermark embedding positions and embed the watermark we use the subband tee structure which is presented in the wavelet domain and the edge information in the spatial domain. The significant frequency region is estimated by the subband searching from the higher frequency subband to the lower frequency subband. LH1 subband which has the higher frequency in tree structure of the wavelet domain is divided into 4${\times}$4 submatrices, and the threshold which is used in the watermark embedding is obtained by the blockmatrix which is consists by the average of 4${\times}$4 submatrices. Also the watermark embedding position, Keymap is generated by the blockmatrix for the energy distribution in the frequency domain and the edge information in the spatial domain. The watermark is embedded into the wavelet coefficients using the Keymap and the random sequence generated by LFSR(Linear feedback shift register). Finally after the inverse wavelet transform the watermark embedded image is obtained. the proposed watermarking algorithm showed PSNR over 2㏈ and had the higher results from 2％ to 8％ in the comparison with the previous research for the attack such as the JPEG compression and the general image processing just like blurring, sharpening and gaussian noise.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• Journal of Fashion Business
• /
• v.11 no.4
• /
• pp.204-220
• /
• 2007

The background of Korean Ethnical Costume was originated from those northern mounted nomadic groups, which was Scythe style Costume Culture. Through the antique records and paintings of tombs bequests hereby describe the forms of Scythian Cotume (1) Headgear : There was Conical Cap(or Pointed Cap), Feathered Cap, and Crown. (2) Clothes : Both Men and Women wore Jacket as upper garment with leftsided collars, narrow sleeves to the length of the hip line. As lower garment, they wore the tight Trousers and Kungo(:窮袴)that was attached with gusset. (3) Belts and Boots : On the upper garment bound the leather Belts that was hanged a hook that was shaped of animal form at the end. Scythian Buckles was divided into six groups, animal-shaped, animal's head shaped, animal fight-shaped, rectangle-shaped, rectangle openwork-shaped, genre scene shaped Buckle. To the Boots, they wore leather boots. (4) Ornaments : Ornaments divided into Dress Trimming(:Gold plaques), Earrings, Necklaces(;Torques), Bracelets, Rings. Scythian Gold Plaques were divided into several types according to the shape, animal style(curved beast shape, profile shape, head reversed over its back shape), round shape, quadrilateral form, star shape, flower shape, crescent shape, bundle shape, human appearance. Earrings consisted of a plain ring and pendant ring was a middle ornament hung from it to a pendants which hung was made of heart shaped leaves of the tree, beads-linked. Scythian Torques were divided into several types according to the shape, Torque with Terminal style, Spiral style, Layers style, Crescent-shaped pectoral style, Crown style. Scythian Bracelet were divided into 4 styles according to the shape, Bracelets with ends shaped like beasts style, Spiral style, Layers style, Crown with openwork style. Rings were rhomb-shaped and animal shaped styleRings (5) Animal motifs used in Scythian ornaments appears that in some cases the work was intended to be purely ornamental, while many times the motifs had symbolic meaning (such as the successful dominance of the aggressor over the victim portrayed in the attack scenes). Magical use of symbols may have been inten-ded to guarantee the power of the aggressor.

• The Plant Pathology Journal
• /
• v.24 no.4
• /
• pp.478-481
• /
• 2008

The cDNA clone of Brassica rapa WRKY7 (BrWRKY7) was obtained from EST collection in Brassica genomics team and its DNA sequence was determined. The cDNA clone is 1,037 bp long in nucleotides and encodes an open reading frame of 307 amino acids. Based on a phylogenetic tree, BrWRKY7 belongs to group IId. BrWRKY7 was induced by wound and SA. It was also induced by pathogen attack such as Xanthomonas campestris pv. campestris (Xcc), suggesting that this BrWRKY may play an essential role in defense response of chinese cabbages.

• Journal of the Korean Data and Information Science Society
• /
• v.26 no.1
• /
• pp.187-196
• /
• 2015

The team's performances were analyzed by evaluating the scores gained by their offense and the scores allowed by their defense. To evaluate the team's attacking and defending abilities, we also considered the factors that contributed the team's gained points or the opposing team's gained points? In order to analyze the outcome of the games, three prediction models were used such as decision trees, logistic regression, and discriminant analysis. As a result, the factors associated with the defense showed a decisive influence in determining the game results. We analyzed the offense and defense by using the response variable. This showed that the major factors predicting the offense were non-stop pass and attack speed and the major factor predicting the defense were the distance between right and left players and the distance between front line attackers and rearmost defenders during the game.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.1007-1014
• /
• 2005

A generation of rules or patterns for detecting attacks from network is very difficult. Detection rules and patterns are usually generated by Expert's experiences that consume many man-power, management expense, time and so on. This paper proposes statistical methods that effectively detect intrusion and attacks without expert's experiences. The methods are to select useful measures in measures of network connection(session) and to detect attacks. We extracted the network session data of normal and each attack, and selected useful measures for detecting attacks using relative entropy. And we made probability patterns, and detected attacks using likelihood ratio testing. The detecting method controled detection rate and false positive rate using threshold. We evaluated the performance of the proposed method using KDD CUP 99 Data set. This paper shows the results that are to compare the proposed method and detection rules of decision tree algorithm. So we can know that the proposed methods are useful for detecting Intrusion and attacks.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.205-213
• /
• 2019

Network robustness is one of the most important characteristics needed as the network. Over the military tactical communication network, robustness is a key function for maintaining attack phase constantly. Tactical Information Communication Network, called TICN, has mixed characteristics of lattice- and tree-type network topology, which looks somewhat weak in the viewpoint of network robustness. In this paper, we search articulation points and bridges in a current Tactical Information Communication Network using graph theory. To improve the weak points empirically searched, we try to add links to create the concrete network and then observe the change of network-based verification values through diminishing nodes. With these themes, we evaluate the generated networks through SNA techniques. Experimental results show that the generated networks' robustness is improved compared with current network structure.