• Smart Media Journal
• /
• v.8 no.1
• /
• pp.27-34
• /
• 2019

Ransomware is a malicious program code evolved into various forms of attack. Unlike traditional Ransomware that is being spread out using email attachments or infected websites, a new type of Ransomware, such as WannaCryptor, may corrupt files just for being connected to the Internet. Due to global Ransomware damage, there are many studies conducted to detect and defense Ransomware. However, existing research on Ransomware detection only uses Ransomware signature database or monitors specific behavior of process. Additionally, existing Ransomware detection methods hardly detect and defense a new Ransomware that behaves differently from the traditional ones. In this paper, we propose a method to detect Ransomware by arranging decoy files and analyzing the method how Ransomware accesses and operates files in the file system. Also, we conduct experiments using proposed method and provide the results of detection and defense of Ransomware in this paper.

• Journal of the Korean Society of Safety
• /
• v.36 no.2
• /
• pp.87-93
• /
• 2021

Modern society shows rapid growth that is different from that of the development of existing technologies. The development of these technologies has led to the tendency of buildings to become dense, large and advancing. Regarding fire hazards, the possibility of large-scale fires causing fatal damage, due to the rapid spread of fire, increases. Therefore, for this reason, fire defense, i.e. detection and fire extinguishing facilities, in buildings are essential and well applied. But there are always limitations to that. Based on this reason, we would like to suggest the introduction of a new concept of a fire safety system. The method presented here is not only to use a single system for fire detection and fire extinguishing systems but to jointly use it in the environment and energy management fields within the building. However, an important step is required before introducing a system of these technologies. The fire extinguishing method proposed by this system is a method of extinguishing by blocking oxygen flowing into the space where the fire occurred. However, a sufficient basis is needed for this system to be applied in practice. Therefore, in this study, we intend to conduct a preliminary experiment to introduce the new concept of fire detection and extinguishing. The experiment used ethanol with a relatively simple combustion reaction and a high possibility of complete combustion. As a result, it was confirmed how the internal values changed during a fire using ethanol. Resultingly, we obtained the internal oxygen concentration and internal environmental changes according to the initial flame size. Lastly, the data accumulated in this study can be used as data for application in an automatic fire extinguishing system.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.45-52
• /
• 2021

Although many studies have been conducted to identify unknown attacks in cyber security intrusion detection systems, studies based on outliers are attracting attention. Accordingly, we identify outliers by defining categories for unknown attacks. The unknown attacks were investigated in two categories: first, there are factors that generate variant attacks, and second, studies that classify them into new types. We have conducted outlier studies that can identify similar data, such as variants, in the category of studies that generate variant attacks. The big problem of identifying anomalies in the intrusion detection system is that normal and aggressive behavior share the same space. For this, we applied a technique that can be divided into clear types for normal and attack by discrete wavelet transformation and detected anomalies. As a result, we confirmed that the outliers can be identified through One-Class SVM in the data reconstructed by discrete wavelet transform.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.11
• /
• pp.1649-1654
• /
• 2021

In this paper, we introduce a regularization of long short-term memory (LSTM) based fall detection system using TensorFlow that can detect falls that can occur in the elderly. Fall detection uses data from a 3-axis acceleration sensor attached to the body of an elderly person and learns about a total of 7 behavior patterns, each of which is a pattern that occurs in daily life, and the remaining 3 are patterns for falls. During training, a normalization process is performed to effectively reduce the loss function, and the normalization performs a maximum-minimum normalization for data and a L2 regularization for the loss function. The optimal regularization conditions of LSTM using several falling parameters obtained from the 3-axis accelerometer is explained. When normalization and regularization rate λ for sum vector magnitude (SVM) are 127 and 0.00015, respectively, the best sensitivity, specificity, and accuracy are 98.4, 94.8, and 96.9%, respectively.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.3
• /
• pp.361-370
• /
• 2017

In this paper, correlation analysis was performed between questionnaire and machine learning based aggressive tendency measurements. this study is part of a aggressive driver detection using machine learning and questionnaire. To collect two types tendency from questionnaire and measurements system, we constructed experiments environments and acquired the data from 30 drivers. In experiment, the machine learning based aggressive tendency measurements system was designed using a driver behavior detection model. And the model was constructed using accelerate and brake position data and hidden markov model method through supervised learning. We performed a correlation analysis between two types tendency using Pearson method. The result was represented to high correlation. The results will be utilize for fusing questionnaire and machine learning. Furthermore, It is verified that the machine learning based aggressive tendency is unique to each driver. The aggressive tendency of driver will be utilized as measurements for advanced driver assistance system such as attention assist, driver identification and anti-theft system.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.111-118
• /
• 2024

In general network-based intrusion detection system is designed to detect malicious behavior directed at a network or its resources. The key goal of this paper is to look at network data and identify whether it is normal traffic data or anomaly traffic data specifically for accounting information systems. In today's world, there are a variety of principles for detecting various forms of network-based intrusion. In this paper, we are using supervised machine learning techniques. Classification models are used to train and validate data. Using these algorithms we are training the system using a training dataset then we use this trained system to detect intrusion from the testing dataset. In our proposed method, we will detect whether the network data is normal or an anomaly. Using this method we can avoid unauthorized activity on the network and systems under that network. The Decision Tree and K-Nearest Neighbor are applied to the proposed model to classify abnormal to normal behaviors of network traffic data. In addition to that, Logistic Regression Classifier and Support Vector Classification algorithms are used in our model to support proposed concepts. Furthermore, a feature selection method is used to collect valuable information from the dataset to enhance the efficiency of the proposed approach. Random Forest machine learning algorithm is used, which assists the system to identify crucial aspects and focus on them rather than all the features them. The experimental findings revealed that the suggested method for network intrusion detection has a neglected false alarm rate, with the accuracy of the result expected to be between 95% and 100%. As a result of the high precision rate, this concept can be used to detect network data intrusion and prevent vulnerabilities on the network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.3
• /
• pp.347-358
• /
• 2016

The paper presents a software architecture for a wearable device to measure vital signs with the real-time user's behavior recognition. Taking vital signs with a wearable device help user measuring health state related to their behavior because a wearable device is worn in daily life. Especially, when the user is running or sleeping, oxygen saturation and heart rate are used to diagnose a respiratory problems. However, in measuring vital signs, continuosly measuring like the conventional method is not reasonable because motion artifact could decrease the accuracy of vital signs. And in order to fix the distortion, a complex algorithm is not appropriate because of the limited resources of the wearable device. In this paper, we proposed the software architecture for wearable device using a simple filter and the acceleration sensor to recognize the user's behavior and measure accurate vital signs with the behavior state.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12C
• /
• pp.744-752
• /
• 2011

In intelligent surveillance system, various methods for detecting abnormal behavior were proposed recently. However, most researches are not robust enough to be utilized for actual reality which often has occlusions because of assumption the researches have that individual objects can be tracked. This paper presents a novel method to detect abnormal behavior by analysing major motion of the scene for complex environment in which object tracking cannot work. First, we generate Visual Word and Visual Document from motion information extracted from input video and process them through LDA(Latent Dirichlet Allocation) algorithm which is one of document analysis technique to obtain major motion information(location, magnitude, direction, distribution) of the scene. Using acquired information, we compare similarity between motion appeared in input video and analysed major motion in order to detect motions which does not match to major motions as abnormal behavior.

• Journal of Family Resource Management and Policy Review
• /
• v.17 no.2
• /
• pp.173-194
• /
• 2013

The purpose of this study was to examine the association between time-income availability and health-promoting behavior (physical practice, smoking, alcohol consumption) of older males (55-69). This study attempted to shed light on health-behavior changes during the transition period of male retirement. The availability of time resources was examined by addressing the amount of weekly paid labor hours. The availability of financial resources was calculated by using the debt-income ratio. The study sample comprised 1,372 (age range 55-69) male respondents of the 2006 Korean Longitudinal Study of Aging (2006 KLOSA wave 1). The results of CHAID (CHi-squared Automatic Interaction Detection) analysis uncovered four distinctive combinations of resource types: time-money poor, time rich, money rich, time-money rich. According to logit results, these four groups had different socio-demographic profiles and different health-behavior risks. The time-money poor males were unlikely to perform physical activities needed to improve their health or to quit smoking or alcohol consumption. This group was also more likely to consume alcohol compared to the time-money resource types. In contrast, the time-money rich group was more likely to exercise longer and more frequently than the reference group (time and money poor). The time-rich types, those who have time-only resources and less money, were likely to be smokers and have problems with alcohol consumption.

• Journal of Convergence for Information Technology
• /
• v.11 no.4
• /
• pp.55-63
• /
• 2021

Recently, the incidence rate of malicious codes is over tens of thousands of cases, and it is known that it is almost impossible to detect/respond all of them. This study proposes a method for detecting multiple behavior patterns based on a graph database as a new method for dealing with malicious codes. Traditional dynamic analysis techniques and has applied a method to design and analyze graphs of representative associations malware pattern(process, PE, registry, etc.), another new graph model. As a result of the pattern verification, it was confirmed that the behavior of the basic malicious pattern was detected and the variant attack behavior(at least 5 steps), which was difficult to analyze in the past. In addition, as a result of the performance analysis, it was confirmed that the performance was improved by about 9.84 times or more compared to the relational database for complex patterns of 5 or more steps.