• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.45-54
• /
• 2006

Nowadays, a lot of techniques have been applied for the detection of malicious behavior. However, the current techniques taken into practice are facing with the challenge of much variations of the original malicious behavior, and it is impossible to respond the new forms of behavior appropriately and timely. There are also some limitations can not be solved, such as the error affirmation (positive false) and mistaken obliquity (negative false). With the questions above, we suggest a new method here to improve the current situation. To detect the malicious code, we put forward dealing with the basic source code units through the conceptual graph. Basically, we use conceptual graph to define malicious behavior, and then we are able to compare the similarity relations of the malicious behavior by testing the formalized values which generated by the predefined graphs in the code. In this paper, we show how to make a conceptual graph and propose an efficient method for similarity measure to discern the malicious behavior. As a result of our experiment, we can get more efficient detection rate.

• Journal of KIISE
• /
• v.45 no.3
• /
• pp.294-302
• /
• 2018

With the emergence of the new service industry due to the development of information and communication technology, cyber space risks such as personal information infringement and industrial confidentiality leakage have diversified, and the security problem has emerged as a critical issue. In this paper, we propose a behavior-based anomaly detection method that is suitable for real-time and large-volume data analysis technology. We show that the proposed detection method is superior to existing signature security countermeasures that are based on large-capacity user log data according to in-company personal information abuse and internal information leakage. As the proposed behavior-based anomaly detection method requires a technique for processing large amounts of data, a real-time search engine is used, called Elasticsearch, which is based on an inverted index. In addition, statistical based frequency analysis and preprocessing were performed for data analysis, and the DBSCAN algorithm, which is a density based clustering method, was applied to classify abnormal data with an example for easy analysis through visualization. Unlike the existing anomaly detection system, the proposed behavior-based anomaly detection technique is promising as it enables anomaly detection analysis without the need to set the threshold value separately, and was proposed from a statistical perspective.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.1
• /
• pp.85-94
• /
• 2014

This paper studied the detection technique using file DNA-based behavior pattern analysis in order to minimize damage to user system by malicious programs before signature or security patch is released. The file DNA-based detection technique was applied to defend against zero day attack and to minimize false detection, by remedying weaknesses of the conventional network-based packet detection technique and process-based detection technique. For the file DNA-based detection technique, abnormal behaviors of malware were splitted into network-related behaviors and process-related behaviors. This technique was employed to check and block crucial behaviors of process and network behaviors operating in user system, according to the fixed conditions, to analyze the similarity of behavior patterns of malware, based on the file DNA which process behaviors and network behaviors are mixed, and to deal with it rapidly through hazard warning and cut-off.

• Asian Pacific Journal of Cancer Prevention
• /
• v.14 no.9
• /
• pp.4977-4982
• /
• 2013

Background: The aim of the present study was to investigate perceived inhibiting and facilitating factors concerning cervical cancer early diagnosis behavior in Turkish women over the age of 40. Materials and Methods: The study was carried out by qualitative focus group interview with 35 participating women, in the period between April-June 2010. A semi-structured interview questionnaire based on the Health Belief Model and the Health Promotion Model was used. Content analysis was applied to the study data. Results: Barriers such as lack of knowledge of women as regards to the cervical cancer and early detection, lack of sensitivity-negligence, forgetting, fear, inadequacy of health insurance and transportation, financial problems, inability to get an appointment, lack of female doctors, embarassment, fatalist approach were frequently addressed. As for facilitating factors, these included provision of information, health professionals showing interest and tolerance, free services, provision of transportation means and reminding telephone calls. Conclusions: Focus group interviews were found to be effective in determining inhibiting and facilitating factors concerning cervical cancer early diagnosis behavior. In line with the results of the study, preparation of structured national and regional education programs and their addition to curriculum programs may be effective in realizing and maintaining positive early detection behavior.

• International Commerce and Information Review
• /
• v.9 no.3
• /
• pp.305-320
• /
• 2007

With expanded use of B2B(between enterprises), B2G(between enterprises and government) and EDI(Electronic Data Interchange), and increased amount of available network information and information protection threat, as it was judged that security can not be perfectly assured only with security technology such as electronic signature/authorization and access control, Bayesian networks have been developed for protection of information. Therefore, this study speculates Bayesian networks system, centering on ERP(Enterprise Resource Planning). The Bayesian networks system is one of the methods to resolve uncertainty in electronic data interchange and is applied to overcome uncertainty of abnormal invasion detection in ERP. Bayesian networks are applied to construct profiling for system call and network data, and simulate against abnormal invasion detection. The host-based abnormal invasion detection system in electronic trade analyses system call, applies Bayesian probability values, and constructs normal behavior profile to detect abnormal behaviors. This study assumes before and after of delivery behavior of the electronic document through Bayesian probability value and expresses before and after of the delivery behavior or events based on Bayesian networks. Therefore, profiling process using Bayesian networks can be applied for abnormal invasion detection based on host and network. In respect to transmission and reception of electronic documents, we need further studies on standards that classify abnormal invasion of various patterns in ERP and evaluate them by Bayesian probability values, and on classification of B2B invasion pattern genealogy to effectively detect deformed abnormal invasion patterns.

• Smart Media Journal
• /
• v.5 no.3
• /
• pp.93-98
• /
• 2016

The literal meaning of loitering is "to lingering aimlessly or as if aimless in or about a place". And most criminals show this kind of act before they actually commit crime. Therefore, detecting this kind of loitering can effectively prevent a variety of crime. In this paper, we propose a loitering-detection algorithm using the Raspberry Pi. Proposed algorithm uses an adaptive difference image to detect moving objects and morphology opening operation to enhance the accuracy of detection. The loitering- behavior is being detected by using the center of gravity of the object to see the changes of angle; and pixel movement distance to determine the height of the object. When the loitering-behavior is detected, it outputs the alarm to tell the users by using the Raspberry Pi.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.9-18
• /
• 2015

In recent years, the number of applications embedded in the various devices such as a smart phone is getting larger. Due to the frequent changes of states in the execution environment, various malfunctions may occur. In order to handle the issue, this paper suggests an approach to detecting method-level failures in the legacy software systems. We can determine if the software executes the abnormal behavior based on the behavior model. However, when we apply the context-sensitive behavior model to the method-level, several problems happen such as false alarms and monitoring overhead. To tackle those issues, we propose CIBFD (Context-Insensitive Behavior Model-based Failure Detection) method. Through the case studies, we compare CIBFD method with the existing method. In addition, we analyze the effectiveness of the method for each application domains.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.11-17
• /
• 2017

Organizations are experiencing an ever-growing concern of how to prevent confidential information leakage from internal employees. Those who have authorized access to organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. In this paper, we investigate the task of detecting such insider through a method of modeling a user's normal behavior in order to detect anomalies in that behavior which may be indicative of an data leakage. We make use of Hidden Markov Models to learn what constitutes normal behavior, and then use them to detect significant deviations from that behavior. Experiments have been made to determine the optimal HMM parameters and our result shows detection capability of 20% false positive and 80% detection rate.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.667-677
• /
• 2012

Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.