• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.17-24
• /
• 2022

Mobile malicious apps are increasing rapidly, and Android, which accounts for most of the global mobile OS market, is becoming a major target of mobile cyber security threats. Therefore, in order to cope with rapidly evolving malicious apps, there is a need for detection techniques of malicious apps using machine learning, one of artificial intelligence implementation technologies. In this paper, we propose a selected feature method using feature selection and feature extraction that can improve the detection performance of malicious apps. In the feature selection process, the detection performance improved according to the number of features, and the API showed relatively better detection performance than the permission. Also combining the two characteristics showed high precision of over 93% on average, confirming that the appropriate combination of characteristics could improve the detection performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1310-1338
• /
• 2023

As Internet of Things (IoT) applications and devices rapidly grow, cyber-attacks on IoT networks/systems also have an increasing trend, thus increasing the threat to security and privacy. Botnet is one of the threats that dominate the attacks as it can easily compromise devices attached to an IoT networks/systems. The compromised devices will behave like the normal ones, thus it is difficult to recognize them. Several intelligent approaches have been introduced to improve the detection accuracy of this type of cyber-attack, including deep learning and machine learning techniques. Moreover, dimensionality reduction methods are implemented during the preprocessing stage. This research work proposes deep Autoencoder dimensionality reduction method combined with Artificial Neural Network (ANN) classifier as botnet detection system for IoT networks/systems. Experiments were carried out using 3- layer, 4-layer and 5-layer pre-processing data from the MedBIoT dataset. Experimental results show that using a 5-layer Autoencoder has better results, with details of accuracy value of 99.72%, Precision of 99.82%, Sensitivity of 99.82%, Specificity of 99.31%, and F1-score value of 99.82%. On the other hand, the 5-layer Autoencoder model succeeded in reducing the dataset size from 152 MB to 12.6 MB (equivalent to a reduction of 91.2%). Besides that, experiments on the N_BaIoT dataset also have a very high level of accuracy, up to 99.99%.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.99-109
• /
• 2023

The darknet is frequently referred to as the hub of illicit online activity. In order to keep track of real-time applications and activities taking place on Darknet, traffic on that network must be analysed. It is without a doubt important to recognise network traffic tied to an unused Internet address in order to spot and investigate malicious online activity. Any observed network traffic is the result of mis-configuration from faked source addresses and another methods that monitor the unused space address because there are no genuine devices or hosts in an unused address block. Digital systems can now detect and identify darknet activity on their own thanks to recent advances in artificial intelligence. In this paper, offer a generalised method for deep learning-based detection and classification of darknet traffic. Furthermore, analyse a cutting-edge complicated dataset that contains a lot of information about darknet traffic. Next, examine various feature selection strategies to choose a best attribute for detecting and classifying darknet traffic. For the purpose of identifying threats using network properties acquired from darknet traffic, devised a hybrid deep learning (DL) approach that combines Recurrent Neural Network (RNN) and Bidirectional LSTM (BiLSTM). This probing technique can tell malicious traffic from legitimate traffic. The results show that the suggested strategy works better than the existing ways by producing the highest level of accuracy for categorising darknet traffic using the Black widow optimization algorithm as a feature selection approach and RNN-BiLSTM as a recognition model.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.11-20
• /
• 2017

Recently, developments in the various fields of cloud computing technology has been utilized. Whereas the demand for cloud computing services is increasing, security threats are also increasing in the cloud computing environments. Especially, in case when the hosts interconnected in the cloud environments are infected and propagated through the attacks by malware. It can have an effect on the resource of other hosts and other security threats such as personal information can be spreaded and data deletion. Therefore, the study of malware analysis to respond these security threats has been proceeded actively. This paper proposes a type of attack clustering method of Zeus botnet using the k-means clustering algorithm for malware analysis that occurs in the cloud environments. By clustering the malicious activity by a type of the Zeus botnet occurred in the cloud environments. it is possible to determine whether it is a malware or not. In the future, it sets a goal of responding to an attack of the new type of Zeus botnet that may occur in the cloud environments.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.167-177
• /
• 2018

Major countries, such as the U.S., UK and Germany have reformed their national intelligence systems in the face of transnational, asymmetric and comprehensive threats since September 11, 2001 and have strengthened the intelligence capacity involved in countering terrorism and WMD proliferation, right/left extremism threats. The Korean Moon Jae-in government is preparing a reform plan to eliminate illegal political intervention and abuse of power by the National Intelligence Service(NIS) and to rebuild it as an efficient national intelligence agency for national security. In discussing the reform direction of the NIS, it is necessary to discuss in detail whether adopting a separate model of intelligence agencies to restrict domestic intelligence activities of the NIS and concentrate on foreign intelligence activities or establish new domestic intelligence agencies. Second, as for the issue of transferring anti-Communism investigation authority of the NIS to the police, it needs to be carefully considered in terms of balancing the efficiency and professionalism of intelligence agency activity in the context of North Korea's continuous military provocation, covert operations and cyber threats. Third, it should strive to strengthen the control and supervision functions of the administration and the National Assembly to ensure the political neutrality of the NIS in accordance with the democratization era, to guarantee citizens' basic rights and to improve the transparency of budget execution.

• Journal of Digital Contents Society
• /
• v.17 no.6
• /
• pp.499-507
• /
• 2016

The era of IoT, which figures exchanging data from the internet between things is coming. Recently, former electric power energy policy paradigm, namely Supply side paradigm, is changing, because electric power energy consumption is rapidly increasing. As new paradigm for this limit, convergence of existing electric power grid and ICT(Information and Communication Technology) will accelerate intellectualization of electric power device, its operation system. This change brought opened electric power grid. Consequently, attacks to the national electric power grid are increasing. On this paper, we will analyze security threats of existing IoT, discuss security weakness on electric power industry IoT and suggest needed security requirements, security technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5132-5148
• /
• 2017

Cyber attacks are evolving commensurate with recent developments in information security technology. Intrusion detection systems collect various types of data from computers and networks to detect security threats and analyze the attack information. The large amount of data examined make the large number of computations and low detection rates problematic. Feature selection is expected to improve the classification performance and provide faster and more cost-effective results. Despite the various feature selection studies conducted for intrusion detection systems, it is difficult to automate feature selection because it is based on the knowledge of security experts. This paper proposes a feature selection technique to overcome the performance problems of intrusion detection systems. Focusing on feature selection, the first phase of the proposed system aims at constructing a feature subset using a sequential forward floating search (SFFS) to downsize the dimension of the variables. The second phase constructs a classification model with the selected feature subset using a random forest classifier (RFC) and evaluates the classification accuracy. Experiments were conducted with the NSL-KDD dataset using SFFS-RF, and the results indicated that feature selection techniques are a necessary preprocessing step to improve the overall system performance in systems that handle large datasets. They also verified that SFFS-RF could be used for data classification. In conclusion, SFFS-RF could be the key to improving the classification model performance in machine learning.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.258-261
• /
• 2017

안드로이드 애플리케이션 개발 시 특정 기능을 수행하기 위해 필수적으로 AndroidManifest.xml 파일에 권한을 등록한다. 등록된 권한은 애플리케이션 설치 시 사용자에게 동의를 요구하며 애플리케이션을 설치하기 위해 해당 애플리케이션이 요구하는 사용 권한 모두를 동의해야 한다. 애플리케이션이 요구하는 권한에 동의하지 않을 경우 애플리케이션 설치가 취소되며, 권한 요구에 대한 동의 없이 애플리케이션을 설치할 수 없다. 이러한 이유로 대부분의 사용자는 애플리케이션이 본래의 기능과 맞지 않는 필요 범위 이상으로 요구하는 권한까지도 상세하게 살펴보지 않고 동의하여 본래의 기능과 관계없는 권한을 통해 개인정보 유출, 비정상적인 과금 유발 등 다양한 보안위협이 발생한다. 본 논문에서는 안드로이드 애플리케이션의 APK 파일을 통해 애플리케이션이 요구하는 권한과 실제 애플리케이션이 기능 제공을 위해 사용하는 API 목록을 확인하여 애플리케이션이 필요 범위 이상으로 요구하는 권한을 분석한다. 또한, 애플리케이션 업데이트 시 API 추가로 인해 발생할 수 있는 보안위협을 분석한다. 이를 통해 필요 범위 이상으로 요구하는 권한으로 발생할 수 있는 보안위협에 대해 사전에 인지하여 이를 방지할 수 있도록 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1137-1143
• /
• 2015

Sensitive internal information has been transmitted in a variety of services of Internet environment, but almost users do not know what internal information is sent. In this paper, we intend to develop a new filtering system that continuously monitors the sensitive information in outbound network packets and notifies the internal user whether or not to expose. So we design a filtering system for sensitive information and analyze the implementation results. Thus users visually can check whether disclosure of the important information and drop the corresponding packets by the proposed system. The results of this study can help decrease cyber threats various targeting internal information of company by contributing to prevent exposure of sensitive internal information.