• Journal of Microbiology and Biotechnology
• /
• v.5 no.1
• /
• pp.18-21
• /
• 1995

Endoglucanase gene of Pseudomonas sp. LBC505 was previously cloned in pUCl9 to yield plasmid pLC1. overproduction of endoglucanase was attempted by following ways. First, the endoglucanase gene of Pseudomonas sp. LBC505 cloned in pUCl9(pLC1) was tandemly inserted, step by step, into a expression vector pKK223-3 in a directly repeated form to enhance productivity of endoglucanase. Escherichia coli containing pKCC30 among the resulting plasm ids showed the higher yield of the endoglucanase. Ecoli harboring pKCC30 which had three inserted endoglucanase genes expressed about 12.3 times as much CMCase activity as Ecoli harboring pLCl. Second, the endoglucanase gene was subcloned into Bacillus subtilis expression vector pgnt41 for both overproduction and extracellular secretion of the endoglucanase. A resulting plasmid pgntc15 in Bacillus subtilis expressed 4.3-fold higher levels of CMCase activity than that of E.coli harboring pLCl and the endoglucanase produced was entirely secreted into the culture medium.

• Journal of Information Processing Systems
• /
• v.6 no.4
• /
• pp.481-500
• /
• 2010

The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• Journal of Information Technology Services
• /
• v.19 no.6
• /
• pp.83-95
• /
• 2020

"I think security is only trying to make it uncomfortable." "10% of my work is entering IDs and passwords, such as boot passwords, mobile phone authentication numbers, etc." As reflected in the complaint above, stress caused by information security among organizations' members is increasing. In order to strengthen information security, practical solutions to reduce stress are needed because the motivation of the members is needed in order for organizations to function properly. Therefore, this study attempts to suggest key factors that can enhance security while reducing information security stress among members of organizations. To this end, based on the theory of protection motivation, trust and security stress from information security policies are set as mediating factors to explain changes in security reinforcement behavior. Furthermore, risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of members of organizations. In turn, this can raise protection motivation among members.

• Journal of the Society of Disaster Information
• /
• v.19 no.4
• /
• pp.924-935
• /
• 2023

Purpose: The central aim of this study is to leverage machine learning techniques for the classification of Intrusion Detection System (IDS) data, with a specific focus on identifying the variables responsible for enhancing overall performance. Method: First, we classified 'R2L(Remote to Local)' and 'U2R (User to Root)' attacks in the NSL-KDD dataset, which are difficult to detect due to class imbalance, using seven machine learning models, including Logistic Regression (LR) and K-Nearest Neighbor (KNN). Next, we use the SHapley Additive exPlanation (SHAP) for two classification models that showed high performance, Random Forest (RF) and Light Gradient-Boosting Machine (LGBM), to check the importance of variables that affect classification for each model. Result: In the case of RF, the 'service' variable and in the case of LGBM, the 'dst_host_srv_count' variable were confirmed to be the most important variables. These pivotal variables serve as key factors capable of enhancing performance in the context of classification for each respective model. Conclusion: In conclusion, this paper successfully identifies the optimal models, RF and LGBM, for classifying 'R2L' and 'U2R' attacks, while elucidating the crucial variables associated with each selected model.

• Journal of The Korean Society of Inherited Metabolic disease
• /
• v.15 no.2
• /
• pp.87-92
• /
• 2015

Mucopolysaccharidosis (MPS) is an inherited disease entity associated with lysosomal enzyme deficiencies. MPS type 2, also known as Hunter syndrome, has a characteristic morphology primarily involving x-l inked recessive defects and iduronate-2-sulfatase gene mutation. The purpose of this case report is to provide important clues to help pediatricians identify Hunter syndrome patients earlier (i.e., before the disease progresses). A 30-month-old boy showed developmental delay and decreased speech ability. Physical examinations revealed a flat nose and extensive Mongolian spots. Brain magnetic resonance images (MRIs) showed bilateral multiple patchy T2 hyperintense lesions in the periventricular and deep white matter, several cyst-like lesions in the body of the corpus callosum, and diffuse brain atrophy, which were in keeping with the diagnosis. Based on these findings, the patient was suspected of having MPS. In the laboratory findings, although the genetic analysis of IDS (Iduronate-2-sulfatase) did not show any pathogenic variant, the enzymatic activity of IDS was not detected. We could confirm the diagnosis of MPS, because other sulfatases, such as ${\alpha}$-L-iduronidase, were detected in the normal range. Early enzymatic replacement therapy is essential and has a relatively good prognosis. Therefore, early diagnosis should be made before organ damage becomes irreversible, and brain MRIs can provide additional diagnostic clues to help distinguish the disorder.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.747-761
• /
• 2024

Recently, modern vehicles have been controlled by Electronic Control Units (ECUs), by which the safety and convenience of drivers are highly improved. It is known that a luxury vehicle has more than 100 ECUs to electronically control its function. However, the modern vehicles are getting targeted by cyber attacks because of this computer-based automotive system. To address the cyber attacks, automotive manufacturers have been developing some methods for securing their vehicles, such as automotive Intrusion Detection System (IDS). This development is only allowed to the automotive manufacturers because they have databases for their in-vehicle network (i.e., DBC Format File) which are highly confidential. This confidentiality poses a significant challenge to external researchers who attempt to conduct automotive security researches. To handle this restricted information, in this paper, we propose a method to partially understand the DBC Format File by analyzing in-vehicle network traffics. Our method is designed to analyze Controller Area Network (CAN) traffics so that checksum signals are identified in CAN Frame Data Field. Also, our method creates a Lookup Set by which a checksum signal is correctly estimated for a given message. We validate our method with the publicly accessible dataset as well as one from a real vehicle.

• Journal of Microbiology and Biotechnology
• /
• v.16 no.1
• /
• pp.118-125
• /
• 2006

The region responsible for replication of the megaplasmid pAtC58 in the nopaline-type Agrobacterium tumefaciens strain C58 was determined. A derivative ofa Co1E1 vector, pBluscript SK-, incapable of autonomous replication in Agrobacterium spp, was cloned with a 7.6-kb Bg1II-HindIII fragment from a cosmid clone of pAtC58, which contains a region adjacent to the operon for the utilization of deoxyfructosyl glutamine (DFG). The resulting plasmid conferred resistance to carbenicillin on the A. tumefaciens strain UIA5 that is a plasmidfree derivative of C58. The plasmid was stably maintained in the strain even after consecutive cultures for generations. Analysis of nested deletions of the 7.6-kb fragment showed that a 4.3-kb BglII-XhoI region sufficiently confers replication of the derivative of the ColE1 vector on UIA5. The region comprises three ORFs, which have high homologies with repA, repB, and repC of plasm ids in virulent Agrobacterium spp. including pTiC58, pTiB6S3, pTi-SAKURA, and pRiA4b as well as those of symbiotic plasmids from Rhizobium spp. Phylogenie analysis showed that rep genes in pAtC58 are more closely related to those in pRiA4 than to pTi plasmids including pTiC58, suggesting that the two inborn plasmids, pTiC58 and pAtC58, harbored in C58 evolved from distinct origins.

• The Journal of the Korean Society for Microbiology
• /
• v.22 no.3
• /
• pp.241-250
• /
• 1987

A total 64 strains of Escherichia coli including 38 strains of urinary tract infection and 26 strains from other clincal sources were studied for several properties related to the virulence markers of organisms. Urinary isolates(76.3%) showed higher frequency of mannose resistant hemagglutination(MRHA) wi th human erythrocytes(A type, $Rh^+$) than the strains of control group isolated from other sources(34.6%). Seventeen strains(44.4%) of urinary isolates and 2 strains(7.7%) of control group showed hemolysis on blood agar plate. There was no significant difference in MIC's of 23 drugs between both groups of urinary isolates and control group. But they showed high frequency of resistance to ampicillin, carbenicillin, piperacillin, kanamycin, and trimethoprim, but were very susceptible to cefotaxime, moxalactam, ceftizidime, imipenem, and norfloxacine. Fourteen strains(36.8%) of urinary isolates and 10 strains(38.5%) of control group showed conjugally transferable resistance conferred to R plasmids. The urinary isolates carried one or more to 6(mean 3.4) plasmids of approximate molecular weight ranged 3.1 to 94 megadalton(Mdal) and strains of control group carried 2 to 5(mean 3.8) plasm ids of size ranged 3.6 to 130 Mdal. The size of conjugally transferable R plasmid identified with transconjugants ranged 32 to 130 Mdal.