• Journal of KIISE
• /
• v.45 no.2
• /
• pp.106-112
• /
• 2018

Recently, the number of cyber attacks using malicious code has increased. Various types of malicious code detection techniques have been researched for several years as the damage has increased. In recent years, profiling techniques have been used to identify attack groups. This paper focuses on the identification of attack groups using a detection technique that does not involve malicious code detection. The attacker is identified by using a string or a code signature of the malicious code. In addition, the detection rate is increased by adding a technique to confirm the packing file. We use Yara as a detection technique. We have research about RAT (remote access tool) that is mainly used in attack groups. Further, this paper develops a ruleset using malicious code and packer main feature signatures for RAT which is mainly used by the attack groups. It is possible to detect the attacker by detecting RAT based on the newly created ruleset.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.1B
• /
• pp.1-12
• /
• 2002

In the multimedia CDMA mobile communication service, it is required to support various applications, such as voice, video, file transfer, e-mail, and Internet access, with guaranteed QoS. In the mixed traffic environment ,which consists of voice, stream data, and packet data, we analyze the network where preemptive priority is granted to delay-intolerant voice service and a buffer is offered to delay-tolerant stream data service. And, for best-effort packet data service, the access control by transmission permission probability is applied to obtain prominent throughput. To analyze the multimedia CDMA mobile communication system, we build a 2-dimensional markov chain model about prioritized-voice and stream data services and accomplish numerical analysis in combination with packet data traffic based on residual capacity equation.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.26 no.4
• /
• pp.374-380
• /
• 2015

With explosion of wireless traffic it is required to further investigate the technologies on acquiring available spectrum resources and on sharing frequency with existing users. In 3GPP, it is started to study on feasibility and functional requirement of LTE standard in order to extend cellular services offered on only licensed band to 5 GHz unlicensed band. Operating scenario on LTE in unlicensed band is focused on carrier aggregation with licensed band, and the coexistence with Wi-Fi services in 5 GHz band is concerned as a major requirement. For a single global solution framework for licensed assisted access to unlicensed spectrum, listen-before-talk(LBT) mechanism of European regulation for fair access to channel under the coexistence environments is currently examined in 3GPP. In this paper, we evaluate two types of LBT, frame based equipment and load based equipment, with considering LTE carrier aggregation feature and performances of file transferred time and throughput.

• The KIPS Transactions:PartD
• /
• v.9D no.1
• /
• pp.31-42
• /
• 2002

In this paper, we propose a new spatio-temporal representation scheme which can model moving objets trajectories effectively in video data and a new signature-based access method for moving objects trajectories which can support efficient retrieval on user query based on moving objects trajectories. The proposed spatio-temporal representation scheme supports content-based retrieval based on moving objects trajectories and concept-based retrieval based on concepts(semantics) which are acquired through the location information of moving objects trajectories. Also, compared with the sequential search, our signature-based access method can improve retrieval performance by reducing a large number of disk accesses because it access disk using only retrieved candidate signatures after it first scans all signatures and performs filtering before accessing the data file. Finally, we show the experimental results that proposed scheme is superior to the Li and Shan's scheme in terns of both retrieval effectiveness and efficiency.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.21-27
• /
• 2018

Most of the Internet users in Korea are issued certificates and use them for various tasks. For this reason, it is recommended that accredited certification authorities and security related companies and use public certificates on USB memory and portable storage devices rather than on the user's desktop. Despite these efforts, the hacking of the certificate has been continuously occurring and the financial damage has been continuing. Also, for security reasons, our military has disabled USB to general military users. Therefore, this study proposes a two-factor method using the unique information of the USB memory and the PC which is owned by the user, and suggests a method of managing the private key file secure to the general user. Furthermore, it will be applied to national defense to contribute to the prevention of important data and prevention of access by unauthorized persons.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.121-123
• /
• 2005

정보 통신의 발달로 인한 개인정보의 도용과 유출 및 불법적인 데이터의 사용을 차단하기 위한 많은 연구가 진행 되고 있다. 개인정보의 불법적인 유출을 막기 위해 스마트카드의 사용이 급증하고 있으며 현재 스마트카드보다 확장성 및 시스템 설계가 용이한 자바카드가 빠르게 보급되고 있는 추세이다. 본 논문에서는 정보보호 및 다양한 응용분야에 이용되는 자바카드의 기술규격(APDU)을 사용하여 다중사용자 인증과 사용자별 파일접근권한 시스템을 설계 및 구현하였다. 설계 구현한 시스템의 목적은 다수의 사용자 인증이 필요한 시스템에서 불법적인 정보의 유출을 방지하는 것이며 의료 분야 둥 다양한 응용 프로그램에 적용이 가능하다.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• 제어로봇시스템학회:학술대회논문집
• /
• 1997.10a
• /
• pp.716-719
• /
• 1997

An integrated program of driving simulator has been developed for excavators using the Motif, OpenGL, and C compiler. The developed program not only offers a GUI but also covers graphic algorithms, therefore, the user can easily run the driving simulator whose components include a simplified visual graphics system. Several graphics technique are combined and applied to the simulator program in order to increase the speed of graphical representation, which access computer memories, mix 2D models with 3D ones, and use the basic position detection method. A text format environment file has been utilized for organizing more flexible driving circumstances.