• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.531-539
• /
• 2019

This paper proposes the training features for malware family analysis and analyzes the multi-classification performance of ensemble models. We construct training data by extracting API and DLL information from malware executables and use Random Forest and XGBoost algorithms which are based on decision tree. API, API-DLL, and DLL-CM features for malware detection and family classification are proposed by analyzing frequently used API and DLL information from malware and converting high-dimensional features to low-dimensional features. The proposed feature selection method provides the advantages of data dimension reduction and fast learning. In performance comparison, the malware detection rate is 93.0% for Random Forest, the accuracy of malware family dataset is 92.0% for XGBoost, and the false positive rate of malware family dataset including benign is about 3.5% for Random Forest and XGBoost.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.175-182
• /
• 2022

In our daily life, we come across different types of information, for example in the format of multimedia and text. We all need different types of information for our common routines as watching/reading the news, listening to the radio, and watching different types of videos. However, sometimes we could run into problems when a certain type of information is required. For example, someone is listening to the radio and wants to listen to jazz, and unfortunately, all the radio channels play pop music mixed with advertisements. The listener gets stuck with pop music and gives up searching for jazz. So, the above example can be solved with an automatic audio classification system. Deep Learning (DL) models could make human life easy by using audio classifications, but it is expensive and difficult to deploy such models at edge devices like nano BLE sense raspberry pi, because these models require huge computational power like graphics processing unit (G.P.U), to solve the problem, we proposed DL model. In our proposed work, we had gone for a low complexity model for Audio Event Detection (AED), we extracted Mel-spectrograms of dimension 128×431×1 from audio signals and applied normalization. A total of 3 data augmentation methods were applied as follows: frequency masking, time masking, and mixup. In addition, we designed Convolutional Neural Network (CNN) with spatial dropout, batch normalization, and separable 2D inspired by VGGnet [1]. In addition, we reduced the model size by using model quantization of float16 to the trained model. Experiments were conducted on the updated dataset provided by the Detection and Classification of Acoustic Events and Scenes (DCASE) 2020 challenge. We confirm that our model achieved a val_loss of 0.33 and an accuracy of 90.34% within the 132.50KB model size.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.2
• /
• pp.334-348
• /
• 2015

Widespread use of smart devices accompanies increase of use of access point (AP), which enables the connection to the wireless network. If the appropriate security is not served when a user tries to connect the wireless network through an AP, various security problems can arise due to the rogue APs. In this paper, we are going to examine the threat by evil-twin, which is a kind of rogue APs. Most of recent researches for detecting rogue APs utilize the measured time difference, such as round trip time (RTT), between the evil-twin and authorized APs. These methods, however, suffer from the low detection rate in the network congestion. Due to these reasons, in this paper, we suggest a new factor, packet inter-arrival time (PIAT), in order to detect evil-twins. By using both RTT and PIAT as the learning factors for the support vector machine (SVM), we determine the non-linear metric to classify evil-twins and authorized APs. As a result, we can detect evil-twins with the probability of up to 96.5% and at least 89.75% even when the network is congested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1119-1127
• /
• 2018

Most of the cyber attacks are caused by malicious codes. The damage caused by cyber attacks are gradually expanded to IoT and CPS, which is not limited to cyberspace but a serious threat to real life. Accordingly, various malicious code analysis techniques have been appeared. Dynamic analysis have been widely used to easily identify the resulting malicious behavior, but are struggling with an increase in Anti-VM malware that is not working in VM environment detection. On the other hand, static analysis has difficulties in analysis due to various packing techniques. In this paper, we proposed malware classification techniques regardless of known packers or unknown packers through the proposed model. To do this, we designed a model of supervised learning and unsupervised learning for the features that can be used in the PE structure, and conducted the results verification through 98,000 samples. It is expected that accurate analysis will be possible through customized analysis technology for each class.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.6
• /
• pp.85-91
• /
• 2020

Recently, video-taping equipment such as CCTV have been seeing more use for crime prevention and general safety concerns. Since these video-taping equipment operates all throughout the day, the need for security personnel is lessened, and naturally costs incurred from managing such manpower should also decrease. However, technology currently used predominantly lacks self-sufficiency when given the task of searching for a specific object in the recorded video such as a person, and has to be done manually; current security-based video equipment is insufficient in an environment where real-time information retrieval is required. In this paper, we propose a technology that uses the latest deep-learning technology and OpenCV library to quickly search for a specific person in a video; the search is based on the clothing information that is inputted by the user and transmits the result in real time. We implemented our system to automatically recognize specific human objects in real time by using the YOLO library, whilst deep learning technology is used to classify human clothes into top/bottom clothes. Colors are also detected through the OpenCV library which are then all combined to identify the requested object. The system presented in this paper not only accurately and quickly recognizes a person object with a specific clothing, but also has a potential extensibility that can be used for other types of object recognition in a video surveillance system for various purposes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.129-141
• /
• 2024

Amidst the acceleration of digital transformation across various sectors, the financial market is increasingly focusing on the development of digital and electronic payment methods, including currency. Among these, Central Bank Digital Currencies (CBDC) are emerging as future digital currencies that could replace physical cash. They are stable, not subject to value fluctuation, and can be exchanged one-to-one with existing physical currencies. Recently, both domestic and international efforts are underway in researching and developing CBDCs. However, current CBDC systems face scalability issues such as delays in processing large transactions, response times, and network congestion. To build a universal CBDC system, it is crucial to resolve these scalability issues, including the low throughput and network overload problems inherent in existing blockchain technologies. Therefore, this study proposes a solution based on reinforcement learning for handling large-scale data in a CBDC environment, aiming to improve throughput and reduce network congestion. The proposed technology can increase throughput by more than 64 times and reduce network congestion by over 20% compared to existing systems.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.203-211
• /
• 2021

Image tampering detection and localization have become an active area of research in the field of digital image forensics in recent times. This is due to the widespread of malicious image tampering. This study presents a new method for image tampering detection and localization that combines the advantages of dilated convolution, residual network, and UNET Architecture. Using the UNET architecture as a backbone, we built the proposed network from two kinds of residual units, one for the encoder path and the other for the decoder path. The residual units help to speed up the training process and facilitate information propagation between the lower layers and the higher layers which are often difficult to train. To capture global image tampering artifacts and reduce the computational burden of the proposed method, we enlarge the receptive field size of the convolutional kernels by adopting dilated convolutions in the residual units used in building the proposed network. In contrast to existing deep learning methods, having a large number of layers, many network parameters, and often difficult to train, the proposed method can achieve excellent performance with a fewer number of parameters and less computational cost. To test the performance of the proposed method, we evaluate its performance in the context of four benchmark image forensics datasets. Experimental results show that the proposed method outperforms existing methods and could be potentially used to enhance image tampering detection and localization.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.266-272
• /
• 2022

Private specialized institutions differ from public ones in that they mostly act independently. This paper reports a study designed to assess the provision of specialized institutions for children with intellectual disabilities in Saudi Arabia. The approach taken in this study was qualitative, involving a case study strategy that enabled the researcher to gain rich and in-depth information based on the shared experiences of participants comprising institution leaders, educators and families from two specific specialized settings, one public and one private. The study aimed to examine the existing disparities in service delivery so as to develop a clear picture of the service quality provided by public specialized institutions for children with intellectual disabilities in Saudi Arabia. The results suggest that the weak relationship with inpatient and specialized institutions is a consequence of the parents' poor responsiveness, which may result in these institutes developing a negative impression of the parents. Conversely, the lack of active initiative on the part of the public specialized institutions led to a negative parental attitude towards these institutions. A sensible approach to resolving this problem might be to recognize that these institutions have a significant responsibility to encourage parents of children with intellectual disabilities to become involved in their children's learning, to promote positive attitudes.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.220-228
• /
• 2022

Image always carry useful information, detecting a text from scene images is imperative. The proposed work's purpose is to recognize scene text image, example boarding image kept on highways. Scene text detection on highways boarding's plays a vital role in road safety measures. At initial stage applying preprocessing techniques to the image is to sharpen and improve the features exist in the image. Likely, morphological operator were applied on images to remove the close gaps exists between objects. Here we proposed a two phase algorithm for extracting and recognizing text from scene images. In phase I text from scenery image is extracted by applying various image preprocessing techniques like blurring, erosion, tophat followed by applying thresholding, morphological gradient and by fixing kernel sizes, then canny edge detector is applied to detect the text contained in the scene images. In phase II text from scenery image recognized using MSER (Maximally Stable Extremal Region) and OCR; Proposed work aimed to detect the text contained in the scenery images from popular dataset repositories SVT, ICDAR 2003, MSRA-TD 500; these images were captured at various illumination and angles. Proposed algorithm produces higher accuracy in minimal execution time compared with state-of-the-art methodologies.