• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.

• 무역상무연구
• /
• 제17권
• /
• pp.129-146
• /
• 2002

The electronic technology development have occurred in the face of existing legal barriers to legal efficacy of computer information goods, and the liberating promise of electronic transactions cannot fully realized unless there is predictability in the legal rules that govern such transactions. This study analyzes some theoretical fundamentals of the Act. First, it proposes that the Act clarify and set forth uniform legal principles applicable to computer information transactions. Secondly, it suggests that if the individual is risk averse, the acceptance set for electronic transactions will be a convex set, and that the application of the Act will make the acceptance set more expanded by lowering the probability of conflicts and by downsizing the risk averness. Thirdly, it also suggest that through the mothod of contingent commodities analysis, the application of the Act by means of its restricted regulations will give more expected utility than the absence of the Act. Fourthly, it derives some implications that the degree of legitimate restriction will be affected by the objective risk inherent to the electronic transactions, and the individual's subjective risk-averseness. Finally, it concludes that harmonization of restriction and protection of individual's rights in electronic transaction process will be a necessary condition for more efficient body of law from the law-economic perspectives.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2651-2673
• /
• 2019

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권5호
• /
• pp.2166-2180
• /
• 2016

We investigate the opposite of artificial noise (AN)-assisted communication in multiple-input-multiple-output (MIMO) wiretap channels for the multiuser case by taking the side of the eavesdropper. We first define a framework for an AN-assisted multiuser multiple-input-multiple-output (MU-MIMO) system, for which eavesdropping methods are proposed with and without knowledge of legitimate users' channel state information (CSI). The proposed method without CSI is based on a modified joint approximate diagonalization of eigen-matrices algorithm, which eliminates permutation indetermination and phase ambiguity, as well as the minimum description length algorithm, which blindly estimates the number of secret data sources. Simulation results show that both proposed methods can intercept information effectively. In addition, the proposed method without legitimate users' CSI performs well in terms of robustness and computational complexity.

• 한국IT서비스학회지
• /
• 제20권1호
• /
• pp.131-143
• /
• 2021

Commercial transactions, one of the pillars of the capitalist economy, are occurring countless times every day, especially small and medium-sized businesses. However, small and medium-sized enterprises are bound to be the legal underdogs in contracts for commercial transactions and do not receive legal support for contracts for fair and legitimate commercial transactions. When subcontracting contracts are concluded among small and medium-sized enterprises, 58.2% of them do not apply standard contracts and sign contracts that have not undergone legal review. In order to support small and medium-sized enterprises' fair and legitimate contracts, small and medium-sized enterprises can be protected from legal threats if they can reduce the risk of signing contracts by analyzing various risks in the contract and analyzing and informing them of toxic clauses and omitted contracts in advance. We propose a risk prediction model for the machine reading-based legal contract to minimize legal damage to small and medium-sized business owners in the legal blind spots. We have established our own set of legal questions and answers based on the legal data disclosed for the purpose of building a model specialized in legal contracts. Quantitative verification was carried out through indicators such as EM and F1 Score by applying pine tuning and hostile learning to pre-learned machine reading models. The highest F1 score was 87.93, with an EM value of 72.41.

• 정보보호학회논문지
• /
• 제34권2호
• /
• pp.289-299
• /
• 2024

블록체인은 증가하는 트랜잭션 수와 사용자 수로 인해 많은 계산과 네트워크 통신을 지연시켜 실시간 처리에 효율적이지 않다. 이를 해결하기 위하여, 본 연구는 클라우드 프락시 서버를 제안하므로 적법한 사용자가 블록체인을 사용할 뿐만 아니라 네트워크 지연 시간을 단축할 수 있다. 블록체인 트랜잭션 진행을 위해, 블록체인 복사 서버에서는 트랜잭션 관련 모든 데이터를 검증하지만 클라우드 프락시 서버는 간단한 영지식 증명 알고리즘으로 적법한 사용자를 검증하므로 효율적인 블록체인 실시간 처리가 가능하다. 클라우드 프락시 서버는 블록체인 사용자의 키 쌍을 등록 받아 제안한 영지식 증명으로 적법한 사용자를 검증할 수 있는 블록체인 익명성, 보안성, 확장성을 지원할 수 있다. 제안 연구 분석에서 블록체인 기반 클라우드 프락시 서버는 이전 연구들과 비교하여 네트워크 지연 시간을 단축시키고, 클라우드 프락시 서버의 키 프로세싱은 이전 연구들보다 키 계산 비용을 감소시킨다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권9호
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• 정보처리학회논문지A
• /
• 제13A권7호
• /
• pp.599-606
• /
• 2006

P2P 서비스는 서비스 참여자들의 행동을 관리하고 악의적인 행동을 수행하는 참여자들을 제어할 수 있는 별도의 관리 기관을 가지지 알기 때문에 악의적인 목적을 가진 참여자들은 더 많은 이익을 얻기 위해 올바르게 행동하는 사용자들에게 피해를 줄 수 있다. 그러므로, P2P 서비스 이용자들은 사전 트랜잭션 수행 경험이 없는 사용자들과 안전하게 트랜잭션을 수행하기 위하여 과거에 트랜잭션을 수행한 경험이 있는 사용자들에 의해 제공되는 정보인 '평판' 정보의 참조를 통해 악의적인 목적을 가진 사용자와 올바른 사용자를 구별할 수 있다. 그러나. 사용자들은 수행된 트랜잭션에 대해 고의적으로 거짓 평가를 줄 수 있고, 이러한 사용자들을 'liar'라 부른다. 본 논문에서는 평판 정보에 대한 정확성을 위해 liar를 감소시키는 새로운 평판 시스템을 제안하고 시뮬레이션을 통해 그 타당성을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권10호
• /
• pp.4223-4249
• /
• 2015

A novel jamming detection technique to detect the presence of jamming in the downstream direction for cluster based wireless sensor networks is proposed in this paper. The proposed technique is deployed in base station and in cluster heads. The proposed technique is novel in two aspects: Firstly, whenever a cluster head receives a packet it verifies whether the source node is legitimate node or new node. Secondly if a source node is declared as new node in the first step, then this technique observes the behavior of the new node to find whether the new node is legitimate node or jammed node. In order to monitor the behavior of the existing node and new node, the second step uses two metrics namely packet delivery ratio (PDR) and received signal strength indicator (RSSI). The rationality of using PDR and RSSI is presented by performing statistical test. PDR and RSSI of every member in the cluster is measured and assessed by the cluster head. And finally the cluster head determines whether the members of the cluster are jammed or not. The CH can detect the presence of jamming in the cluster at member level. The base station can detect the presence of jamming in the wireless sensor network at CH level. The simulation result shows that the proposed technique performs extremely well and achieves jamming detection rate as high as 99.85%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권11호
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.