• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1121-1129
• /
• 2013

Recent malware distribution causes severe and nation-wide problems such as 3 20 cyber attack in Korea. In particular, Drive-by download attack, which is one of attack types to distribute malware through the web, becomes the most prevalent and serious threat. To prevent Drive-by download attacks, it is necessary to analyze MDN(Malware Distribution Networks) of Drive-by download attacks. Effective analysis of MDN requires a detection of obfuscated and/or encapsulated JavaScript in a web page. In this paper, we propose the scheme called Multi-level emulation to analyze the process of malware distribution. The proposed scheme analyzes web links used for malware distribution to support the efficient analysis of MDN.

• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.100-115
• /
• 2019

Malicious code distribution on the Internet is one of the most critical Internet-based threats and distribution technology has evolved to bypass detection systems. As a new defense against the detection bypass technology of malicious attackers, this study proposes the automated tracing of malicious websites in a malware distribution network (MDN). The proposed technology extracts automated links and classifies websites into malicious and normal websites based on link structure. Even if attackers use a new distribution technology, website classification is possible as long as the connections are established through automated links. The use of a real web-browser and proxy server enables an adequate response to attackers' perception of analysis environments and evasion technology and prevents analysis environments from being infected by malicious code. The validity and accuracy of the proposed method for classification are verified using 20,000 links, 10,000 each from normal and malicious websites.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.103-108
• /
• 2004

A Home Location Register(HLR) database system manages each subscriber's location information, which continuously changes in a cellular network. For this purpose, the HLR database system provides table management, index management, and backup management facilities. In this thesis, I propose using a two-level index method for the mobile directory number(MDN) as a suitable method and a chained bucket hashing method for the electronic serial number(ESN). Both the MDN and the ESN are used as keys in the HLR database system. I also propose an efficient backup method that takes into account the characteristics of HLR database transactions. The retrieval speed and the memory usage of the two-level index method are better than those of the T-tree index method. The insertion and deletion overhead of the chained bucket hashing method is less than that of the modified linear hashing method. In the proposed backup method, I use two kinds of dirty flags in order to solvethe performance degradation problem caused by frequent registration-location operations. I also propose using additional attributes in the HLR database scheme for location information secrecy as a suitable security method.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.1
• /
• pp.33-46
• /
• 2003

A Home Location Register(HLR) database system manages each subscriber's location information, which continuously changes in a cellular network. For this purpose, the HLR database system provides table management, index management, and backup management facilities. In this thesis, we propose using a two-level index method for the mobile directory number(MDN) as a suitable method and a chained bucket hashing method for the electronic serial number(ESN). Both the MDN and the ESN are used as keys in the HLR database system. We also propose an efficient backup method that takes into account the characteristics of HLR database transactions. The retrieval speed and the memory usage of the two-level index method are better than those of the R-tree index method. The insertion and deletion overhead of the chained bucket hashing method is less than that of the modified linear hashing method. In the proposed backup method, we use two kinds of dirty flags in order to solve the performance degradation problem caused by frequent registration-location operations. For a million subscribers, proposed techniques support reduction of memory size(more than 62%), directory operations (2500,000 times), and backup operations(more than 80%) compared with current techniques.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.7
• /
• pp.847-851
• /
• 2004

In the original mixture density network(MDN), which was introduced by Bishop and Nabney, the parameters of the conditional probability density function are represented by the output vector of a single multi-layer perceptron. Among the recent modification of the MDNs, there is the so-called modified mixture density network, in which each of the priors, conditional means, and covariances is represented via an independent multi-layer perceptron. In this paper, we consider a further simplification of the modified MDN, in which the conditional means are linear with respect to the input variable together with the development of the MATLAB program for the simplification. In this paper, we first briefly review the original mixture density network, then we also review the modified mixture density network in which independent multi-layer perceptrons play an important role in the learning for the parameters of the conditional probability, and finally present a further modification so that the conditional means are linear in the input. The applicability of the presented method is shown via an illustrative simulation example.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.25 no.2
• /
• pp.186-190
• /
• 2015

Intelligent vehicle plans motion and navigate itself based on the surrounding environment perception. Hence, the precise environment recognition is an essential part of self-driving vehicle. There exist many vulnerable road users (e.g. vehicle, pedestrians) on vehicular driving environment, the vehicle must percept all the dynamic obstacles accurately for safety. In this paper, we propose an multiple vehicle tracking algorithm using microwave radar. Our proposed system includes various special features. First, exceptional radar measurement model for vehicle, concentrated on the corner, is described by mixture density network (MDN), and applied to particle filter weighting. Also, to conquer the curse of dimensionality of particle filter and estimate the time-varying number of multi-target states, reversible jump markov chain monte carlo (RJMCMC) is used to sampling step of the proposed algorithm. The robustness of the proposed algorithm is demonstrated through several computer simulations.

• Journal of Korean Society for Atmospheric Environment
• /
• v.24 no.6
• /
• pp.693-703
• /
• 2008

The important source of the mercury in water-column is the influx of atmosphere mercury, via dry and wet deposition. In this study, wet deposition of mercury was estimated to be $14.56{\mu}g/m^2$ during 15 months at the Lake Soyang, which is a little higher than those observed in the several rural US Mercury Deposition Network (MDN) sites with similar precipitation depth. The mercury concentration in precipitation did not show a positive correlation with atmospheric RGM (reactive gaseous mercury) concentration, while maintaining good correlation with atmospheric $PM_{2.5}$ at Soyang Dam. This result suggests that the contribution of particulate Hg to the total Hg wet deposition should be more significant than that of RGM. In this study, both precipitation depth and precipitation type affected the amount of wet deposition and the concurrent mercury levels in precipitation. There was generally an inverse relationship between precipitation depth and Hg concentration in precipitation. Precipitation type was another factor that exerted controls on the Hg concentration in precipitation. As a result, the highest concentration of Hg was observed in snow, followed by in mixture (snow+rain) and in rain.

• Environmental Engineering Research
• /
• v.10 no.6
• /
• pp.306-315
• /
• 2005

Total gas phase mercury (TGM) concentrations and event wet-only precipitation for Hg were collected for nine months (from April, 2002 to Dec., 2002) at Sterling, NY on the shoreline of Lake Ontario. TGM concentrations measured in this study ($3.02{\pm}2.14\;ng/m^3$) were in somewhat high range compared to other background sites. Using simplified quantitative transport bias analysis (SQTBA) possible sources affecting high Hg concentration in Sterling was identified, and they are coal-fired power plants located in southern NY and Pennsylvania. Wet deposition measured at Mercury Deposition Network (MDN) sites including Pt. Petre and Egbert, ON were compared with data obtained at the Sterling to estimate the total mercury wet deposition flux to Lake Ontario. The wet deposition flux was calculated to be the highest at the Sterling site ($7.94\;{\mu}g/m^2$ from April, 2002 to Dec. 2002) and the lowest at the Egbert ($3.92\;{\mu}g/m^2$), due to the both the difference in precipitation depth and Hg concentration in the precipitation. The deposition measured at the Sterling site is similar to Lake Michigan deposition of $6-14\;{\mu}g/m^2$ (converted for ninth months) measured for Lake Michigan Mass Balance Study (LMMBS).

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.3-10
• /
• 2023

In the malware distribution network existing on the web, there is a central node that plays a key role in distributing malware. If you find and block this node, you can effectively block the propagation of malware. In this study, a centrality search method applied with risk analysis in a complex network is proposed, and a method for finding a core node in a malware distribution network is introduced through this approach. In addition, there is a big difference between a benign network and a malicious network in terms of in-degree and out-degree, and also in terms of network layout. Through these characteristics, we can discriminate between malicious and benign networks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.11
• /
• pp.2340-2346
• /
• 2011

This paper presents a user-friendly authentication system using a flexible USIM. In the proposed method and its system, the flexible USIM utilizes personalized data such as Mobile Directory Number(MDN) and social security number as the key to user authentication. The authentication method proposed in this paper permits limited times of use and/or limited duration of use. A simple simulation model shows that the proposed algorithm works well and shows high compatibility with existing authentication methods. In addition, an alternative or more advanced authentication system can be developed with the proposed flexible USIM card. It is seen that this simple alternative method will eventually be able to make wireless communication networks more easily accessible for subscribers, irrespective of user environments.