• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.381-386
• /
• 2013

As the new variation malicious codes of android platform are drastically increasing, the preparation plan and response is needed. We proposed a high-interaction client honeypot that applied to the android platform. We designed flow for the system. Application plan and the function was analyze. Each detail module was optimized in the Android platform. The system is equipped with the advantage of the high-interaction client honeypot of PC environment. Because the management and storage server was separated it is more flexible and expanded.

• Journal of Korea Society of Industrial Information Systems
• /
• v.20 no.2
• /
• pp.65-72
• /
• 2015

An anti-virus is a widely used solution for detecting malicious software in client devices. In particular, signature-based anti-viruses detect malicious software by comparing a file with a signature of a malicious software. Recently, the number of malicious software dramatically increases and hence it results in a performance degradation issue: detection time of signature-based anti-virus increases and throughput decreases. In this paper, we summarize the research results of signature-based anti-viruses which are focusing on solutions overcoming of performance limitations, and propose a new solution. In particular, comparing our solution to SplitScreen which has been known with the best performance, our solution reduces client-side workload and decreases communication cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1341-1351
• /
• 2015

As the popularization of smartphone increases the number of various applications, the number of malicious applications also grows rapidly through the third party App Market or black market. This paper suggests an investigation filter, Androfilter, that detects the fabrication of APK file effectively. Whereas the most of antivirus software uses a separate server to collect, analyze, and update malicious applications, Androfilter assumes Google Play as the trusted party and verifies integrity of an application through a simple query to Google Play. Experiment results show that Androfilter blocks brand new malicious applications that have not been reported yet as well as known malicious applications.

• Journal of the Korea Convergence Society
• /
• v.11 no.6
• /
• pp.23-28
• /
• 2020

A comment system is essential for communication on the Internet. However, there are also malicious comments such as inappropriate expression of others by exploiting anonymity online. In order to protect users from malicious comments, classification of malicious / normal comments is necessary, and this can be implemented as text classification. Text classification is one of the important topics in natural language processing, and studies using pre-trained models such as BERT and graph structures such as GCN and GAT have been actively conducted. In this study, we implemented a comment classification system using BERT, GCN, and GAT for actual published comments and compared the performance. In this study, the system using the graph-based model showed higher performance than the BERT.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5580-5593
• /
• 2019

A malicious Uniform Resource Locator (URL) recognition and detection method based on the combination of Attention mechanism with Convolutional Neural Network and Long Short-Term Memory Network (Attention-Based CNN-LSTM), is proposed. Firstly, the WHOIS check method is used to extract and filter features, including the URL texture information, the URL string statistical information of attributes and the WHOIS information, and the features are subsequently encoded and pre-processed followed by inputting them to the constructed Convolutional Neural Network (CNN) convolution layer to extract local features. Secondly, in accordance with the weights from the Attention mechanism, the generated local features are input into the Long-Short Term Memory (LSTM) model, and subsequently pooled to calculate the global features of the URLs. Finally, the URLs are detected and classified by the SoftMax function using global features. The results demonstrate that compared with the existing methods, the Attention-based CNN-LSTM mechanism has higher accuracy for malicious URL detection.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.115-122
• /
• 2009

In this paper, we proposed scheme that we use a difference of timestamp in time in Ubiquitous environments as we use the Diffie-Hellman method that OTP was applied to when it deliver a key between nodes, and can detect a malicious node at these papers. Existing methods attempted the malicious node detection in the ways that used correct synchronization or directed antenna in time. We propose an intermediate malicious node detection way at these papers without an directed antenna addition or the Trusted Third Party (TTP) as we apply the OTP which used timestamp to a Diffie-Hellman method, and we verify safety regarding this. A way to propose at these papers is easily the way how application is possible in Ubiquitous environment.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.211-219
• /
• 2006

As the wireless network is popular and expanded, it is necessary to development the IDS(Intrusion Detection System)/Filtering System from the malicious wireless traffic. We propose the W-Sensor SW which detects the malicious wireless traffic and the W-TMS system which filters the malicious traffic by W-Sensor log in this paper. It is efficient to detect the malicious traffic and adaptive to change the security rules rapidly by the proposed W-Sensor SW. The designed W-Sensor by installing on a notebook supports the mobility of IDS in compare with the existed AP based Sensor.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.5
• /
• pp.487-491
• /
• 2008

This paper proposes the Byzantine fault tolerant clock synchronization scheme for wireless sensor networks to cope with the clock synchronization disturbance attack of malicious nodes. In the proposed scheme, a node which is requiring clock synchronization receives 3m+1 clock synchronization messages not only from its parent nodes but also from its sibling nodes in order to tolerate malicious attacks even if up to m malicious nodes exist among them. The results show that the proposed scheme is 7 times more resilient to the clock synchronization disturbance attack of malicious nodes than existing schemes in terms of synchronization accuracy.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.671-674
• /
• 2013

Recently, as application that support a various functions is developing, through the smart phones penetration rate and applications market is increasing quickly, the user has been growing rapidly. An important data is stored in the smart phone because smart phone is closely connected to real life. Due to the malicious code caused by abuse with diversity purpose, the safety of the smart phone is being threatened.Accordingly in this paper, we will grasp about malicious code such as incidence, cause and attack type. Through this, it will be considered that problems is caused by malicious code each mobile OS spreaded lately.

• Journal of Internet Computing and Services
• /
• v.21 no.5
• /
• pp.57-65
• /
• 2020

At present, the existing virus recognition systems usually use signature approach to detect malicious executable files, but these methods often fail to detect new and invisible malware. At the same time, some methods try to use more general features to detect malware, and achieve some success. Moreover, machine learning-based approaches are applied to detect malware, which depend on features extracted from malicious codes. However, the different distribution of features oftraining and testing datasets also impacts the effectiveness of the detection models. And the generation oflabeled datasets need to spend a significant amount time, which degrades the performance of the learning method. In this paper, we use transfer learning to detect new and previously unseen malware. We first extract the features of Portable Executable (PE) files, then combine transfer learning training model with KNN approachto detect the new and unseen malware. We also evaluate the detection performance of a classifier in terms of precision, recall, F1, and so on. The experimental results demonstrate that proposed method with high detection rates andcan be anticipated to carry out as well in the real-world environment.