• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.362-363
• /
• 2024

최근 자동차의 네트워크화와 연결성이 증가함에 따라, CAN(Controller Area Network) bus 의 설계상 취약점이 보안 위협으로 대두되고 있다. 이에 대응하여 CAN bus 의 취약점을 극복하고 보안을 강화하기 위해 머신러닝을 활용한 침입 탐지 시스템에 대한 연구가 필요하다. 본 논문은 XGBoost 를 활용한 비정상 분류 방법론을 제안한다. 고려대학교 해킹 대응 기술 연구실에서 개발한 데이터 세트를 기반으로 실험을 수행한 결과, 초기 모델의 정확도는 96%였다. 그러나 추가적으로 TimeDiff(발생 간격)과 DataDiff(바이트의 차분 값)을 모델에 통합하면서 정확도가 3% 상승하였다. 본 논문은 향후에 보다 정교한 머신러닝 알고리즘과 데이터 전처리 기법을 적용하여 세밀한 모델을 개발하고, 업체의 CAN Database 를 활용하여 데이터 분석을 보다 정확하게 수행할 계획이다. 이를 통해 보다 신뢰성 높은 자동차 네트워크 보안 시스템을 구축할 수 있을 것으로 기대된다.

• Journal of Navigation and Port Research
• /
• v.46 no.3
• /
• pp.280-288
• /
• 2022

This study examined the diagnostics of abnormalities and faults of equipment, whose rotational speed changes even during regular operation. The purpose of this study was to suggest a procedure that can properly apply machine learning to the time series data, comprising non-stationary characteristics as the rotational speed changes. Anomaly and fault diagnosis was performed using machine learning: k-Nearest Neighbor (k-NN), Support Vector Machine (SVM), and Random Forest. To compare the diagnostic accuracy, an autoencoder was used for anomaly detection and a convolution based Conv1D was additionally used for fault diagnosis. Feature vectors comprising statistical and frequency attributes were extracted, and normalization & dimensional reduction were applied to the extracted feature vectors. Changes in the diagnostic accuracy of machine learning according to feature selection, normalization, and dimensional reduction are explained. The hyperparameter optimization process and the layered structure are also described for each algorithm. Finally, results show that machine learning can accurately diagnose the failure of a variable-rotation machine under the appropriate feature treatment, although the convolution algorithms have been widely applied to the considered problem.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.4 no.1
• /
• pp.267-282
• /
• 2000

With the development of computer&network technology and the growth of its dependance, computer failures not only lose human and material resources but also make organization's competition weak as a side-effect of information society. Therefore, people consider computer security as important factor. Intrusion Detection Systems (IDS) detect intrusions and take an appropriate action against them in order to protect a computer from system failure due to illegal intrusion. A variety of methods and models for IDS have been developed until now, but the existing methods or models aren't enough to detect intrusions because of the complexity of computer network the vulnerability of the object system, insufficient understanding for information security and the appearance of new illegal intrusion method. We propose a new IDS model to be suitable at the information system organized by homogeneous hosts and design for the IDS model and implement the prototype of it for feasibility study. The IDS model consist of many distributed unit sensor IDSs at homogeneous hosts and if any of distributed unit sensor IDSs detect anomaly system call among system call sequences generated by a process, the anomaly system call can be dynamically shared with other unit sensor IDSs. This makes the IDS model can effectively detect new intruders about whole information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.1-7
• /
• 2016

As new information and communication technologies evolve, security threats are also becoming increasingly intelligent and advanced. In this paper, we analyze the time series data continuously entered through a series of periods from the network device or lightweight IoT (Internet of Things) devices by using the statistical technique and propose a system to detect abnormal behaviors of the device or abnormality based on the analysis results. The proposed system performs the first level abnormal detection by using previously entered data set, thereafter performs the second level anomaly detection according to the trust bound configured by using stored time series data based on time attribute or group attribute. Multi-level analysis is able to improve reliability and to reduce false positives as well through a variety of decision data set.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1097-1114
• /
• 2015

As the online game market grows, illegal activities such as cheating play using game bots or game hack programs, running private servers, hacking game companies' system and network, and account theft are also increasing. There are various security measures for online games to prevent illegal activities. However, the current security measures are not enough to prevent all highly evolving game attacks and frauds. Some security measure can do harm game players usability, game companies need to develop usable security measure that is well fit to game genre and contents design. In this study, we surveyed the recent trend of various security measure applied in online games. This research also classified illegal activities and their related countermeasure for detection and prevention.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.57-68
• /
• 2001

Computer security is considered important because of the side effect generated from the expansion of computer network and rapid increase of the use of computer. Intrusion Detection System(IDS) has been an active research area to reduce the risk from intruders. In this paper, the Hybrid Intrusion Detection System(HIDS) based biometric immuntiy collects and filters audit data by misuse detection is innate immune, and anomaly detection is acquirement immune in multi-hosts. Since, collect and detect audit data from one the system in molt-hosts, it is design and implement of the intrusion detection system which has the immuntiy the detection intrusion in one host possibly can detect in multi-hosts and in the method of misuses detection subsequently.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2736-2754
• /
• 2015

Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.1-7
• /
• 2020

With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.611-614
• /
• 2016

최근 철도 산업의 비중이 증가함에 따라 열차의 안정적인 주행이 그 어느 때보다 중요한 이슈로 부각되고있다. 특히, 열차의 진로 변경을 위한 핵심 요소인 선로전환기의 결함은 열차의 사고와 직결되는 장비 중 하나로써, 그 이상 여부를 사전에 인지하여 선로전환기의 안정성을 확보하기 위한 유지보수의 지능화 시스템이 필요하다. 본 논문에서는 선로전환기의 작동 시 발생하는 소리정보를 활용하여 선로전환기의 비정상 상황을 분류하는 시스템을 제안한다. 제안하는 시스템은 먼저, 선로전환기의 상황별 소리를 수집하고, 다양한 소리정보를 추출하여 특징 벡터를 생성한다. 다음으로, 딥러닝 모델 중 하나인 DNN(Deep Neural Network)을 이용하여 선로전환기의 비정상 상황을 분류한다. 실제 선로전환기의 전환 시 발생하는 소리 데이터를 기반으로 DNN의 파라미터에 따른 다양한 실험을 수행한 결과, 약 93.10%의 정확도를 갖는 안정적인 DNN 모델을 설계하였다.