• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.277-280
• /
• 2010

Network based on the OSI 7 Layer communication protocol is implemented, and the Internet TCP / IP Layer Based on the vulnerability is discovered and attacked. In this paper, using the programs on the network Layer Scanning conducted by the Layer-by each subsequent vulnerability analysis. Layer by Scanning each vulnerability analysis program to analyze the differences will be studied. Scanning for the studies in the program reflects the characteristics of the Scanning Features of way, and security countermeasures by each Layer is presented. The results of this study was to analyze its vulnerability to hackers and security for defense policy as the data is utilized to enhance the security of the network will contribute.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.474-481
• /
• 2008

Scanning worm increases network traffic load and result in severe network congestion because it is a self-replicating worm and send copies of itself to a number of hosts through the Internet. So an early detection system which can automatically detect scanning worms is needed to protect network from those attacks. Although many studies are conducted to detect scanning worms, most of them are focusing on the method using packet header information. The method using packet header information has long detection delay since it must examine the header information of all packets entering or leaving the network. Therefore we propose an algorithm to detect scanning worms using network traffic characteristics such as variance of traffic volume, differentiated traffic volume, mean of differentiated traffic volume, and product of mean traffic volume and mean of differentiated traffic volume. We verified the proposed algorithm by analyzing the normal traffic captured in the real network and the worm traffic generated by simulator. The proposed algorithm can detect CodeRed and Slammer which are not detected by existing algorithm. In addition, all worms were detected in early stage: Slammer was detected in 4 seconds and CodeRed and Witty were detected in 11 seconds.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.4
• /
• pp.785-790
• /
• 2017

Network scanning tools typically use port scans to steal information from network terminals and identify vulnerabilities. In particular, Shodan and Censys use a network scanning tool to gather a wide range of terminal information, store it in their database and provide it to the users. In order to prevent such information gathering, it is required to know the scanning methods of Shodan and Censys. However, the scanning model used by Shodan and Censys is not known exactly. Therefore, this paper estimates scanning models of Shodan and Censys and analyzes the performance of each models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.57-66
• /
• 2007

Scanning worms increase network traffic load because they randomly scan network addresses to find hosts that are susceptible to infection. Since propagation speed is faster than human reaction, scanning worms cause severe network congestion. So we need to build an early detection system which can automatically detect and quarantine such attacks. We propose algorithms to detect scanning worms using network traffic characteristics such as variance, variance to mean ratio(VMR) and correlation coefficient. The proposed algorithm have been verified by computer simulation. Compared to existing algorithm, the proposed algorithm not only reduced computational complexity but also improved detection accuracy.

• Proceedings of the KIEE Conference
• /
• 2006.04a
• /
• pp.132-134
• /
• 2006

To improve equipment throughput and device yield, a malfunction in plasma equipment should be accurately diagnosed. A recognition model for plasma diagnosis was constructed by applying neural network to scanning electron microscope (SEM) image of plasma-etched patterns. The experimental data were collected from a plasma etching of tungsten thin films. Faults in plasma were generated by simulating a variation in process parameters. Feature vectors were obtained by applying direct and wavelet techniques to SEM Images. The wavelet techniques generated three feature vectors composed of detailed components. The diagnosis models constructed were evaluated in terms of the recognition accuracy. The direct technique yielded much smaller recognition accuracy with respect to the wavelet technique. The improvement was about 82%. This demonstrates that the direct method is more effective in constructing a neural network model of SEM profile information.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.864-875
• /
• 2018

In this paper, we propose a measurement method for height of white light scanning interferometer using deep learning. In order to measure the fine surface shape, a three-dimensional surface shape measurement technique is required. A typical example is a white light scanning interferometer. In order to calculate the surface shape from the measurement image of the white light scanning interferometer, the height of each pixel must be calculated. In this paper, we propose a neural network for height calculation and use virtual data generation method to train this neural network. The accuracy was measured by inputting 57 actual data to the neural network which had completed the learning. We propose two new functions for accuracy measurement. We have analyzed the cases where there are many errors among the accuracy calculation values, and it is confirmed that there are many errors when there is no interference fringe or outside the learned range. We confirmed that the proposed neural network works correctly in most cases. We expect better results if we improve the way we generate learning data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.6
• /
• pp.482-489
• /
• 2014

This paper suggests the new network scanning algorithm that makes use of measurement pilot of IEEE 802.11k. The purpose of suggesting this algorithm is to improve the existing network scanning schemes. After introducing new algorithm, this paper shows the difference of time property and energy property between former scanning schemes and new scheme with simulation results. Passive scan has a merit of low-power consumption but it takes too long time to fulfill whole scanning. On the contrary, an advantage of active scan is speed but it consumes more battery power than passive scan. By using measurement pilot's smaller interval than beacon interval, the suggested algorithm can consume less power than active scan does, and also make shorter scanning delay than passive scan does.

• Proceedings of the KIEE Conference
• /
• 2006.04a
• /
• pp.96-98
• /
• 2006

A new ex-situ model to diagnose a plasma processing equipment was presented. The model was constructed by combining wavelet, scanning electron microscope, ex-situ measurement of etching profile, and neural network. The diagnosis technique was applied to a tungsten etching process, conducted in a $SF_6$ helicon plasma. The wavelet was used to characterize detailed variations of plasma-etched surface. The diagnosis model was constructed with the vertical wavelet component. For comparison, a conventional model was built by using the estimated profile data. Compared to the conventional model, the wavelet-based model, demonstrated a much improved diagnosis.

• Applied Microscopy
• /
• v.46 no.2
• /
• pp.100-104
• /
• 2016

Electron microscopy is currently the only available technique with a spatial resolution sufficient to identify fine neuronal processes and synaptic structures in densely packed neuropil. For large-scale volume reconstruction of neuronal connectivity, serial block-face scanning electron microscopy allows us to acquire thousands of serial images in an automated fashion and reconstruct neural circuits faster by reducing the alignment task. Here we introduce the whole reconstruction procedure of synaptic network in the rat hippocampal CA1 area and discuss technical issues to be resolved for improving image quality and segmentation. Compared to the serial section transmission electron microscopy, serial block-face scanning electron microscopy produced much reliable three-dimensional data sets and accelerated reconstruction by reducing the need of alignment and distortion adjustment. This approach will generate invaluable information on organizational features of our connectomes as well as diverse neurological disorders caused by synaptic impairments.