• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.305-318
• /
• 2023

The complexity of software products led many manufacturers to stitch open-source software for composing a product. Using open-source help reduce the development cost, but the difference in the different development life cycles makes it difficult to keep the product up-to-date. For this reason, even the patches for known vulnerabilities are not adopted quickly enough, leaving the entire product under threat. Existing studies propose to use binary differentiation techniques to determine if a product is left vulnerable against a particular vulnerability. Despite their effectiveness in finding real-world vulnerabilities, they often fail to locate the evidence of a vulnerability if it is a small function that usually is inlined at compile time. This work presents our tool FunRank which is designed to identify the short functions. Our experiments using synthesized and real-world software products show that FunRank can identify the short, inlined functions that suggest that the program is left vulnerable to a particular vulnerability.

• Journal of Korean Society of Disaster and Security
• /
• v.15 no.4
• /
• pp.11-20
• /
• 2022

The general non-destructive inspection method for anchor bolts in Korea applies visual inspection and hammering inspection, but it is difficult to check corrosion or fatigue cracks of anchor bolts in the part included in the foundation or in the part where the nut and base plate are installed. In reality, objective investigation is difficult because inspection is affected by the surrounding environment and individual differences, so it is necessary to develop non-destructive inspection technology that can quantitatively estimate these defects. Inspection of the anchor bolts of domestic road facilities is carried out by visual inspection, and since the importance of anchor bolts such as bridge bearings and fall prevention facilities is high, the life span of bridges is extended through preventive maintenance by developing non-destructive testing technology along with existing inspection methods. Through the development of this technology, non-destructive testing of anchor bolts is performed and as a technology capable of preemptive/active maintenance of anchor bolts for road facilities, practical use is urgently needed. In this paper, the possibility of detecting defects in anchor bolts such as corrosion and cracks and reliability were experimentally verified by applying the ultrasonic test among non-destructive inspection techniques. When the technology development is completed, it is expected that it will be possible to realize preemptive/active maintenance of anchor bolts by securing source technology for improving inspection reliability.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.47-54
• /
• 2023

The global popularity of K-content(Korean Wave) has led to a continuous increase in copyright infringement cases involving domestic works, not only within the country but also overseas. In response to this trend, there is active research on technologies for detecting illegal distribution sites of domestic copyrighted materials, with recent studies utilizing the characteristics of domestic illegal distribution sites that often include a significant number of advertising banners. However, the application of detection techniques similar to those used domestically is limited for overseas illegal distribution sites. These sites may not include advertising banners or may have significantly fewer ads compared to domestic sites, making the application of detection technologies used domestically challenging. In this study, we propose a detection technique based on the similarity comparison of links and text trees, leveraging the characteristic of including illegal sharing posts and images of copyrighted materials in a similar hierarchical structure. Additionally, to accurately compare the similarity of large-scale trees composed of a massive number of links, we utilize Graph Neural Network (GNN). The experiments conducted in this study demonstrated a high accuracy rate of over 95% in classifying regular sites and sites involved in the illegal distribution of copyrighted materials. Applying this algorithm to automate the detection of illegal distribution sites is expected to enable swift responses to copyright infringements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.207-216
• /
• 2024

As big data was built due to the 4th Industrial Revolution, personalized services increased rapidly. As a result, the amount of personal information collected from online services has increased, and concerns about users' personal information leakage and privacy infringement have increased. Online service providers provide privacy policies to address concerns about privacy infringement of users, but privacy policies are often misused due to the long and complex problem that it is difficult for users to directly identify risk items. Therefore, there is a need for a method that can automatically check whether the privacy policy is safe. However, the safety verification technique of the conventional blacklist and machine learning-based privacy policy has a problem that is difficult to expand or has low accessibility. In this paper, to solve the problem, we propose a safety verification technique for the privacy policy using the GPT-3.5 API, which is a generative artificial intelligence. Classification work can be performed evenin a new environment, and it shows the possibility that the general public without expertise can easily inspect the privacy policy. In the experiment, how accurately the blacklist-based privacy policy and the GPT-based privacy policy classify safe and unsafe sentences and the time spent on classification was measured. According to the experimental results, the proposed technique showed 10.34% higher accuracy on average than the conventional blacklist-based sentence safety verification technique.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.127-134
• /
• 2024

The article highlights the problems of the digitalization of the educational process, which affect the pedagogical cluster and are of a psychological nature. The authors investigate the transformational changes in education in general and the individual beliefs of each subject of the educational process, caused by both the change in the format of learning (distance, mixed), and the use of new technologies (digital, communication). The purpose of the article is to identify the strategic trend of the educational process, which is a synergistic combination of pedagogical methodology and psychological practice and avoiding dialectical opposition of these components of the educational space. At the same time, it should be noted that the introduction of digital technologies in the educational process allows for short-term difficulties, which is a usual phenomenon for innovations in the educational sphere. Consequently, there is a need to differentiate the fundamental problems and temporary shortcomings that are inherent in the new format of learning (pedagogical features). Based on the awareness of this classification, it is necessary to develop psychological techniques that will prevent a negative reaction to the new models of learning and contribute to a painless moral and spiritual adaptation to the realities of the present (psychological characteristics). The methods used in the study are divided into two main groups: general-scientific, which investigates the pedagogical component (synergetic, analysis, structural and typological methods), and general-scientific, which are characterized by psychological direction (dialectics, observation, and comparative analysis). With the help of methods disclosed psychological and pedagogical features of the process of digitalization of education in a mixed learning environment. The result of the study is to develop and carry out methodological constants that will contribute to the synergy for the new pedagogical components (digital technology) and the psychological disposition to their proper use (awareness of the effectiveness of new technologies). So, the digitalization of education has demonstrated its relevance and effectiveness in the pedagogical dimension in the organization of blended and distance learning under the constraints of the COVID-19 pandemic. The task of the psychological cluster is to substantiate the positive aspects of the digitalization of the educational process.

• Smart Media Journal
• /
• v.13 no.1
• /
• pp.36-44
• /
• 2024

Metaverse is attracting attention as the development of virtual environment technology and the emergence of untact culture due to the COVID-19 pandemic. In this study, by analyzing users' reviews on the "Zepeto" application, which has recently attracted attention as a metaverse service, we tried to confirm changes in the requirements for the metaverse after the COVID-19 pandemic. To this end, 109,662 reviews of "Zepeto" applications written on the Google Play Store from September 2018 to March 2023 were collected, topics were extracted using LDA topic modeling technique, and topics were analyzed using the Causal Impact technique to examine how topics changed before and after based on "March 11, 2020" when the COVID-19 pandemic was declared. As a result of the analysis, five topics were extracted: application functional problems (topic1), security problems (topic 2), complaints about cryptocurrency (Zem) in the application (topic 3), application performance (topic 4), and personal information-related problems (topic 5). Among them, it was confirmed that security problems (topic 2) were most affected by the COVID-19 pandemic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.115-127
• /
• 2024

The recent increase in digital audio media has greatly expanded the size and diversity of sound data, which has increased the importance of sound data analysis in the digital forensics process. However, the lack of standardized procedures and guidelines for sound data analysis has caused problems with the consistency and reliability of analysis results. The digital environment includes a wide variety of audio formats and recording conditions, but current audio forensic methodologies do not adequately reflect this diversity. Therefore, this study identifies Life-Cycle-based sound data elemental technologies and provides overall guidelines for sound data analysis so that effective analysis can be performed in all situations. Furthermore, the identified elemental technologies were analyzed for use in the development of digital forensic techniques for sound data. To demonstrate the effectiveness of the life-cycle-based sound data elemental technology identification system presented in this study, a case study on the process of developing an emergency retrieval technology based on sound data is presented. Through this case study, we confirmed that the elemental technologies identified based on the Life-Cycle in the process of developing digital forensic technology for sound data ensure the quality and consistency of data analysis and enable efficient sound data analysis.

• International Journal of Computer Science & Network Security
• /
• v.24 no.9
• /
• pp.30-40
• /
• 2024

Building an accurate 3-D spatial road network model has become an active area of research now-a-days that profess to be a new paradigm in developing Smart roads and intelligent transportation system (ITS) which will help the public and private road impresario for better road mobility and eco-routing so that better road traffic, less carbon emission and road safety may be ensured. Dealing with such a large scale 3-D road network data poses challenges in getting accurate elevation information of a road network to better estimate the CO₂ emission and accurate routing for the vehicles in Internet of Vehicle (IoV) scenario. Clustering and regression techniques are found suitable in discovering the missing elevation information in 3-D spatial road network dataset for some points in the road network which is envisaged of helping the public a better eco-routing experience. Further, recently Explainable Artificial Intelligence (xAI) draws attention of the researchers to better interprete, transparent and comprehensible, thus enabling to design efficient choice based models choices depending upon users requirements. The 3-D road network dataset, comprising of spatial attributes (longitude, latitude, altitude) of North Jutland, Denmark, collected from publicly available UCI repositories is preprocessed through feature engineering and scaling to ensure optimal accuracy for clustering and regression tasks. K-Means clustering and regression using Support Vector Machine (SVM) with radial basis function (RBF) kernel are employed for 3-D road network analysis. Silhouette scores and number of clusters are chosen for measuring cluster quality whereas error metric such as MAE ( Mean Absolute Error) and RMSE (Root Mean Square Error) are considered for evaluating the regression method. To have better interpretability of the Clustering and regression models, SHAP (Shapley Additive Explanations), a powerful xAI technique is employed in this research. From extensive experiments , it is observed that SHAP analysis validated the importance of latitude and altitude in predicting longitude, particularly in the four-cluster setup, providing critical insights into model behavior and feature contributions SHAP analysis validated the importance of latitude and altitude in predicting longitude, particularly in the four-cluster setup, providing critical insights into model behavior and feature contributions with an accuracy of 97.22% and strong performance metrics across all classes having MAE of 0.0346, and MSE of 0.0018. On the other hand, the ten-cluster setup, while faster in SHAP analysis, presented challenges in interpretability due to increased clustering complexity. Hence, K-Means clustering with K=4 and SVM hybrid models demonstrated superior performance and interpretability, highlighting the importance of careful cluster selection to balance model complexity and predictive accuracy.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.10
• /
• pp.69-75
• /
• 2024

Noise caused by adverse weather conditions in data collected during autonomous driving can lead to object recognition errors, potentially resulting in critical accidents. While this risk is widely acknowledged, there is a lack of research that quantitatively and systematically analyzes it. Therefore, this study aims to examine and quantify the extent to which noise affects object detection in autonomous driving environments. To this end, we utilized the YOLO v5 model trained on unprocessed datasets. The test data were divided into noise ratios of 0% (Original), 20%, 40%, 60%, and 80%, and the detection results were evaluated by constructing a Confusion Matrix. Experimental results show that as the noise ratio increases, the True Positive (TP) rate decreases, and the F1-score also significantly drops across all noise levels, specifically from 0.69 to 0.47, 0.29, 0.18, and 0.14. These findings are expected to contribute to enhancing the stability of autonomous driving technology. Future research will focus on collecting real datasets that include naturally occurring noise and developing more effective noise removal techniques.