• International Journal of Internet, Broadcasting and Communication
• /
• v.7 no.2
• /
• pp.149-154
• /
• 2015

Biometric techniques for authentication using body parts such as a fingerprint, face, iris, voice, finger-vein and also photoplethysmography have become increasingly important in the personal security field, including door access control, finance security, electronic passport, and mobile device. Finger-vein images are now used to human identification, however, difficulties in recognizing finger-vein images are caused by capturing under various conditions, such as different temperatures and illumination, and noise in the acquisition camera. The human photoplethysmography is also important signal for human identification. In this paper To increase the recognition rate, we develop camera based identification method by combining finger vein image and photoplethysmography signal. We use a compact CMOS camera with a penetrating infrared LED light source to acquire images of finger vein and photoplethysmography signal. In addition, we suggest a simple pattern matching method to reduce the calculation time for embedded environments. The experimental results show that our simple system has good results in terms of speed and accuracy for personal identification compared to the result of only finger vein images.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.65-73
• /
• 2014

Recently, the Internet of things has become issue as the new techniques the cloud computing and the grid computing etc. The Internet of Things is can grow even more that utilization of the range with the development of smart devices. and it has a lot of interest in several industries. In these circumstances, By analyzing the technologies and trends in the Internet of Things, I think you are ready to adapt to future IT field when needed. therefore, this paper are analyzed a various technologies and a case studies of the Internet of things, and it is expected to be used as the road map and material to build environment of the Internet of things in the future.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.19-26
• /
• 2014

Mobile malicious code is typically spread by the worm, and although modeling techniques to analyze the dispersion characteristics of the worms have been proposed, only macroscopic analysis was possible while there are limitations in predicting on certain viruses and malicious code. In this paper, prediction methods have been proposed which was based on Markov chain and is able to predict the occurrence of future malicious code by utilizing the past malicious code data. The average value of the malicious code to be applied to the prediction model of Markov chain model was applied by classifying into three categories of the total average, the last year average, and the recent average (6 months), and it was verified that malicious code prediction possibility could be increased by comparing the predicted values obtained through applying, and applying the recent average (6 months).

• Journal of Information Processing Systems
• /
• v.12 no.3
• /
• pp.422-435
• /
• 2016

Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today's cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.576-599
• /
• 2013

Protocol reverse engineering is useful for many security applications, including intelligent fuzzing, intrusion detection and fingerprint generation. Since manual reverse engineering is a time-consuming and tedious process, a number of automatic techniques have been proposed. However, the accuracy of these techniques is limited due to the complexity of binary instructions, and the derived formats have missed constraints that are critical for security applications. In this paper, we propose a new approach for protocol format extraction. Our approach reasons about only the evaluation behavior of a program on the input message from concolic execution, and enables field identification and constraint inference with high accuracy. Moreover, it performs binary analysis with low complexity by reducing modern instruction sets to BIL, a small, well-specified and architecture-independent language. We have implemented our approach into a system called Icefex and evaluated it over real-world implementations of DNS, eDonkey, FTP, HTTP and McAfee ePO protocols. Experimental results show that our approach is more accurate and effective at extracting protocol formats than other approaches.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.83-92
• /
• 2017

Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker's workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker's intelligence, the intended information scope, and the attacker's location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.693-700
• /
• 2016

Analyzing characteristics of spam text messages had limitations since spam datasets are typically difficult to obtain publicly and previous studies focused on spam email. Although existing studies, such as through the use of spam e-mail characterization and utilization of data mining techniques, there are limitations that influence is limited to high spam detection techniques using a single word character. In this paper, we reveal the characteristics of the spam SMS based on experiment and analysis from different perspectives and propose coward analysis based spam SMS detection scheme with a publicly disclosed spam SMS from the University of Singapore. With the extensive performance evaluations, we show false positive and false negative of the proposed method is less than 2%.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.97-104
• /
• 2008

Recently, the wireless positioning techniques and mobile computing techniques have rapidly developed to use location data of moving objects. The more the number of moving objects is numerous and the more periodical sampling of locations is frequent, the more location data of moving objects become very large. Hence the system should be able to efficiently manage mass location data, support various spatio-temporal queries for LBS, and solve the uncertainty problem of moving objects. Therefore, in this paper, innovating the location data of moving object effectively, we propose Rend 3DR-tree method to decrease the dead space and complement the overlapping of nodes by utilizing 3DR-tree with the indexing structure to support indexing of current data and history data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1375-1382
• /
• 2019

The latest version of commercial protector, Themida, has been updated, it is impossible to apply a normalized unpacking mechanism from previous studies by disable the use of a virtual memory allocation that provides initial data to be tracked. In addition, compared to the previous version, which had many values that determined during execution and easy to track dynamically, it is difficult to track dynamically due to values determined at the time of applying the protector. We will look at how the latest version of Themida make it difficult to normalize the API wrapping process by adopted techniques and examine the possibilities of applying the unpacking techniques to further develop an automated unpacking system.

• Journal of Information Processing Systems
• /
• v.6 no.4
• /
• pp.481-500
• /
• 2010

The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.