• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2023

With the popularization of digital devices in the era of the 4th industrial revolution and the increase in cyber crimes targeting them, the importance of securing digital data evidence is emerging. However, the difficulty in securing digital data evidence is due to the use of anti-forensic techniques that increase analysis time or make it impossible, such as manipulation, deletion, and obfuscation of digital data. Such anti-forensic is defined as a series of actions to damage and block evidence in terms of digital forensics, and is classified into data destruction, data encryption, data concealment, and data tampering as anti-forensic techniques. Therefore, in this study, anti-forensic techniques are categorized into data concealment and deletion (obfuscation and encryption), investigate and analyze recent research trends, and suggest future anti-forensic research directions.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.117-123
• /
• 2023

To detect advanced ransomware attacks with machine learning-based models, the classification model must train learning data with high-dimensional feature space. And in this case, a 'curse of dimension' phenomenon is likely to occur. Therefore, dimensionality reduction of features must be preceded in order to increase the accuracy of the learning model and improve the execution speed while avoiding the 'curse of dimension' phenomenon. In this paper, we conducted classification of ransomware by applying three machine learning models and two feature extraction techniques to two datasets with extremely different dimensions of feature space. As a result of the experiment, the feature dimensionality reduction techniques did not significantly affect the performance improvement in binary classification, and it was the same even when the dimension of featurespace was small in multi-class clasification. However, when the dataset had high-dimensional feature space, LDA(Linear Discriminant Analysis) showed quite excellent performance.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.61-70
• /
• 2023

Clustering is an unsupervised learning method that involves grouping data based on features such as distance metrics, using data without known labels or ground truth values. This method has the advantage of being applicable to various types of data, including images, text, and audio, without the need for labeling. Traditional clustering techniques involve applying dimensionality reduction methods or extracting specific features to perform clustering. However, with the advancement of deep learning models, research on deep clustering techniques using techniques such as autoencoders and generative adversarial networks, which represent input data as latent vectors, has emerged. In this study, we propose a deep clustering technique based on deep learning. In this approach, we use an autoencoder to transform the input data into latent vectors, and then construct a vector space according to the cluster structure and perform k-means clustering. We conducted experiments using the MNIST and Fashion-MNIST datasets in the PyTorch machine learning library as the experimental environment. The model used is a convolutional neural network-based autoencoder model. The experimental results show an accuracy of 89.42% for MNIST and 56.64% for Fashion-MNIST when k is set to 10.

• Korean Security Journal
• /
• no.13
• /
• pp.487-505
• /
• 2007

This study is to examine relations between the number of occurrence of big five critical crimes that consist of homicide, robbery, rape, theft, violence and the number of the security companies and the security guards, and between the number of the security companies, the security guards and the number of arrests from the big five critical crimes. To achieve this objective, this research selects a subject of study, the number of the security companies and security guards, and the number of occurrences of the big five critical crimes and arrests of the big five crimes from 1990 to 2005. The selected data are then analyzed according to the variables using SPSS 12.0. Each hypothesis is verified with the level of significance ${\alpha}$=.05 using the statistical techniques such as Correlation Analysis, Regression Analysis, etc. The following is the result of the study: First, the number of occurrences of the big five critical crimes affects the number of the security companies at a significant level. Second, the number of the security companies affects the number of arrests of the big five crime at a significant level.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• Journal of Information Processing Systems
• /
• v.20 no.4
• /
• pp.558-573
• /
• 2024

Considering factors such as illumination, camera quality variations, and background-specific variations, identifying a face using a smartphone-based facial image capture application is challenging. Face Image Quality Assessment refers to the process of taking a face image as input and producing some form of "quality" estimate as an output. Typically, quality assessment techniques use deep learning methods to categorize images. The models used in deep learning are shown as black boxes. This raises the question of the trustworthiness of the models. Several explainability techniques have gained importance in building this trust. Explainability techniques provide visual evidence of the active regions within an image on which the deep learning model makes a prediction. Here, we developed a technique for reliable prediction of facial images before medical analysis and security operations. A combination of gradient-weighted class activation mapping and local interpretable model-agnostic explanations were used to explain the model. This approach has been implemented in the preselection of facial images for skin feature extraction, which is important in critical medical science applications. We demonstrate that the use of combined explanations provides better visual explanations for the model, where both the saliency map and perturbation-based explainability techniques verify predictions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.803-810
• /
• 2017

Recently, social security problems have been caused by the development of the software industry, and a variety of automation techniques have been used to verify software stability. In this paper, we propose a method of automatically detecting a use-after-free vulnerability on Windows system calls using dynamic symbolic execution, one of the software testing methods. First, a static analysis based pattern search is performed to select a target point. Based on the detected pattern points, we apply an induced path search technique that blocks branching to areas outside of interest. Through this, we overcome limitations of existing dynamic symbolic performance technology and verify whether vulnerability exists at actual target point. As a result of applying the proposed method to the Windows system call, it is confirmed that the use-after-free vulnerability, which had previously to be manually analyzed, can be detected by the proposed automation technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.903-910
• /
• 2016

As smart mobile devices having touchscreens are growingly deployed, a pattern lock system, which is one of the graphical password systems, has become a major authentication mechanism. However, a user's unlocking behaviour leaves smudges on a touchscreen and they are vulnerable to the so-called smudge attacks. Smudges can help an adversary guess a secret pattern correctly. Several advanced pattern lock systems, such as TinyLock, have been developed to resist the smudge attacks. In this paper, we study an automated smudge attack that employs machine learning techniques and its effectiveness in comparison to the human-only smudge attacks. We also compare Android pattern lock and TinyLock schemes in terms of security. Our study shows that the automated smudge attacks are significantly advanced to the human-only attacks with regard to a success ratio, and though the TinyLock system is more secure than the Android pattern lock system.