• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.711-718
• /
• 2004

Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.3
• /
• pp.262-266
• /
• 2020

In this paper, we proposed an effective technique for hiding the watermark in the LSB of a color image by applying spatial encryption techniques. Even if the watermark hidden in the LSB of the image is extracted, the information of the extracted watermark cannot be decrypted because the watermark is encrypted using various spatial encryption techniques. Therefore, if the watermark is concealed in the LSB using the spatial encryption techniques proposed in this paper, the security is greatly improved compared to the existing technique of embedding the watermark in the LSB. When watermarking is performed by applying the proposed technique, the image quality of the watermark-concealed image is very good, so it is impossible to distinguish it from the original image, and the watermark, which is confidential data, can be extracted from the watermarked image without loss. The performance of the proposed technique was mathematically analyzed and the superiority of the proposed technique was confirmed through experiments. When the watermark was concealed by applying the proposed technique to Lenna, airplane, Tiffany, and pepper images having a size of 512×512, the PSNR values of the watermarked images were 53.91dB, 54.10dB, 54.09dB, and 54.13dB, respectively.

• Journal of KIISE:Databases
• /
• v.36 no.2
• /
• pp.63-72
• /
• 2009

Digital forensics refers to finding electronic evidences related to crimes. As cyber crimes are increasing daily, digital forensics for finding electronic evidences is also becoming important. At present, various aspects of digital forensics have being researched including the overall process model and analysis techniques such as network forensics, system forensics and database forensics for digital forensics. Regarding database forensics, only analysis techniques dependent on specific vendors have been suggested. And general process models and analysis techniques which can be used in various databases have not been studied. This paper proposes an integrated process model and analysis technique for database forensics. The proposed database forensics model (DFM) allows us to solve problems and analyze databases according to the situation and purpose, and to use a standard model and techniques for various database analyses. In order to test our model(DFM), we applied it to various database analyses. And we confirmed the results of our experiment that it can be applicable to acquisition in the scene as well as analysis of data relationships.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2698-2717
• /
• 2019

This paper proposes a multi-stage encryption technique to enhance the level of secrecy of image to facilitate its secured transmission through the public network. A great number of researches have been done on image secrecy. The existing image encryption techniques like visual cryptography (VC), steganography, watermarking etc. while are applied individually, usually they cannot provide unbreakable secrecy. In this paper, through combining several separate techniques, a hybrid multi-stage encryption technique is proposed which provides nearly unbreakable image secrecy, while the encryption/decryption time remains almost the same of the exiting techniques. The technique consecutively exploits VC, steganography and one time pad (OTP). At first it encrypts the input image using VC, i.e., splits the pixels of the input image into multiple shares to make it unpredictable. Then after the pixel to binary conversion within each share, the exploitation of steganography detects the least significant bits (LSBs) from each chunk within each share. At last, OTP encryption technique is applied on LSBs along with randomly generated OTP secret key to generate the ultimate cipher image. Besides, prior to sending the OTP key to the receiver, first it is converted from binary to integer and then an asymmetric cryptosystem is applied to encrypt it and thereby the key is delivered securely. Finally, the outcome, the time requirement of encryption and decryption, the security and statistical analyses of the proposed technique are evaluated and compared with existing techniques.

• Asia-Pacific Journal of Business
• /
• v.13 no.3
• /
• pp.293-309
• /
• 2022

Purpose - The purpose of this study is to explore the possibility of predicting the degree of smartphone overdependence based on mobile phone usage patterns. Design/methodology/approach - In this study, a survey conducted by Korea Internet and Security Agency(KISA) called "problematic smartphone use survey" was analyzed. The survey consists of 180 questions, and data were collected from 29,712 participants. Based on the data on the smartphone usage pattern obtained through the questionnaire, the smartphone addiction level was predicted using machine learning techniques. k-NN, gradient boosting, XGBoost, CatBoost, AdaBoost and random forest algorithms were employed. Findings - First, while various factors together influence the smartphone overdependence level, the results show that all machine learning techniques perform well to predict the smartphone overdependence level. Especially, we focus on the features which can be obtained from the smartphone log data (without psychological factors). It means that our results can be a basis for diagnostic programs to detect problematic smartphone use. Second, the results show that information on users' age, marriage and smartphone usage patterns can be used as predictors to determine whether users are addicted to smartphones. Other demographic characteristics such as sex or region did not appear to significantly affect smartphone overdependence levels. Research implications or Originality - While there are some studies that predict smartphone overdependence level using machine learning techniques, but the studies only present algorithm performance based on survey data. In this study, based on the information gain measure, questions that have more influence on the smartphone overdependence level are presented, and the performance of algorithms according to the questions is compared. Through the results of this study, it is shown that smartphone overdependence level can be predicted with less information if questions about smartphone use are given appropriately.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.9-23
• /
• 2020

Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

• Convergence Security Journal
• /
• v.15 no.3_2
• /
• pp.59-70
• /
• 2015

This study aims at exploring relation of social security network building, civil culture and community unity. To achieve the purpose, this study selected the general citizens in Seoul Region (Gangdong, Gangseo, Gangnam and Gangbuk) from Jul. 15 to Sept. 15, 2014 as population and sampled 400 people using cluster random sampling. Excluding unhonest data, the number of cases used for the final analysis is 337 people. The collected data were analyzed for the study purpose using SPSSWIN 18.0, as statistical techniques, factor analysis, reliability analysis, correlation analysis, t-test, one-way ANOVA, multiple regression analysis, path analysis etc. were used. First, social security network building has an effect on civil culture. That is, the more activated voluntary crime prevention activity, the higher order law-abiding spirit. The more activated local government security education, police public order service, the higher awareness of participation becomes. First, social security network building has an effect on civil culture. That is, the more activated voluntary crime prevention activity, the higher order law-abiding spirit. The more activated local government security education, police public order service, the higher awareness of participation becomes. The more activated voluntary crime prevention activity, street CCTV facilities, police public order service, the higher tolerance spirit becomes. On the contrary, street CCTV facilities reduce citizens' autonomy. Second, social security network building has an effect on community unity. The more activated street CCTV facilities, police public order service, crime prevention design, the higher a sense of stability becomes. The more activated local government security education, police public order service, crime prevention design, the higher awareness of community becomes. The more activated voluntary crime prevention activity, government security education, police public order service, crime prevention design, the higher community institution becomes. Third, civil culture has an effect on community unity. That is, the more activated awareness of community, tolerance spirit, the higher a sense of stability, awareness of community and community system become. Fourth, social security network building has an effect on civil culture and community unity. That is, social security network building has a low effect community institution directly, but if civil culture is enhanced through social security network building, then it has a high effect on community unity.

• Korean Security Journal
• /
• no.42
• /
• pp.7-36
• /
• 2015

This study aims at analyzing difference of social Security network, Community unity and local government trust according to socio-demographical features, exploring the relation of social Security network, Community unity and local government trust according to socio-demographical features, presenting results between each variable as a model and verifying the property of mutual ones. This study sampled general citizens in Gwangju for about 15 days Aug. 15 through Aug. 30, 2014, distributed total 450 copies using cluster random sampling, gathered 438 persons, 412 persons of whom were used for analysis. This study verified the validity and credibility of the questionnaire through an experts' meeting, preliminary test, factor analysis and credibility analysis. The credibility of questionnaire was ${\alpha}=.809{\sim}{\alpha}=.890$. The inout data were analyzed by study purpose using SPSSWIN 18.0, as statistical techniques, factor analysis, credibility analysis, correlation analysis, independent sample t verification, ANOVA, multi-regression analysis, path analysis etc. were used. the findings obtained through the above study methods are as follows. First, building a social Security network has an effect on Community institution. That is, the more activated a, the higher awareness on institution. the more activated street CCTV facilities, anti-crime design, local government Security education, the higher the stability. Second, building a social Security network has an effect on trust of local government. That is, the activated local autonomous anti-crime activity, anti-crime design. local government's Security education, police public oder service, the more increased trust of policy, service management, busines performance. Third, Community unity has an effect on trust of local government. That is, the better Community institution is achieved, the higher trust of policy. Also the stabler Community institution, the higher trust of business performance. Fourth, building a social Security network has a direct or indirect effect on Community unity and local government trust. That is, social Security network has a direct effect on trust of local government, but it has a higher effect through Community unity of parameter. Such results showed that Community unity in Gwangju Region is an important factor, which means it is an important variable mediating building a social Security network and trust of local government. To win trust of local residents, we need to prepare for various cultural events and active communication space and build a social Security network for uniting them.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.4
• /
• pp.975-983
• /
• 1998

In these days, information communication systems are based on both open distributed computing technologies and object-oriented techniques like inheritance, encapsulation and object reuse to support various system configuration and application. As information systems are interconnected through unsecure networks, the need for the secure information exchange is more critical than before. In this paper, we have designed and implemented a transparent CORBA-basce Security infrastructure with authentication, security context association, access control and security information management to support a secure applications in distributed object environment. SESAME Ver. 4 was adopted as an external security service to manage user privilege attributes and to distribute keys for data encryption, decryption and integrity. Using filter and transformer with an interface to Object Request Broker, it provides a transparent security service to applications. The filter objects are special classes that allow additional parameters to be inserted into messages before they are sent and removed just after they are received. The transformer objects are special classes that allow direct access to the byte stream of every messages for encryption and decryption before it is sent and just after it is received. This study is to implement the access control interceptor(ACI) and the secure invocation interceptor(SII) of secure ORB defined in CORBA using filter and transformer.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.785-802
• /
• 2017

As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.