• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.177-183
• /
• 2015

Cross Site Scripting enables hackers to steal other user's information (such as cookie, session etc.) or to do abnormal functions automatically using vulnerability of web application. This attack patterns of Cross Site Scripting(XSS) can be divided into two types. One is Reflect XSS which can be executed in one request for HTTP and its reply, and the other is Stored XSS which attacks those many victim users whoever access to the page which accepted the payload transmitted. To correspond to these XSS attacks, some measures have been suggested. They are data validation for user input, output validation during HTML encoding procedures, and removal of possible risk injection point to prevent from trying to insert malicious code into web application. In this paper, the methods and procedures for these two types are explained and a penetration testing is done. With these suggestions, the attack by XSS could be understood and prepared by its countermeasures.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.175-181
• /
• 2022

COVID-19 is an acute respiratory syndrome that affects the host's breathing and respiratory system. The novel disease's first case was reported in 2019 and has created a state of emergency in the whole world and declared a global pandemic within months after the first case. The disease created elements of socioeconomic crisis globally. The emergency has made it imperative for professionals to take the necessary measures to make early diagnoses of the disease. The conventional diagnosis for COVID-19 is through Polymerase Chain Reaction (PCR) testing. However, in a lot of rural societies, these tests are not available or take a lot of time to provide results. Hence, we propose a COVID-19 classification system by means of machine learning and transfer learning models. The proposed approach identifies individuals with COVID-19 and distinguishes them from those who are healthy with the help of Deep Visual Embeddings (DVE). Five state-of-the-art models: VGG-19, ResNet50, Inceptionv3, MobileNetv3, and EfficientNetB7, were used in this study along with five different pooling schemes to perform deep feature extraction. In addition, the features are normalized using standard scaling, and 4-fold cross-validation is used to validate the performance over multiple versions of the validation data. The best results of 88.86% UAR, 88.27% Specificity, 89.44% Sensitivity, 88.62% Accuracy, 89.06% Precision, and 87.52% F1-score were obtained using ResNet-50 with Average Pooling and Logistic regression with class weight as the classifier.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.7
• /
• pp.2752-2768
• /
• 2020

Phishing websites can have devastating effects on governmental, financial, and social services, as well as on individual privacy. Currently, many phishing detection solutions are evaluated using small datasets and, thus, are prone to sampling issues, such as representing legitimate websites by only high-ranking websites, which could make their evaluation less relevant in practice. Phishing detection solutions which depend only on the URL are attractive, as they can be used in limited systems, such as with firewalls. In this paper, we present a URL-only phishing detection solution based on a convolutional neural network (CNN) model. The proposed CNN takes the URL as the input, rather than using predetermined features such as URL length. For training and evaluation, we have collected over two million URLs in a massive URL phishing detection (MUPD) dataset. We split MUPD into training, validation and testing datasets. The proposed CNN achieves approximately 96% accuracy on the testing dataset; this accuracy is achieved with URL schemes (such as HTTP and HTTPS) removed from the URL. Our proposed solution achieved better accuracy compared to an existing state-of-the-art URL-only model on a published dataset. Finally, the results of our experiment suggest keeping the CNN up-to-date for better results in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1421-1433
• /
• 2015

For an accurate analysis through the forensic of digital devices and computer, it is a very important validation of the reliability of digital forensic tools. To verify the reliability of the tool, it is necessary to research and development of the data set to be input to the tool. In many-used Windows operating system of the computer, there is a Window forensic artifacts associated with time and system behavior. In this paper, we developed a set of data in the Windows operating system to be able to analyze all of the two Windows artifacts and we conducted a test with published digital forensic tools. Therefore, the developed data set presents the use of the following method. First, artefacts education for growing ability can be analyzed acts standards. Secondly, the purpose of tool tests for verifying the reliability of digital forensics. Lastly, recyclability for new artifact analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1197-1207
• /
• 2018

PowerShell is command line shell and scripting language, built on the .NET framework, and it has several advantages as an attack tool, including built-in support for Windows, easy code concealment and persistence, and various pen-test frameworks. Accordingly, malwares using PowerShell are increasing rapidly, however, there is a limit to cope with the conventional malware detection technique. In this paper, we propose an improved monitoring method to observe commands executed in the PowerShell and a deep learning based malware classification model that extract features from commands using Convolutional Neural Network(CNN) and send them to Recurrent Neural Network(RNN) according to the order of execution. As a result of testing the proposed model with 5-fold cross validation using 1,916 PowerShell-based malwares collected at malware sharing site and 38,148 benign scripts disclosed by an obfuscation detection study, it shows that the model effectively detects malwares with about 97% True Positive Rate(TPR) and 1% False Positive Rate(FPR).

• The Journal of Information Systems
• /
• v.27 no.4
• /
• pp.1-33
• /
• 2018

Purpose The purpose of this study is to review topic and survey methodological trends in 'The Journal of Information Systems' in order to present the practical guidelines for the future IS research. By attempting to conduct a meta-analysis on both topic and survey methodological trends, this study could provide researchers wishing to pursue this line of work further with what can be done to improve IS disciplines. Design/methodology/approach In this study, we have reviewed 185 papers that were published in 'The Journal of Information Systems' from 2010 to 2018 and classified them based on topics studied and survey methodologies used. The classification guidelines, which was developed by Palvia et al.(2015), has been used to capture the topic trends. We have also employed Struab et al.(2004)s' guidelines for securing rigor of validation issues. By using two guidelines, this study could also present topic and rigor trends in 'The Journal of Information Systems' and compare them to those trends in International Journals. Findings Our findings have identified dominant research topics in 'The Journal of Information Systems'; 1) social media and social computing, 2) IS usage and adoption, 3) mobile computing, 4) electronic commerce/business, 5) security and privacy, 6) supply chain management, 7) innovation, 8) knowledge management, and 9) IS management and planning. This study also could offer researchers who pursue this line of work further practical guidelines on mandatory (convergent and discriminant validity, reliability, and statistical conclusion validity), highly recommended (common method bias testing), and optional validations (measurement invariance testing for subgroup analysis, bootstrapping methods for testing mediating effects).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.6
• /
• pp.3032-3042
• /
• 2013

Multimedia Broadcast communication convergence services are broadcast communication convergence services new form that combines a platform technology for driving the application services of various media-related Internet and TV devices. It is possible to mounted the embedded OS of TV existing technology and to support a variety of smart application services to a TV technology evolved form equipped with various platforms on the OS. The services that are fused in this way, multi-media broadcasting communication convergence new services Open IPTV, Smart TV, mobile IPTV, and N-screen, are services actively focusing on three companies domestic services. However, in order to use the software to connect to the Internet for the provision of services, is inherent software vulnerabilities or the Internet. These vulnerabilities can lead to serious security incidents. Therefore, in this paper, or be able to derive the potential security threats that occur in multimedia broadcasting service environment based on security threats and vulnerabilities of existing threats lead to such security incidents in fact, the security it was carried out through a mock hacking validation for threats. It was also suggested necessary technical security measures that can be protect against security threats revealed by using the verification result through the penetration testing. Has been presented countermeasures in fusion communication service environment of multimedia broadcasting by using these results.

• Safety and Health at Work
• /
• v.2 no.2
• /
• pp.169-175
• /
• 2011

Objectives: The questionnaire of occupational stress index (OSI) has been popular in the workplace, and it has been tailored for bus drivers in Taiwan. Nevertheless, its outcomes for participants are based on self-evaluations, thus validation by their physiological stress biomarker is warranted and this is the main goal of this study. Methods: A cross-sectional study of sixty-three city bus drivers and fifty-four supporting staffs for comparison was conducted. Questionnaire surveys, 24-hour urine cortisol testing, and blood draws for dehydroepiandrosterone-sulfate (DHEA-S) testing were performed. The measured concentrations of these biological measures were logarithmically transformed before the statistical analysis where various scores of stressor factors, moderators, and stress effects of each OSI domain were analyzed by applying multiple linear regression models. Results: For drivers, the elevated 24-hour urine cortisol level was associated with a worker's relationship with their supervisor and any life change events in the most recent 3 months. The DHEA-S level was higher in drivers of younger age as well as drivers with more concerns relating to their salary and bonuses. Non-drivers showed no association between any stressor or satisfaction and urine cortisol and blood DHEA-S levels. Conclusion: Measurements of biomarkers may offer additional stress evaluations with OSI questionnaires for bus drivers. Increased DHEA-S and cortisol levels may result from stressors like income security. Prevention efforts towards occupational stress and life events and health promotional efforts for aged driver were important anti-stress remedies.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.294-302
• /
• 2022

Detection of fake news is a complex and a challenging task. Generation of fake news is very hard to stop, only steps to control its circulation may help in minimizing its impacts. Humans tend to believe in misleading false information. Researcher started with social media sites to categorize in terms of real or fake news. False information misleads any individual or an organization that may cause of big failure and any financial loss. Automatic system for detection of false information circulating on social media is an emerging area of research. It is gaining attention of both industry and academia since US presidential elections 2016. Fake news has negative and severe effects on individuals and organizations elongating its hostile effects on the society. Prediction of fake news in timely manner is important. This research focuses on detection of fake news spreaders. In this context, overall, 6 models are developed during this research, trained and tested with dataset of PAN 2020. Four approaches N-gram based; user statistics-based models are trained with different values of hyper parameters. Extensive grid search with cross validation is applied in each machine learning model. In N-gram based models, out of numerous machine learning models this research focused on better results yielding algorithms, assessed by deep reading of state-of-the-art related work in the field. For better accuracy, author aimed at developing models using Random Forest, Logistic Regression, SVM, and XGBoost. All four machine learning algorithms were trained with cross validated grid search hyper parameters. Advantages of this research over previous work is user statistics-based model and then ensemble learning model. Which were designed in a way to help classifying Twitter users as fake news spreader or not with highest reliability. User statistical model used 17 features, on the basis of which it categorized a Twitter user as malicious. New dataset based on predictions of machine learning models was constructed. And then Three techniques of simple mean, logistic regression and random forest in combination with ensemble model is applied. Logistic regression combined in ensemble model gave best training and testing results, achieving an accuracy of 72%.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.125-134
• /
• 2024

The novel coronavirus 2019 is called COVID-19 has outspread swiftly worldwide. An early diagnosis is more important to control its quick spread. Medical imaging mechanics, chest calculated tomography or chest X-ray, are playing a vital character in the identification and testing of COVID-19 in this present epidemic. Chest X-ray is cost effective method for Covid-19 detection however the manual process of x-ray analysis is time consuming given that the number of infected individuals keep growing rapidly. For this reason, it is very important to develop an automated COVID-19 detection process to control this pandemic. In this study, we address the task of automatic detection of Covid-19 by using a popular deep learning model namely the VGG19 model. We used 1300 healthy and 1300 confirmed COVID-19 chest X-ray images in this experiment. We performed three experiments by freezing different blocks and layers of VGG19 and finally, we used a machine learning classifier SVM for detecting COVID-19. In every experiment, we used a five-fold cross-validation method to train and validated the model and finally achieved 98.1% overall classification accuracy. Experimental results show that our proposed method using the deep learning-based VGG19 model can be used as a tool to aid radiologists and play a crucial role in the timely diagnosis of Covid-19.