• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.521-530
• /
• 2017

In this paper, we propose a protection solution against intelligent Ransomware attacks by encrypting not only source files but also backup files of external storage. The system is designed to automatically back up to the cloud server at the time of file creation to perform monitoring and blocking in case a specific process affects the original file. When client creates or saves a file, both process identifiers, parent process identifiers, and executable file hash values are compared and protected by the whitelist. The file format that is changed by another process is monitored and blocked to prevent from suspicious behavior. By applying the system proposed in this paper, it is possible to protect against damage caused by the modification or deletion of files by Ransomware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.871-879
• /
• 2020

Perceptual Ad-Blocking is a new advertising blocking technique that detects online advertising by using an artificial intelligence-based advertising image classification model. A recent study has shown that these Perceptual Ad-Blocking models are vulnerable to adversarial attacks using adversarial examples to add noise to images that cause them to be misclassified. In this paper, we prove that existing perceptual Ad-Blocking technique has a weakness for several adversarial example and that Defense-GAN and MagNet who performed well for MNIST dataset and CIFAR-10 dataset are good to advertising dataset. Through this, using Defense-GAN and MagNet techniques, it presents a robust new advertising image classification model for adversarial attacks. According to the results of experiments using various existing adversarial attack techniques, the techniques proposed in this paper were able to secure the accuracy and performance through the robust image classification techniques, and furthermore, they were able to defend a certain level against white-box attacks by attackers who knew the details of defense techniques.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.411-416
• /
• 2007

The General security method of wireless network provides a confidentiality of communication contents based on the cryptographic stability against a malicious host. However, this method exposes the logical and physical addresses of both sender and receiver, so transmission volume and identification of both may be exposed although concealing that content. Covered address scheme that this paper proposes generates an address to which knapsack problem using super increasing sequence is applied, and replaces the addresses of sender and receiver with addresses from super increasing sequence. Also, proposed method changes frequently secret addresses, so a malicious user cannot watch a target system or try to attack the specific host. Proposed method also changes continuously a host address that attacker takes aim at. Accordingly, an attacker who tries to use DDoS attack cannot decide the specific target system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1129-1140
• /
• 2017

Unidirectional data transmission system, which allows physical one way transmission, removes the backward link physically to prevent the intrusion from the outside through the network. However, the system is difficult to apply to the environment requiring either backward transmissions or bi-directional communications. In this paper, we proposed Limited Two-way communications system, called as LimTway, which only allows outbound TCP two-way communications. LimTway uses two one-way links(forward, backward). While the forward one-way link is staying to be activated so that an allowed outbound UDP traffic could be transmitted one-way always, the backward one-way link is activated while allowed outbound TCP sessions are established. In order to prevent the intrusion from the outside during the period, the software of LimTway is designed to allow only the transmissions of both outbound TCP two-way communication traffics and outbound UDP traffics.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.8
• /
• pp.1441-1447
• /
• 2008

It is possible to transfer huge data in mobile device by advancing mobile technology, and so in this base, various services are offered. Especially, E-commerce service is offering on mobile environment, and this service is based on XML(eXtensible Markup Language) Signature. XML Signature assure that process integrity, message authentication, and/or signer authentication. And WIPI(Wireless Internet Protocol for Interoperability) that is mobile internet integration platform was proposed to integrate mobile device platform. However, because WIPI transmits and exchanges message by tort of XML base, encryption of XML document and necessity of XML signature are increasing because of weakness of security. Therefor in this paper, Encryption and XML signature module of XML document that satisfy standard requirement in WIPI platform base design and implementation. System that was proposed in this paper used standard encryption and XML signature algorithm and supports safe encryption and XML signature through doing security simulation applied various algorithm for XML document of mobile environment.

• The Journal of Information Systems
• /
• v.30 no.3
• /
• pp.65-91
• /
• 2021

Purpose In this study, we investigated the impact of perceived risk and switching costs on switching intention to cloud service based on PPM (Pull-Push-Mooring) model. Design/methodology/approach We focused on revealing the switching factors of the switching intention to the cloud services. The switching factors to the cloud services were defined as perceived risk consisting of performance risk, economic risk, and security risk, and switching costs consisting of financial and learning costs. On the PPM model, we defined the pull factors consisting of perceived usefulness and perceived ease of use, and the push factor as satisfaction of the legacy system, and the mooring factor as policy supports. Findings The results of this study as follows; (1) Among the perceived risk factors, performance risk has a negative effect on the ease of use of pull factors, and finally it was found to affect the switching intention to the cloud services. Therefore, cloud service providers need to improve trust in cloud services, service timeliness, and linkage to the legacy systems. And it was found that economic risk and security risk among the perceived risk factors did not affect the switching intention to the cloud services. (2) Of the perceived risk factors, financial cost and learning cost did not affect the satisfaction of the legacy system, which is a push factor. It indicates that the respondents are positively considering switching to cloud service in the future, despite the fact that the respondents are satisfied with the use of the legacy system and are aware of the switching cost to cloud service. (3) Policy support was found to improve the switching intention to cloud services by alleviating the financial and learning costs required for cloud service switching.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.115-120
• /
• 2021

An O2O-based real estate brokerage web sites or apps are increasing explosively. As a result, the environment has been changed from the existing offline-based real estate brokerage environment to the online-based environment, and consumers are getting very good feelings in terms of time, cost, and convenience. However, behind the convenience of online-based real estate brokerage services, users often suffer time and money damage due to false information or malicious false information. Therefore, in this study, in order to reduce the damage to consumers that may occur in the O2O-based real estate brokerage service, we designed a false property information filtering system that can determine the authenticity of registered property information using artificial intelligence technology. Through the proposed research method, it was shown that not only the authenticity of the property information registered in the online real estate service can be determined, but also the temporal and financial damage of consumers can be reduced.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.463-468
• /
• 2021

Single image super-resolution (SISR) is an image processing technique, and its main target is to reconstruct the high-quality or high-resolution (HR) image from the low-quality or low-resolution (LR) image. Currently, deep learning-based convolutional neural network (CNN) image super-resolution approaches achieved remarkable improvement over the previous approaches. Furthermore, earlier approaches used hand designed filter to upscale the LR image into HR image. The design architecture of such approaches is easy, but it introduces the extra unwanted pixels in the reconstructed image. To resolve these issues, we propose novel deep learning-based approach known as Lightweight deep CNN-based approach for Single Image Super-Resolution (LDCSIR). In this paper, we propose a new architecture which is inspired by ResNet with Inception blocks, which significantly drop the computational cost of the model and increase the processing time for reconstructing the HR image. Compared with the other state of the art methods, LDCSIR achieves better performance in terms of quantitively (PSNR/SSIM) and qualitatively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.45-55
• /
• 2019

DEX file and share objects (also known as the SO file) are important components that define the behaviors of an Android application. DEX file is implemented in Java code, whereas SO file under ELF file format is implemented in native code(C/C++). The two layers - Java and native can communicate with each other at runtime. Malicious applications have become more and more prevalent in mobile world, they are equipped with different evasion techniques to avoid being detected by anti-malware product. To avoid static analysis, some applications may perform malicious behavior in native code that is difficult to analyze. Existing researches fail to extract the call relationship which includes both Java code and native code, or can not analyze multi-DEX application. In this study, we design and implement a system that effectively extracts the call relationship between Java code and native code by analyzing DEX file and SO file of Android application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.105-115
• /
• 2019

Recently, intelligent Android malicious codes have become difficult to detect malicious behavior by static analysis alone. Malicious code with SO file, dynamic loading, and string obfuscation are difficult to extract information about original code even with various tools for static analysis. There are many dynamic analysis methods to solve this problem, but dynamic analysis requires rooting or emulator environment. However, in the case of dynamic analysis, malicious code performs the rooting and the emulator detection to bypass the analysis environment. To solve this problem, this paper investigates a variety of root detection schemes and builds an environment for bypassing the rooting detection in real devices. In addition, SDK code hooking module for Android malicious code analysis is designed using Xposed, and intent tracking for code flow, dynamic loading file information, and various API information extraction are implemented. This work will contribute to the analysis of obfuscated information and behavior of Android Malware.