• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.64-75
• /
• 2022

The method of accessing multiple control systems in the OT control network centered on operation technology uses the operator authentication technology of each control system. An example is ID/PW operator authentication technology. In this case, since the OT control network is composed of multiple control systems, operator authentication technology must be applied to each control system. Therefore, the operator must bear the inconvenience of having to manage authentication information for each control system he manages. To solve these problems, SSO technology is used in business-oriented IT networks. However, if this is introduced into the OT control network as it is, the characteristics of the limited size of the OT control network and rapid operator authentication are not reflected, so it cannot be seen as a realistic alternative. In this paper, a public key-based authentication mechanism was newly proposed as an operator authentication technology to solve this problem. In other words, an integrated public key certificate that applies equally to all control systems in the OT control network was issued and used to access all control systems, thereby simplifying the authentication information management and making access to the control system more efficient and secure.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.39-48
• /
• 2022

Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.11
• /
• pp.449-456
• /
• 2021

An intrusion detection system is a technology that detects abnormal behaviors that violate security, and detects abnormal operations and prevents system attacks. Existing intrusion detection systems have been designed using statistical analysis or anomaly detection techniques for traffic patterns, but modern systems generate a variety of traffic different from existing systems due to rapidly growing technologies, so the existing methods have limitations. In order to overcome this limitation, study on intrusion detection methods applying various machine learning techniques is being actively conducted. In this study, a comparative study was conducted on data preprocessing techniques that can improve the accuracy of anomaly detection using NGIDS-DS (Next Generation IDS Database) generated by simulation equipment for traffic in various network environments. Padding and sliding window were used as data preprocessing, and an oversampling technique with Adversarial Auto-Encoder (AAE) was applied to solve the problem of imbalance between the normal data rate and the abnormal data rate. In addition, the performance improvement of detection accuracy was confirmed by using Skip-gram among the Word2Vec techniques that can extract feature vectors of preprocessed sequence data. PCA-SVM and GRU were used as models for comparative experiments, and the experimental results showed better performance when sliding window, skip-gram, AAE, and GRU were applied.

• Journal of the Society of Disaster Information
• /
• v.19 no.1
• /
• pp.1-9
• /
• 2023

In order to carry out construction work, it is urgent to introduce a proper wage system so that the cost burden of projects that have been won due to bleeding competition among original government buildings based on low-priced bids can be transferred to subcontractors. Purpose: Construction with illegal multi-level industrial structure needs to improve the wage reduction environment leading to order (100%) → original contractor (80%) → subcontractor (65%) → load contractor (65%) and aims to ensure wages for end workers. Method: Investigate the current status of labor cost appropriate payment plan in the construction industry, and investigate the case of the appropriate wage system (P.W) in the United States. In addition, the effect and direction of the appropriate wage system are presented. Result: Individual minimum wage security was also mentioned in the Constitution, and many researchers suggested that only the introduction of an appropriate wage system could solve the problem of reducing worker labor and ensure quality and safety. Conclusion: The proper wage system in the construction industry will block illegal multi-level and illegal foreign work, improve the labor environment in the construction market, create an influx of young workers, and have a significant impact on the construction industry's competitive structure, safety, and quality.

• Journal of Service Research and Studies
• /
• v.10 no.4
• /
• pp.71-88
• /
• 2020

CB(Convertible bond) is mezzanine security that have the characteristics of bonds and stocks. From the perspective of investors, the purpose of the research is to empirically investigate the degree of investment efficiency of CB and to suggest efficient investment plans. The research method investigated the maturity interest rate, conversion price, and conversion date for CB, and then linked it with daily stock price fluctuations after the conversion date to determine the degree of investment efficiency and stock conversion effect of CB. As a result of the study, it was analyzed that the ratio of the conversion price exceeded days was only about 1/4 of the conversion date, so the investment efficiency was low. The conversion day yield was -6.3% on average and the maturity day yield was -5.2% on average, showing a minus return on average, which was calculated differently from investor expectations. It was analyzed that the number of stocks with a minus conversion day is 2.4 times greater than the number of plus stocks and 3.7 times more than the number of plus stocks with a minus maturity return, so the expected return on stock conversion of CB is low. The research contribution was derived from the problem that the expected rate of return of CB is not high, and it is that the investor's point of view when purchasing CB was established.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2023.05a
• /
• pp.30-30
• /
• 2023

This study aims to establish the multi-reservoir operation system model in the Upper Mun River Basin which includes 5 main dams namely, Mun Bon (MB), Lamchae (LC), Lam Takhong (LTK), Lam Phraphoeng (LPP), and Lower Lam Chiengkrai (LLCK) Dams. The knowledge and AI technology were applied aiming to develop innovative prototype for SMART dam-reservoir operation in future. Two different sorts of reservoir operation system model namely, Fuzzy Logic (FL) and Constraint Programming (CP) as well as the development of rainfall and reservoir inflow prediction models using Machine Learning (ML) technique were made to help specify the right amount of daily reservoir releases for the Royal Irrigation Department (RID). The model could also provide the essential information particularly for the Office of National Water Resource of Thailand (ONWR) to determine the short-term and long-term water resource management plan and strengthen water security against flood and drought in this region. The simulated results of base case scenario for reservoir operation in the Upper Mun from 2008 to 2021 indicated that in the same circumstances, FL and CP models could specify the new release schemes to increase the reservoir water storages at the beginning of dry season of approximately 125.25 and 142.20 MCM per year. This means that supplying the agricultural water to farmers in dry season could be well managed. In other words, water scarcity problem could substantially be moderated at some extent in case of incapability to control the expansion of cultivated area size properly. Moreover, using AI technology to determine the new reservoir release schemes plays important role in reducing the actual volume of water shortfall in the basin although the drought situation at LTK and LLCK Dams were still existed in some periods of time. Meanwhile, considering the predicted inflow and hydrologic factors downstream of 5 main dams by FL model and minimizing the flood volume by CP model could ensure that flood risk was considerably minimized as a result of new release schemes.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.39-53
• /
• 2023

Non-installation program (hereinafter referred to as "portable program") is a program that can be used without an installation process, unlike general software. Since there is no separate installation process, portable programs have high mobility and are used in various ways. For example, when initial setup of multiple PCs is required, a portable program can be stored on one USB drive to perform initial setup. Alternatively, when a problem occurs with the PC and it is difficult to boot normally, Windows PE can be configured on the USB drive and portable programs can be stored for PC recovery. And the portable program does not directly affect PC settings, such as changing registry values, and does not leave a trace. This means that the portable program has high security. If a portable program is deleted after using it, it is difficult to analyze behavior in a general way. If a user used a portable program for malicious behavior, analysis in a general way has limitations in collecting evidence. Therefore, portable programs must have a new way of behavioral analysis that is different from ordinary installation software. In this paper, after installing the Windows 10 operating system on a virtual machine, we proceed with the scenario with a portable program of Opera and Notepad++. And we analyze this in various ways such as file analysis of the operating system and memory forensics, collect information such as program execution time and frequency, and conduct specific behavioral analysis of user.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.10
• /
• pp.67-76
• /
• 2023

Although deep learning models are making innovative achievements in the field of computer vision, the problem of vulnerability to adversarial examples continues to be raised. Adversarial examples are attack methods that inject fine noise into images to induce misclassification, which can pose a serious threat to the application of deep learning models in the real world. In this paper, we propose a model that detects adversarial examples using differences in predictive values between edge-learned classification models and underlying classification models. The simple process of extracting the edges of the objects and reflecting them in learning can increase the robustness of the classification model, and economical and efficient detection is possible by detecting adversarial examples through differences in predictions between models. In our experiments, the general model showed accuracy of {49.9%, 29.84%, 18.46%, 4.95%, 3.36%} for adversarial examples (eps={0.02, 0.05, 0.1, 0.2, 0.3}), whereas the Canny edge model showed accuracy of {82.58%, 65.96%, 46.71%, 24.94%, 13.41%} and other edge models showed a similar level of accuracy also, indicating that the edge model was more robust against adversarial examples. In addition, adversarial example detection using differences in predictions between models revealed detection rates of {85.47%, 84.64%, 91.44%, 95.47%, and 87.61%} for each epsilon-specific adversarial example. It is expected that this study will contribute to improving the reliability of deep learning models in related research and application industries such as medical, autonomous driving, security, and national defense.

• Journal of Internet of Things and Convergence
• /
• v.10 no.2
• /
• pp.1-15
• /
• 2024

The construction of smart communities is a new method and important measure to ensure the security of residential areas. In order to solve the problem of low accuracy in face recognition caused by distorting facial features due to monitoring camera angles and other external factors, this paper proposes the following optimization strategies in designing a face recognition network: firstly, a global graph convolution module is designed to encode facial features as graph nodes, and a multi-scale feature enhancement residual module is designed to extract facial keypoint features in conjunction with the global graph convolution module. Secondly, after obtaining facial keypoints, they are constructed as a directed graph structure, and graph attention mechanisms are used to enhance the representation power of graph features. Finally, tensor computations are performed on the graph features of two faces, and the aggregated features are extracted and discriminated by a fully connected layer to determine whether the individuals' identities are the same. Through various experimental tests, the network designed in this paper achieves an AUC index of 85.65% for facial keypoint localization on the 300W public dataset and 88.92% on a self-built dataset. In terms of face recognition accuracy, the proposed network achieves an accuracy of 83.41% on the IBUG public dataset and 96.74% on a self-built dataset. Experimental results demonstrate that the network designed in this paper exhibits high detection and recognition accuracy for faces in surveillance videos.