• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.107-122
• /
• 2014

The DDoS attacks and the APT attacks occurred by the zombie computers simultaneously attack target systems at a fixed time, caused social confusion. These attacks require many zombie computers running attacker's commands, and unknown malware that can bypass detecion of the anti-virus products is being executed in those computers. A that time, many methods have been proposed for the detection of unknown malware against the anti-virus products that are detected using the signature. This paper proposes a method of unknown malware detection using digital forensic techniques and describes the results of experiments carried out on various samples of malware and normal files.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.5B
• /
• pp.381-387
• /
• 2003

The importance of protection for data and information is increasing by the rapid development of information communication and network. And concern of the private-information protection is increasing for the requested user's demand. Analysis of unknown signal characteristics is importance for the safe system maintenance from hacker and cracker. Detected target of unknown signals is virus, inner invader and outer invader, etc. Because existed unknown signal detection method exist individually for the virus, inner invader and outer invader system performance is very lower and system cost is very much. Therefore, in this paper proposed merging IDS system performs detection for virus, inner intrusion and outer intrusion method. Design of the proposed system is used Synopsys Ver. 1999.10 and VHDL coding. The proposed IDS system is practical in the system performance and cost for the individually existed IDS, and proposed IDS system utilized a part of system resources.

• The Plant Pathology Journal
• /
• v.33 no.3
• /
• pp.213-228
• /
• 2017

Plasmodesmata (PDs) are specialized intercellular channels that facilitate the exchange of various molecules, including sugars, ribonucleoprotein complexes, transcription factors, and mRNA. Their diameters, estimated to be 2.5 nm in the neck region, are too small to transfer viruses or viral genomes. Tobacco mosaic virus and Potexviruses are the most extensively studied viruses. In viruses, the movement protein (MP) is responsible for the PD gating that allows the intercellular movement of viral genomes. Various host factors interact with MP to regulate complicated mechanisms related to PD gating. Virus replication and assembly occur in viral replication complex (VRC) with membrane association, especially in the endoplasmic reticulum. VRC have a highly organized structure and are highly regulated by interactions among the various host factors, proteins encoded by the viral genome, and the viral genome. Virus trafficking requires host machineries, such as the cytoskeleton and the secretory systems. MP facilitates the virus replication and movement process. Despite the current level of understanding of virus movement, there are still many unknown and complex interactions between virus replication and virus movement. While numerous studies have been conducted to understand plant viruses with regards to cell-to-cell movement and replication, there are still many knowledge gaps. To study these interactions, adequate research tools must be used such as molecular, and biochemical techniques. Without such tools, virologists will not be able to gain an accurate or detailed understanding of the virus infection process.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.663-673
• /
• 2002

Server-side anti-viruses are useful to protect their domains, because they can detect malicious codes at the gateway of their domains. In prevailing local network, all clients cannot be perfectly controlled by domain administrators, so server-side inspection, for example in e-mail server, is used as an efficient technique of detecting mobile malicious codes. However, current server-side anti-virus systems perform only signature-based detection for known malicious codes, simple filtering, and file name modification. One of the main reasons that they don't have detection features, for unknown malicious codes, is that activity monitoring technique is unavailable for server machines. In this paper, we propose a detection technique that is executed at the server, but it can monitor activities at the clients without any anti-virus features. we describe its implementation.

• Proceedings of the Korean Society of Plant Pathology Conference
• /
• 1997.06a
• /
• pp.5-21
• /
• 1997

Unique virus-like particles were associated with five eriophyid mite-borne plant diseases of unknown etiology; fig mosaic, redbud yellow ringspot, rose orsette, thistle mosaic, and high plains disease of corn and wheat. Quasi-spherical, double membrane-bound particles (DMPs), 120 - 200 nm in diameter, were observed in the cytoplasm of all cell types in symptomatic leaves of infected plants. No DMPs were observed in symptomless plants. The DMPs in symptomatic thistles were associated with two types of inclusions, electron-dense amorphous material and tubular aggregates. Similar amorphous inclusions were also found in corn and wheat with high plains disease, while tubular inclusions were observed in figs with mosaic symptoms. The particles and inclusions were similar in some aspects to immature particles associated with viroplasms of animal and insect poxviruses and also to the double-enveloped particles of tomato spotted wilt virus associated with viroplasms during early stages of infection, but were unique and unlike any known plant viruses. The DMPs and associated viroplasm-like inclusions in the high plains disease were specifically immunogold labeled in situ with the disease-specific antiserum. Thread-like structures, similar to tenuivirus particles, present in the partially purified virus preparations were also immunogold labeled with the antiserum. It is suggested that the thread-like structures are derived from the DMP. In many cells of symptomatic corn and wheat samples, DMPs occurred together with flexuous rod-shaped particles and cylindrical inclusions of wheat streak mosaic potyvirus (WSMV), suggesting that the disease is caused by a mixed infection of WSMV and the agent represented by the DMPs. Based on cytopathology, symptomatology and mite and/or graft-transmissibility, the five diseases described in this paper are potentially caused by virus(es) and the DMPs associated with these diseases may represent virus particles. If the DMPs are indeed viral in nature, they would comprise a new group of plant viruses.

• BMB Reports
• /
• v.37 no.6
• /
• pp.726-734
• /
• 2004

White spot disease (WSD) is caused by the white spot syndrome virus (WSSV), which results in devastating losses to the shrimp farming industry around the world. However, the mechanism of virus entry and spread into the shrimp cells is unknown. A binding assay in vitro demonstrated VP28-EGFP (envelope protein VP28 fused with enhanced green fluorescence protein) binding to shrimp cells. This provides direct evidence that VP28-EGFP can bind to shrimp cells at pH 6.0 within 0.5 h. However, the protein was observed to enter the cytoplasm 3 h post-adsorption. Meanwhile, the plaque inhibition test showed that the polyclonal antibody against VP28 (a major envelope protein of WSSV) could neutralize the WSSV and block an infection with the virus. The result of competition ELISA further confirmed that the envelope protein VP28 could compete with WSSV to bind to shrimp cells. Overall, VP28 of the WSSV can bind to shrimp cells as an attachment protein, and can help the virus enter the cytoplasm.

• Journal of Veterinary Clinics
• /
• v.30 no.4
• /
• pp.236-240
• /
• 2013

A total of 170 litters (575 samples) of aborted and stillbirth fetuses submitted to the Gyeongsangbuk-Do Veterinary Service Laboratory (GVSL) between January 2006 and December 2010 from pig farms in Gyeongbuk province were studied to identify porcine abortion- and stillbirth-associated viruses such as Porcine parvovirus (PPV), Encephalomyocarditis Virus (EMCV), Japanese Encephalitis Virus (JEV), Porcine Reproductive and Respiratory Syndrome Virus (PRRSV), and Aujeszky's Disease Virus (ADV). Virus was not detected by PCR in 36 litters, but viral antibody was detected by HI and ELISA in 93 litters. The majority of etiological viruses were PPV (67 litters, 39.4%), EMCV (50 litters, 29.4%), PRRSV (15 litters, 8.8%), and JEV (11 litters, 6.5%); ADV was not detected by either PCR or ELISA. Single infection occurred in 52 litters (30.6%), co-infection occurred in 41 litters (24.1%), and unknown cases with no detection of any of the five viruses occurred in 77 litters (45.3%).

• The KIPS Transactions:PartB
• /
• v.14B no.1 s.111
• /
• pp.59-64
• /
• 2007

In these days, malicious codes have become reality and evolved significantly to become one of the greatest threats to the modern society where important information is stored, processed, and accessed through the internet and the computers. Computer virus is a common type of malicious codes. The standard techniques in anti-virus industry is still based on signatures matching. The detection mechanism searches for a signature pattern that identifies a particular virus or stain of viruses. Though more accurate in detecting known viruses, the technique falls short for detecting new or unknown viruses for which no identifying patterns present. To cope with this problem, anti-virus software has to incorporate the learning mechanism and heuristic. In this paper, we propose a fuzzy diagnosis system(FDS) using fuzzy c-means algorithm(FCM) for the cluster analysis and a decision status measure for giving a diagnosis. We compare proposed system FDS to three well known classifiers-KNN, RF, SVM. Experimental results show that the proposed approach can detect unknown viruses effectively.

• Journal of Microbiology and Biotechnology
• /
• v.29 no.11
• /
• pp.1852-1859
• /
• 2019

Chikungunya virus (CHIKV) is a single-stranded positive-sense RNA virus, belonging to the genus Alphavirus of the Togaviridae family. It causes multiple symptoms, including headache, fever, severe joint and muscle pain, and arthralgia. Since CHIKV was first isolated in Tanzania in 1952, there have been multiple outbreaks of chikungunya fever. However, its pathogenesis and mechanisms of viral immune evasion have been poorly understood. In addition, the exact roles of individual CHIKV genes on the host innate immune response remain largely unknown. To investigate if CHIKV-encoded genes modulate the type I interferon (IFN) response, each and every CHIKV gene was screened for its effects on the induction of the IFN-β promoter. Here we report that CHIKV nsP2, E2 and E1 strongly suppressed activation of the IFN-β promoter induced by the MDA5/RIG-I receptor signaling pathway, suggesting that nsP2, E2, and E1 are the major antagonists against induction of IFN-β. Delineation of underlying mechanisms of CHIKV-mediated inhibition of the IFN-β pathway may help develop virus-specific therapeutics and vaccines.