• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4933-4956
• /
• 2016

Use-After-Free (UAF) is a common lethal form of software vulnerability. By using tools such as Web Browser Fuzzing, a large amount of samples containing UAF vulnerabilities can be generated. To evaluate the threat level of vulnerability or to patch the vulnerabilities, automatic deduplication and exploitability determination should be carried out for these samples. There are some problems existing in current methods, including inadequate pertinence, lack of depth and precision of analysis, high time cost, and low accuracy. In this paper, in terms of key dangling pointer and crash context, we analyze four properties of similar samples of UAF vulnerability, explore the method of extracting and calculate clustering eigenvalues from these samples, perform clustering by fast search and find of density peaks on a large number of vulnerability samples. Samples were divided into different UAF vulnerability categories according to the clustering results, and the exploitability of these UAF vulnerabilities was determined by observing the shape of class cluster. Experimental results showed that the approach was applicable to the deduplication and exploitability determination of a large amount of UAF vulnerability samples, with high accuracy and low performance cost.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.595-598
• /
• 2014

The cyber attacks of recent attacks that target zero-day exploit security vulnerabilities before the security patch is released (Zero Day) attack, the web site is without the Lord. These attacks, those that use the vulnerability of security that is built into the software itself is in most cases, cyber attacks that use the vulnerability of the security of the source code, in particular, has a characteristic response that are difficult to security equipment. Therefore, it is necessary to eliminate the security vulnerability from step to implement the software to prevent these attacks. In this paper, we try to design a Secure Coding Guide support tool to eliminate the threat of security from the stage of implementation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.1
• /
• pp.139-151
• /
• 2023

This study aims to gain insights into ChatGPT, which has recently received significant attention. The study utilized a mixed method involving case studies and news big data analysis. ChatGPT can be described as an optimized language model for dialogue. The question arises whether ChatGPT will replace Google search services, posing a potential threat to Google. It could hurt Google's advertising business, which is the foundation of its profits. With AI-based chatbots like ChatGPT likely to disrupt the web search industry, Google is establishing a new AI strategy. The study used the BIG KINDS service and analyzed 2,136 articles over six months, from August 23, 2022, to February 22, 2023. Thirty of these articles were written in 2022, while 2,106 have been reported recently as of February 22, 2023. Also, the study examined the contents of ChatGPT by utilizing literature research, news big data analysis, and use cases. Despite limitations such as the potential for false information, analyzing news big data and use cases suggests that ChatGPT is worth using.

• Journal of Information Science Theory and Practice
• /
• v.12 no.2
• /
• pp.79-95
• /
• 2024

The new AI based conversational chatbot, ChatGPT, launched in November 2022, is causing a stir. There are many opinions about this being a 'threat or a promise,' and thus it is important to understand what has been said about this tool and, based on the growing literature that has emerged on the subject, demystify its effective impact on society. To analyse this impact, a systematic literature review with the support of the preferred reporting items for systematic reviews and meta-analysis protocol was used. The data, scientific documents, were collected using the main scientific databases - SCOPUS and Web of Science - and the results were presented based on a bibliometric and thematic exploration of content. The main findings indicate that people are increasingly using this chatbot in more diverse areas. Therefore, this study contributes at the practical level, aiming to enlighten people in general - both in professional and personal life - about this tool and its impacts. Also, it contributes at the theoretical level, which involves expanding understanding and elucidation of the impacts of ChatGPT in different areas of study.

• Korean Security Journal
• /
• no.62
• /
• pp.9-33
• /
• 2020

This study presents aspects of the financing of terrorism using virtual-currencies. Fisrt of all, this introduces the conventional threat of the financing of terrorism and the analysis of current legal system regarding virtual-currency in South Korea. Next, the financing of terrorism cases are analyzed. With given analysis, the paper deals with its response and future extensions by technical and institutional aspects. The threats of the financing of terrorism are going higher after the appearance of virtual-currencies such as Bitcoin. There are two typical ways to use virtual-currencies by terrorist groups. One is to conduct public fund-raising in the social network system and the dark web. The other is to hack into virtual-currency exchange network in order to steal virtual currencies for developing the weapon of mass destruction. Specifically South Korea is top three country of trading virtual currencies and has been subject to virtual-currency hacking more than 10 cases. However, many countries including South Korea deal with virtual currencies as only innovative technology and means of investment, not the threats of the financing of terrorism. Under these circumstances, there a the legal contradiction. This article points this limit and absurdity. Also, it shows reasonable alternatives. All in all, given these aspects, the article proposes detailed policy directions.

• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.1-6
• /
• 2014

DDoS (Distributed Denial Service, Distributed Service) attacks are being generated for a constant threat on the Internet, countermeasures for this have been proposed. However, the problem has become an increasingly effective instruction in any Measures are a variety of attacks and sophisticated attacks. Attackers can change a steady attack tools to respond to these, the experts as a countermeasure to this constantly research for a fresh attack. This paper is to introduce countermeasures to DDoS recent representative examples of 7.7DDoS and look for 3.3DDoS existing types of DDoS attacks increased PPS attacks, high traffic sent, web service delay and router and firewall settings, applications and to describe the DDoS countermeasures research by certification, is so that you can plan effectively for the future DDoS attacks proposed method.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.8
• /
• pp.95-104
• /
• 2013

DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• International Journal of Knowledge Content Development & Technology
• /
• v.11 no.4
• /
• pp.101-111
• /
• 2021

The world is going through the most unprecedented time with the outbreak of novel Coronavirus disease (COVID-19), which has become a threat to millions. A Coronavirus is a group of viruses that cause a variety of diseases in mammals and birds leading to a range of illnesses in humans including common cold and more severe forms like severe acute respiratory syndrome Coronavirus (SARS-CoV), Middle East respiratory syndrome Coronavirus (MERS-CoV) and COVID-19, which are life-threatening. The virus gets its name from its shape which takes the form of a crown with protrusions around it. In December 2019, a pneumonia outbreak was reported in the Wuhan City of China, which was later traced to a novel strain of Coronavirus and termed as Novel COVID-19. It typically causes flu-like symptoms including fever, cough and shortness of breath and is transmitted through human-to-human and there is no cure for it till now. Thus, this bibliometric study has been carried out to analyze the research progress in Coronavirus and literature published during a period of 30 years (1989-2019). Data for the study were fetched from Web of Science(WoS) multidisciplinary database and the publication trends in terms of total articles, productive countries, institutions, journals, productive authors, most cited articles and authors, etc have been analyzed. In total, 4917 articles were retrieved; these were from 711 sources and were contributed by 14442 authors. The collaboration index was 3.11, which clearly indicates that there has been a lot of collaboration in this field. The most preferred journal for the study period was "Journal of Virology" and the maximum contribution has been from the University of Hong Kong.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.44 no.4
• /
• pp.193-207
• /
• 2021

As Deepfakes phenomenon is spreading worldwide mainly through videos in web platforms and it is urgent to address the issue on time. More recently, researchers have extensively discussed deepfake video datasets. However, it has been pointed out that the existing Deepfake datasets do not properly reflect the potential threat and realism due to various limitations. Although there is a need for research that establishes an agreed-upon concept for high-quality datasets or suggests evaluation criterion, there are still handful studies which examined it to-date. Therefore, this study focused on the development of the evaluation criterion for the Deepfake video dataset. In this study, the fitness of the Deepfake dataset was presented and evaluation criterions were derived through the review of previous studies. AHP structuralization and analysis were performed to advance the evaluation criterion. The results showed that Facial Expression, Validation, and Data Characteristics are important determinants of data quality. This is interpreted as a result that reflects the importance of minimizing defects and presenting results based on scientific methods when evaluating quality. This study has implications in that it suggests the fitness and evaluation criterion of the Deepfake dataset. Since the evaluation criterion presented in this study was derived based on the items considered in previous studies, it is thought that all evaluation criterions will be effective for quality improvement. It is also expected to be used as criteria for selecting an appropriate deefake dataset or as a reference for designing a Deepfake data benchmark. This study could not apply the presented evaluation criterion to existing Deepfake datasets. In future research, the proposed evaluation criterion will be applied to existing datasets to evaluate the strengths and weaknesses of each dataset, and to consider what implications there will be when used in Deepfake research.