• Journal of Industrial Convergence
• /
• v.21 no.9
• /
• pp.41-48
• /
• 2023

Recently, there has been a sharp increase in the damages caused by ransomware across various sectors of society, including individuals, businesses, and nations. Ransomware is a malicious software that infiltrates user computer systems, encrypts important files, and demands a ransom in exchange for restoring access to the files. Due to its diverse and sophisticated attack techniques, ransomware is more challenging to detect than other types of malware, and its impact is significant. Therefore, there is a critical need for accurate detection and mitigation methods. To achieve precise ransomware detection, an inference engine of a detection system must possess knowledge of ransomware features. In this paper, we propose a model to extract and classify the characteristics of ransomware for accurate detection of ransomware, calculate the similarity of the extracted characteristics, reduce the dimension of the characteristics, group the reduced characteristics, and classify the characteristics of ransomware into attack tools, inflow paths, installation files, command and control, executable files, acquisition rights, circumvention techniques, collected information, leakage techniques, and state changes of the target system. The classified characteristics were applied to the existing ransomware to prove the validity of the classification, and later, if the inference engine learned using this classification technique is installed in the detection system, most of the newly emerging and variant ransomware can be detected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.69-80
• /
• 2007

To protect personal information when releasing data, a general privacy-protecting technique is the removal of all the explicit identifiers, such as names and social security numbers. De-identifying data, however, provides no guarantee of anonymity because released information can be linked to publicly available information to identify them and to infer information that was not intended for release. In recent years, two emerging concepts in personal information protection are k-anonymity and $\ell$-diversity, which guarantees privacy against homogeneity and background knowledge attacks. While these solutions are signigicant in static data environment, they are insufficient in dynamic environments because of vulnerability to inference. Specially, the problem appeared in record deletion is to deconstruct the k-anonymity and $\ell$-diversity. In this paper, we present an approach to securely anonymizing a continuously changeable dataset in an efficient manner while assuring high data quality.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.945-956
• /
• 2020

The publication of data is essential in order to receive high quality services from many applications. However, if the original data is published as it is, there is a risk that sensitive information (political tendency, disease, ets.) may reveal. Therefore, many research have been proposed, not the original data but the synthetic data generating and publishing to privacy preserve. but, there is a risk of privacy leakage still even if simply generate and publish the synthetic data by various attacks (linkage attack, inference attack, etc.). In this paper, we propose a synthetic data generation algorithm in which privacy preserved by applying differential privacy the latest privacy protection technique to GAN, which is drawing attention as a synthetic data generative model in order to prevent the leakage of such sensitive information. The generative model used CGAN for efficient learning of labeled data, and applied Rényi differential privacy, which is relaxation of differential privacy, considering the utility aspects of the data. And validation of the utility of the generated data is conducted and compared through various classifiers.

• Journal of the Korea Society for Simulation
• /
• v.12 no.4
• /
• pp.25-40
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the general simulation environment of network security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls the execution of agents or a contractee, who performs intrusion detection. In the network security model, each model of simulation environment is hierarchically designed by DEVS(Discrete Event system Specification) formalism. The purpose of this simulation is that the application of rete pattern-matching algorithm speeds up the inference cycle phases of the intrusion detection expert system and we evaluate the characteristics and performance of CNP architecture with rete pattern-matching algorithm.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.197-206
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the General Simulation Environment of Network Security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls tie execution of agents or a contractee, who performs intrusion detection. In the Network Security model, each model of simulation environment is hierarchically designed by DEVS (Discrete EVent system Specification) formalism. The purpose of this simulation is to evaluate the characteristics and performance of CNP architecture with rete pattern matching algorithm and the application of rete pattern matching algorithm for the speeding up the inference cycle phases of the intrusion detection expert system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.123-125
• /
• 2023

As deep learning has become an essential part of human lives, the requirement for Deep Learning as a Service (DLaaS) is growing. Since using remote cloud servers induces privacy concerns for users, a Fully Homomorphic Encryption (FHE) arises to protect users' sensitive data from a malicious attack in the cloud environment. However, the FHE cannot support several computations, including the most popular activation function, Rectified Linear Unit (ReLU). This paper analyzes several polynomial approximation methods for ReLU to utilize FHE in DLaaS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.665-679
• /
• 2018

With the development of information and communication technology, especially wireless Internet technology and the spread of smart phones, digital data has increased. As a result, privacy issues which concerns about exposure of personal sensitive information are increasing. In this paper, we analyze the privacy vulnerability of online big data in domestic internet environment, especially focusing on portal service, and propose a measure to evaluate the possibility of privacy violation. For this purpose, we collected about 50 million user posts from the potal service contents and extracted the personal information. we find that potal service user can be identified by the extracted personal information even though the user id is partially anonymized. In addition, we proposed a risk measurement evaluation method that reflects the possibility of personal information linkage between service using partial anonymized ID and personal information exposure level.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.22 no.6
• /
• pp.715-721
• /
• 2012

A threat evaluation is the technique which decides order of priority about tracks engaging with enemy by recognizing battlefield situation and making it efficient decision making. That is, in battle situation of multiple target it makes expeditious decision making and then aims at minimizing asset's damage and maximizing attack to targets. Threat value computation used in threat evaluation is calculated by sensor data which generated in battle space. Because Battle situation is unpredictable and there are various possibilities generating potential events, the damage or loss of data can make confuse decision making. Therefore, in this paper we suggest that substantial threat value calculation using learning bayesian network which makes it adapt to the varying battle situation to gain reliable results under given incomplete data and then verify this system's performance.

• Journal of Physiology & Pathology in Korean Medicine
• /
• v.33 no.5
• /
• pp.249-254
• /
• 2019

This study is aimed to refute against medical opponent's claim that Korean medicine does not conform to the conditions of science. Analyses and refutations against a journal treatise and a Facebook column formally written for a logical criticism and attack were conducted. As an example of the logic of the knowledge production process in Chinese medicine, 8 principle theory was exemplified in the Han danasty Classics "Neijing" and "Shanghanlun" at first. The knowledge was continuously revised and accumulated historically and then completed through Ming、Cheng period. The differential diagnosis and treatment theory is a logical process of forming knowledge through the process of abduction, deduction and induction begun from "Shanghanlun" succeeded to nowadays and it is essentially equaled with the process of experimental inference by Claude Bernard. Examples of normal science status based on Kuhn's scientific standards include the theory of 8 principle, differntial diagnosis of viscera and bowel, 3 yang and 3 yin diseases of "Shanghanlun" and warm disease theory. Examples of science lost or get its normal status by refutation following Popper's standards were cold damage theory and warm disease theory respectively. This allowed Chinese medicine to follow the general principles of science that form scientific knowledge and to correspond with the demarcation standards and concepts of science. However, as one of the conditions for becoming a science, Chinese medicine is partially lacking in terms of the interpretation of text language or the accordance with modern knowledge. Therefore methods are required to supplement this lack through multi-faceted research such as literature-based, theoretical and clinical studies.

• Investigative Magnetic Resonance Imaging
• /
• v.17 no.4
• /
• pp.267-274
• /
• 2013

Purpose : To re-evaluate additional clinical significance of the apparent diffusion coefficient (ADC) map in the inference of infarction stage, authors studied the evolution patterns of the DWI and the ADC map of the brain infarction. Materials and Methods: In 127 patients with cerebral infarctions, including follow-up checks, 199 studies were performed. They were classified as hourly (117 studies)-, daily (108 studies)-, weekly (62 studies)-based groups. The signal intensity (SI) was measured at the core of the infarction and contralateral area with ROI of 0.3 $cm^2$ or more on the images of the DWI and the ADC map, and calculated the ratios of SI and ADC value of the infarction area / contralateral normal area, and compared the patterns of the change according to the evolution. Results: Infarction was detected as early as 1 hour after the attack, and the ratio of SI in the DWI became over than 2 after 12 hours, which showed a plateau until the 6th day. Thereafter, it decreased slowly to 1 on the 30th day, and changed to lower SI than the surrounding brain. The ratio in the ADC map became 0.46 in 24 hours after the attack, and increased slowly to 1 in the 15th day. Thereafter, it became a higher value than the surrounding brain. Overall, the ratio in the ADC map changed earlier than in the DWI, and the ratio curves showed inverse pattern each other according to the evolution of the infarction. Conclusion: The evolution patterns of infarction on the ADC map showed an inverse curve of DWI curve, which means that the ADC value is accurately predictable from DWI, and the ADC map joined with the DWI seems helpful in the determination of subacute infarction between 15 to 30 days.