• Journal of Information Processing Systems
• /
• 제15권4호
• /
• pp.904-919
• /
• 2019

Many security systems rely solely on solutions based on Artificial Intelligence, which are weak in nature. These security solutions can be easily manipulated by malicious users who can gain unlawful access. Some security systems suggest using fingerprint-based solutions, but they can be easily deceived by copying fingerprints with clay. Image-based security is undoubtedly easy to manipulate, but it is also a solution that does not require any special training on the part of the user. In this paper, we propose a multi-factor security framework that operates in a three-step process to authenticate the user. The motivation of the research lies in utilizing commonly available and inexpensive devices such as onsite CCTV cameras and smartphone camera and providing fully secure user authentication. We have used technologies such as Argon2 for hashing image features and physically unclonable identification for secure device-server communication. We also discuss the methodological workflow of the proposed multi-factor authentication framework. In addition, we present the service scenario of the proposed model. Finally, we analyze qualitatively the proposed model and compare it with state-of-the-art methods to evaluate the usability of the model in real-world applications.

• ETRI Journal
• /
• 제42권6호
• /
• pp.886-898
• /
• 2020

Unusual data patterns or outliers can be generated because of human errors, incorrect measurements, or malicious activities. Detecting outliers is a difficult task that requires complex ensembles. An ideal outlier detection ensemble should consider the strengths of individual base detectors while carefully combining their outputs to create a strong overall ensemble and achieve unbiased accuracy with minimal variance. Selecting and combining the outputs of dissimilar base learners is a challenging task. This paper proposes a model that utilizes heterogeneous base learners. It adaptively boosts the outcomes of preceding learners in the first phase by assigning weights and identifying high-performing learners based on their local domains, and then carefully fuses their outcomes in the second phase to improve overall accuracy. Experimental results from 10 benchmark datasets are used to train and test the proposed model. To investigate its accuracy in terms of separating outliers from inliers, the proposed model is tested and evaluated using accuracy metrics. The analyzed data are presented as crosstabs and percentages, followed by a descriptive method for synthesis and interpretation.

• 한국군사과학기술학회지
• /
• 제25권2호
• /
• pp.125-134
• /
• 2022

Recently, there are an increased the number of reports on the misuse or malicious use of an UAS. Thus, many researchers are studying on defense schemes for UAS by developing or improving C-UAS sensor technology. However, the wrong placement of sensors may lead to a defense failure since the proper placement of sensors is critical for UAS defense. In this study, a multi-object optimization model for C-UAS sensor placement in an air base is proposed. To address the issue, we define two objective functions: the intersection ratio of interested area and the minimum detection range and try to find the optimized placement of sensors that maximizes the two functions. C-UAS placement model is designed using a NSGA-II algorithm, and through experiments and analyses the possibility of its optimization is verified.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권7호
• /
• pp.1916-1934
• /
• 2023

The phishing attack is a malicious emerging threat on the internet where the hackers try to access the user credentials such as login information or Internet banking details through pirated websites. Using that information, they get into the original website and try to modify or steal the information. The problem with traditional defense systems like firewalls is that they can only stop certain types of attacks because they rely on a fixed set of principles to do so. As a result, the model needs a client-side defense mechanism that can learn potential attack vectors to detect and prevent not only the known but also unknown types of assault. Feature selection plays a key role in machine learning by selecting only the required features by eliminating the irrelevant ones from the real-time dataset. The proposed model uses Hyperparameter Optimized Artificial Neural Networks (H-ANN) combined with a Hybrid Firefly and Grey Wolf Optimization algorithm (H-FFGWO) to detect and block phishing websites in Internet of Things(IoT) Applications. In this paper, the H-FFGWO is used for the feature selection from phishing datasets ISCX-URL, Open Phish, UCI machine-learning repository, Mendeley website dataset and Phish tank. The results showed that the proposed model had an accuracy of 98.07%, a recall of 98.04%, a precision of 98.43%, and an F1-Score of 98.24%.

• 융합보안논문지
• /
• 제6권4호
• /
• pp.161-169
• /
• 2006

최근 정보시스템의 발달에 따라, 다양한 정보시스템과 응용 소프트웨어의 개발이 이루어지고 있다. 하지만 정보시스템의 발달에 따른 역기능으로 많은 침해사고와 사이버해킹이 증가하는 추세이다. 이러한 정보화의 역기능을 차단하기 위해, 많은 기관에서는 정보시스템과 이를 보호하는 정보보호시스템의 운영과 관리를 위하여 많은 정보시스템 운영인력을 투입하고 있으나, 체계적 관리와 각 역할의 특성에 대한 분석부족으로 효율적인 운영에 많은 어려움을 겪고 있다. 본 논문에서는 정보시스템과 정보보호시스템 보안 및 관리 운영과 수행업무의 특성에 따라 정형화 된 Cause-Effect Model을 제시하도록 한다. 이 모델에서는 정보시스템과 정보시스템 운영자를 하나의 information Component로 간주한다. 본 논문에서 제시된 Cause-Effect Model의 각 단계에서 영향을 미치는 Human Factor의 세부 요소에 대한 영향도 분석을 통하여, 주어진 역할에 따라 최적의 human Resource의 관리와 배치가 가능할 것이다. 이러한 분석 및 접근 방법은 각 기관의 제한된 Resource 에 대한 효율적 운영이 가능하도록 하여, 기관의 정보시스템 운영과 악의적 침입에 대한 효율적인 방어를 가능하게 할 수 있다.

• International Journal of Computer Science & Network Security
• /
• 제22권5호
• /
• pp.294-302
• /
• 2022

Detection of fake news is a complex and a challenging task. Generation of fake news is very hard to stop, only steps to control its circulation may help in minimizing its impacts. Humans tend to believe in misleading false information. Researcher started with social media sites to categorize in terms of real or fake news. False information misleads any individual or an organization that may cause of big failure and any financial loss. Automatic system for detection of false information circulating on social media is an emerging area of research. It is gaining attention of both industry and academia since US presidential elections 2016. Fake news has negative and severe effects on individuals and organizations elongating its hostile effects on the society. Prediction of fake news in timely manner is important. This research focuses on detection of fake news spreaders. In this context, overall, 6 models are developed during this research, trained and tested with dataset of PAN 2020. Four approaches N-gram based; user statistics-based models are trained with different values of hyper parameters. Extensive grid search with cross validation is applied in each machine learning model. In N-gram based models, out of numerous machine learning models this research focused on better results yielding algorithms, assessed by deep reading of state-of-the-art related work in the field. For better accuracy, author aimed at developing models using Random Forest, Logistic Regression, SVM, and XGBoost. All four machine learning algorithms were trained with cross validated grid search hyper parameters. Advantages of this research over previous work is user statistics-based model and then ensemble learning model. Which were designed in a way to help classifying Twitter users as fake news spreader or not with highest reliability. User statistical model used 17 features, on the basis of which it categorized a Twitter user as malicious. New dataset based on predictions of machine learning models was constructed. And then Three techniques of simple mean, logistic regression and random forest in combination with ensemble model is applied. Logistic regression combined in ensemble model gave best training and testing results, achieving an accuracy of 72%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권11호
• /
• pp.2254-2271
• /
• 2011

Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.

• 대한수학회보
• /
• 제50권6호
• /
• pp.1799-1816
• /
• 2013

Privacy preserving multiset union (PPMU) protocol allows a set of parties, each with a multiset, to collaboratively compute a multiset union secretly, meaning that any information other than union is not revealed. We propose efficient PPMU protocols, using multiplicative homomorphic cryptosystem. The novelty of our protocol is to directly encrypt a polynomial by representing it by an element of an extension field. The resulting protocols consist of constant rounds and improve communication cost. We also prove the security of our protocol against malicious adversaries, in the random oracle model.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2017년도 춘계학술대회
• /
• pp.314-316
• /
• 2017

금전적 수확 등의 목적으로 네트워크 사용자들의 컴퓨터 및 파일을 잠근 후 금품을 요구하는 악성 프로그램 랜섬웨어(Ransomware)의 진화가 계속될 전망으로, 메일 시스템에서 업무정보를 주고 받는 기업의 생존권에 있어 랜섬웨어는 위협적인 존재이다. 이러한 위협에 있어, 분산원장(Distributed Ledger) 기술인 블록체인(Blockchain)을 활용하여 랜섬웨어 이상징후 데이터로써 자동 생성되는 블록을 기업 내 보안정책에 바로 연계되도록 하여 메일 시스템에서의 랜섬웨어를 사전방지하는 블록체인 모델을 설계한다.

• Journal of Information Processing Systems
• /
• 제19권3호
• /
• pp.289-301
• /
• 2023

Due to the development and dissemination of modern technology, anyone can easily communicate using services such as social network service (SNS) through a personal computer (PC) or smartphone. The development of these technologies has caused many beneficial effects. At the same time, bad effects also occurred, one of which was the spam problem. Spam refers to unwanted or rejected information received by unspecified users. The continuous exposure of such information to service users creates inconvenience in the user's use of the service, and if filtering is not performed correctly, the quality of service deteriorates. Recently, spammers are creating more malicious spam by distorting the image of spam text so that optical character recognition (OCR)-based spam filters cannot easily detect it. Fortunately, the level of transformation of image spam circulated on social media is not serious yet. However, in the mail system, spammers (the person who sends spam) showed various modifications to the spam image for neutralizing OCR, and therefore, the same situation can happen with spam images on social media. Spammers have been shown to interfere with OCR reading through geometric transformations such as image distortion, noise addition, and blurring. Various techniques have been studied to filter image spam, but at the same time, methods of interfering with image spam identification using obfuscated images are also continuously developing. In this paper, we propose a deep learning-based spam image detection model to improve the existing OCR-based spam image detection performance and compensate for vulnerabilities. The proposed model extracts text features and image features from the image using four sub-models. First, the OCR-based text model extracts the text-related features, whether the image contains spam words, and the word embedding vector from the input image. Then, the convolution neural network-based image model extracts image obfuscation and image feature vectors from the input image. The extracted feature is determined whether it is a spam image by the final spam image classifier. As a result of evaluating the F1-score of the proposed model, the performance was about 14 points higher than the OCR-based spam image detection performance.