• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.195-207
• /
• 2022

COVID-19 has remained one of the most serious health crises in recent history, resulting in the tragic loss of lives and significant economic impacts on the entire world. The difficulty of controlling COVID-19 poses a threat to the global health sector. Considering that Artificial Intelligence (AI) has contributed to improving research methods and solving problems facing diverse fields of study, AI algorithms have also proven effective in disease detection and early diagnosis. Specifically, acoustic features offer a promising prospect for the early detection of respiratory diseases. Motivated by these observations, this study conceptualized a speech-based diagnostic model to aid in COVID-19 diagnosis. The proposed methodology uses speech signals from confirmed positive and negative cases of COVID-19 to extract features through the pre-trained Visual Geometry Group (VGG-16) model based on Mel spectrogram images. This is used in addition to the K-means algorithm that determines effective features, followed by a Genetic Algorithm-Support Vector Machine (GA-SVM) classifier to classify cases. The experimental findings indicate the proposed methodology's capability to classify COVID-19 and NOT COVID-19 of varying ages and speaking different languages, as demonstrated in the simulations. The proposed methodology depends on deep features, followed by the dimension reduction technique for features to detect COVID-19. As a result, it produces better and more consistent performance than handcrafted features used in previous studies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.875-884
• /
• 2024

The proliferation of IoT networks has led to an increase in cyber attacks, highlighting the importance of Network Intrusion Detection Systems (NIDS). To overcome the limitations of traditional NIDS and cope with more sophisticated cyber attacks, there is a trend towards integrating artificial intelligence models into NIDS. However, AI-based NIDS are vulnerable to adversarial attacks, which exploit the weaknesses of algorithm. Model Type Inference Attack is one of the types of attacks that infer information inside the model. This paper proposes an optimized framework for Model Type Inference attacks against NIDS models, applying more realistic assumptions. The proposed method successfully trained an attack model to infer the type of NIDS models with an accuracy of approximately 0.92, presenting a new security threat to AI-based NIDS and emphasizing the importance of developing defence method against such attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.331-346
• /
• 2019

Global cyber threats to industrial control systems are increasing. As a result, related research and cooperation are actively underway. However, we are focusing on strengthening security for physical network separation and perimeter. Internal threats are still vulnerable. This is because the easiest and strongest countermeasure is to enhance border security, and solutions for enhancing internal security are not easy to apply due to system availability problems. In particular, there are many vulnerabilities due to the large number of legacy systems remaining throughout industrial control systems. Unless these vulnerable systems are newly built according to the security framework, it is necessary to respond to these vulnerable systems, and therefore, a security solution considering availability has been verified and suggested. Using Sysmon and ELK, security solutions can detect Cyber-threat that are difficult to detect in unstructured ICS.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.67-75
• /
• 2018

According to Symantec's Internet Security Threat Report(2018), Internet security threats such as Cryptojackings, Ransomwares, and Mobile malwares are rapidly increasing and diversifying. It means that detection of malwares requires not only the detection accuracy but also versatility. In the past, malware detection technology focused on qualitative performance due to the problems such as encryption and obfuscation. However, nowadays, considering the diversity of malware, versatility is required in detecting various malwares. Additionally the optimization is required in terms of computing power for detecting malware. In this paper, we present Stream Order(SO)-CNN and Incremental Coordinate(IC)-CNN, which are malware detection schemes using CNN(Convolutional Neural Network) that effectively detect intelligent and diversified malwares. The proposed methods visualize each malware binary file onto a fixed sized image. The visualized malware binaries are learned through GoogLeNet to form a deep learning model. Our model detects and classifies malwares. The proposed method reveals better performance than the conventional method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1551-1559
• /
• 2015

Recently, the performance of smart devices is almost similar to that of the existing PCs, thus the users of smart devices can perform similar works such as messengers, SNSs(Social Network Services), smart banking, etc. originally performed in PC environment using smart devices. Although the development of smart devices has led to positive impacts, it has caused negative changes such as an increase in security threat aimed at mobile environment. Specifically, the threats of mobile devices, such as leaking private information, generating unfair billing and performing DDoS(Distributed Denial of Service) attacks has continuously increased. Over 80% of the mobile devices use android platform, thus, the number of damage caused by mobile malware in android platform is also increasing. In this paper, we propose android based malware detection mechanism using time-series analysis, which is one of statistical-based detection methods.We use auto-regressive moving-average model which is extracting accurate predictive values based on existing data among time-series model. We also use fast and exact malware detection method by extracting possible malware data through Z-Score. We validate the proposed methods through the experiment results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.5
• /
• pp.1122-1127
• /
• 2014

WLAN is affordability, flexibility, and ease of installation, use the smart device due to the dissemination and the AP (Access Point) to the simplification of the Office building, store, at school. Wi-Fi radio waves because it uses the medium of air transport to reach areas where security threats are always exposed to illegal AP installation, policy violations AP, packet monitoring, AP illegal access, external and service access, wireless network sharing, MAC address, such as a new security threat to steal. In this paper, signature-based of wireless intrusion detection system for Snort to suggest how to develop. The public can use hacking tools and conduct a mock hacking, Snort detects an attack of hacking tools to verify from experimental verification of the suitability of the thesis throughout.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.2
• /
• pp.334-348
• /
• 2015

Widespread use of smart devices accompanies increase of use of access point (AP), which enables the connection to the wireless network. If the appropriate security is not served when a user tries to connect the wireless network through an AP, various security problems can arise due to the rogue APs. In this paper, we are going to examine the threat by evil-twin, which is a kind of rogue APs. Most of recent researches for detecting rogue APs utilize the measured time difference, such as round trip time (RTT), between the evil-twin and authorized APs. These methods, however, suffer from the low detection rate in the network congestion. Due to these reasons, in this paper, we suggest a new factor, packet inter-arrival time (PIAT), in order to detect evil-twins. By using both RTT and PIAT as the learning factors for the support vector machine (SVM), we determine the non-linear metric to classify evil-twins and authorized APs. As a result, we can detect evil-twins with the probability of up to 96.5% and at least 89.75% even when the network is congested.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.257-261
• /
• 2022

Diseases of agricultural plants in recent years have spread greatly across the regions of the Kyrgyz Republic and pose a serious threat to the yield of many crops. The consequences of it can greatly affect the food security for an entire country. Due to force majeure, abnormal cases in climatic conditions, the annual incomes of many farmers and agricultural producers can be destroyed locally. Along with this, the rapid detection of plant diseases also remains difficult in many parts of the regions due to the lack of necessary infrastructure. In this case, it is possible to pave the way for the diagnosis of diseases with the help of the latest achievements due to the possibilities of feedback from the farmer - developer in the formation and updating of the database of sick and healthy plants with the help of advances in computer vision, developing on the basis of machine and deep learning. Currently, model training is increasingly used already on publicly available datasets, i.e. it has become popular to build new models already on trained models. The latter is called as transfer training and is developing very quickly. Using a publicly available data set from PlantVillage, which consists of 54,306 or NewPlantVillage with a data volumed with 87,356 images of sick and healthy plant leaves collected under controlled conditions, it is possible to build a deep convolutional neural network to identify 14 types of crops and 26 diseases. At the same time, the trained model can achieve an accuracy of more than 99% on a specially selected test set.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.