• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.2
• /
• pp.99-110
• /
• 2023

This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.10
• /
• pp.67-76
• /
• 2023

Although deep learning models are making innovative achievements in the field of computer vision, the problem of vulnerability to adversarial examples continues to be raised. Adversarial examples are attack methods that inject fine noise into images to induce misclassification, which can pose a serious threat to the application of deep learning models in the real world. In this paper, we propose a model that detects adversarial examples using differences in predictive values between edge-learned classification models and underlying classification models. The simple process of extracting the edges of the objects and reflecting them in learning can increase the robustness of the classification model, and economical and efficient detection is possible by detecting adversarial examples through differences in predictions between models. In our experiments, the general model showed accuracy of {49.9%, 29.84%, 18.46%, 4.95%, 3.36%} for adversarial examples (eps={0.02, 0.05, 0.1, 0.2, 0.3}), whereas the Canny edge model showed accuracy of {82.58%, 65.96%, 46.71%, 24.94%, 13.41%} and other edge models showed a similar level of accuracy also, indicating that the edge model was more robust against adversarial examples. In addition, adversarial example detection using differences in predictions between models revealed detection rates of {85.47%, 84.64%, 91.44%, 95.47%, and 87.61%} for each epsilon-specific adversarial example. It is expected that this study will contribute to improving the reliability of deep learning models in related research and application industries such as medical, autonomous driving, security, and national defense.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.28 no.5B
• /
• pp.485-493
• /
• 2008

The Artificial Neural Network (ANN) model was suggested for predicting probability of precipitation (PoP) using RDAPS NWP model, observation at AWS and upper-air sounding station. The prediction work was implemented for flood season and the data period is the July, August of 2001 and June of 2002. Neural network input variables (predictors) were composed of geopotential height 500/750/1000 hPa, atmospheric thickness 500-1000 hPa, X & Y-component of wind at 500 hPa, X & Y-component of wind at 750 hPa, wind speed at surface, temperature at 500/750 hPa/surface, mean sea level pressure, 3-hr accumulated precipitation, occurrence of observed precipitation, precipitation accumulated in 6 & 12 hrs previous to RDAPS run, precipitation occurrence in 6 & 12 hrs previous to RDAPS run, relative humidity measured 0 & 12 hrs before RDAPS run, precipitable water measured 0 & 12 hrs before RDAPS run, precipitable water difference in 12 hrs previous to RDAPS run. The suggested ANN has a 3-layer perceptron (multi layer perceptron; MLP) and back-propagation learning algorithm. The result shows that there were 6.8% increase in Hit rate (H), especially 99.2% and 148.1% increase in Threat Score (TS) and Probability of Detection (POD). It illustrates that the suggested ANN model can be a useful tool for predicting rainfall event prediction. The Kuipers Skill Score (KSS) was increased 92.8%, which the ANN model improves the rainfall occurrence prediction over RDAPS.

• 한국환경농학회:학술대회논문집
• /
• 2009.07a
• /
• pp.228-239
• /
• 2009

The observations on climate change show a clear increase in the temperature of the Earth's surface and the oceans, a reduction in the land snow cover, and melting of the sea ice and glaciers. The effects of climate change are likely to include more variable weather, heat waves, increased mean temperature, rains, flooding and droughts. The threat of climate change and global warming on human and animal health is now recognized as a global issue. This presentation is described an overview of the latest scientific knowledge on the impact of climate change on zoonotic diseases. Climate strongly affects agriculture and livestock production and influences animal diseases, vectors and pathogens, and their habitat. Global warming are likely to change the temporal and geographical distribution of infectious diseases, including those that are vector-borne such as West Nile fever, Rift Valley fever, Japanese encephalitis, bluetongue, malaria and visceral leishmaniasis, and other diarrheal diseases. The distribution and prevalence of vector-borne diseases may be the most significant effect of climate change. The impact of climate change on the emergence and re-emergence of animal diseases has been confirmed by a majority of countries. Emerging zoonotic diseases are increasingly recognized as a global and regional issue with potential serious human health and economic impacts and their current upward trends are likely to continue. Coordinated international responses are therefore essential across veterinary and human health sectors, regions and countries to control and prevent emerging zoonoses. A new early warning and alert systems is developing and introducing for enhancing surveillance and response to zoonotic diseases. And international networks that include public health, research, medical and veterinary laboratories working with zoonotic pathogens should be established and strengthened. Facing this challenging future, the long-term strategies for zoonotic diseases that may be affected by climate change is need for better prevention and control measures in susceptible livestock, wildlife and vectors in Korea. In conclusion, strengthening global, regional and national early warning systems is extremely important, as are coordinated research programmes and subsequent prevention and control measures, and need for the global surveillance network essential for early detection of zoonotic diseases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.199-201
• /
• 2021

The Internet of Things (IoT) is a technology that can organically connect people and things without time and space constraints by using communication network technology and sensors, and transmit and receive data in real time. The IoT used in all industrial fields has limitations in terms of storage allocation, such as device size, memory capacity, and data transmission performance, so it is important to manage power consumption to effectively utilize the limited battery capacity. In the prior research, there is a problem in that security is deteriorated instead of improving power efficiency by lightening the security algorithm of the encryption module. In this study, we proposes a low-power security architecture that can utilize high-performance security algorithms in the IoT environment. This can provide high security and power efficiency by using relatively complex security modules in low-power environments by executing security modules only when threat detection is required based on inspection results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.385-395
• /
• 2018

With the development of Internet, cyber attack has become a major threat. To detect cyber attacks, intrusion detection system(IDS) has been widely deployed. But IDS has a critical weakness which is that it generates a large number of false alarms. One of the promising techniques that reduce the false alarms in real time is machine learning. However, there are problems that must be solved to use machine learning. So, many machine learning approaches have been applied to this field. But so far, researchers have not focused on features. Despite the features of IDS alerts are important for performance of model, the approach to feature is ignored. In this paper, we propose new feature set which can improve the performance of model and can be extracted from a single alarm. New features are motivated from security analyst's know-how. We trained and tested the proposed model applied new feature set with real IDS alerts. Experimental results indicate the proposed model can achieve better accuracy and false positive rate than SVM model with ordinary features.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.1037-1046
• /
• 2024

The widespread adoption of the Internet of Things (IoT) has enhanced efficiency and convenience across various fields, but it has also led to a surge in security threats. Among these, IoT botnets are particularly concerning as they can rapidly infect a large number of devices and launch various types of attacks, making them a significant security threat. In IoT environments where implementing security measures on individual devices is challenging, establishing a security monitoring system for real-time detection and response is essential to mitigate the risks posed by botnets. In the field of security monitoring, it is crucial not only to detect botnets but also to analyze their detailed behaviors to devise effective countermeasures. Security experts devote considerable effort to analyzing the payloads of detected threats to understand botnet behavior and develop appropriate responses. However, analyzing all threats manually is time-consuming and costly. To address this, our study proposes an XAI-based network feature extraction methodology to enhance the effectiveness of IoT botnet behavior analysis. This study proposes a practical security monitoring methodology for IoT botnet behavior analysis and response, consisting of three steps: 1) BPE and TF-IDF based payload feature extraction, 2) XAI-based feature importance analysis, and 3) visualization of decision rationale based on feature importance. This approach provides security experts with intuitive visual evidence of IoT attacks and reduces analysis time, contributing to faster decision-making and response strategy development in security monitoring.