• Nuclear Engineering and Technology
• /
• v.53 no.12
• /
• pp.4072-4079
• /
• 2021

This article presents a study on the state-of-the-art methods for automated radioactive material detection and identification, using gamma-ray spectra and modern machine learning methods. The recent developments inspired this in deep learning algorithms, and the proposed method provided better performance than the current state-of-the-art models. Machine learning models such as: fully connected, recurrent, convolutional, and gradient boosted decision trees, are applied under a wide variety of testing conditions, and their advantage and disadvantage are discussed. Furthermore, a hybrid model is developed by combining the fully-connected and convolutional neural network, which shows the best performance among the different machine learning models. These improvements are represented by the model's test performance metric (i.e., F1 score) of 93.33% with an improvement of 2%-12% than the state-of-the-art model at various conditions. The experimental results show that fusion of classical neural networks and modern deep learning architecture is a suitable choice for interpreting gamma spectra data where real-time and remote detection is necessary.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.55-61
• /
• 2012

Owing to the development of wireless infrastructure and mobile communication technology, There is growing interest in smart phone using it. The resulting popularity of smart phone has increased the Mobile Malicious AP-related security threat and the access to the wireless AP(Access Point) using Wi-Fi. mobile AP mechanism is the use of a mobile device with Internet access such as 3G cellular service to serve as an Internet gateway or access point for other devices. Within the enterprise, the use of mobile AP mechanism made corporate information management difficult owing to use wireless system that is impossible to wire packet monitoring. In this thesis, we propose mobile AP mechanism-based mobile malicious AP detection and prevention mechanism in radius authentication server network. Detection approach detects mobile AP mechanism-based mobile malicious AP by sniffing the beacon frame and analyzing the difference between an authorized AP and a mobile AP mechanism-based mobile malicious AP detection.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.4
• /
• pp.1375-1384
• /
• 2014

Flashover of power transmission line insulators is a major threat to the reliable operation of power system. This paper deals with the flashover prediction of polymeric insulators used in power transmission line applications using the novel condition monitoring technique developed by PD signal time-frequency map and neural network technique. Laboratory experiments on polymeric insulators were carried out as per IEC 60507 under AC voltage, at different humidity and contamination levels using NaCl as a contaminant. Partial discharge signals were acquired using advanced ultra wide band detection system. Salient features from the Time-Frequency map and PRPD pattern at different pollution levels were extracted. The flashover prediction of polymeric insulators was automated using artificial neural network (ANN) with back propagation algorithm (BPA). From the results, it can be speculated that PD signal feature extraction along with back propagation classification is a well suited technique to predict flashover of polymeric insulators.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3258-3273
• /
• 2021

Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.67-72
• /
• 2005

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. In order to solve a same problem, this paper researched early detection techniques for only early warning of cyber threats with separate way the detection due to and existing security equipment from the large network. It researched the cyber example alert system which applies the module of based honeynet from the actual large network and this technique against the malignant traffic how many probably it will be able to dispose effectively from large network.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.105-112
• /
• 2014

The utilization of Wireless Ad Hoc Network which can build easily network using wireless device in difficult situation to build network is very good. However, it has security threat element because it transfers data by only forwarding of wireless devices. The measures against this should be prepared because damage by especially routing attack can affect the entire network. It is hard to distinguish malicious node and normal node among nodes composing network and it is not easy also to detect routing attack and respond to this. In this paper, we propose new method which detect routing attack and can respond to this. The amount of traffic in all nodes is measured periodically to judge the presence or absence of attack node on the path set. The technique that hides inspection packet to suspected node and transmits is used in order to detect accurately attack node in the path occurred attack. The experiment is performed by comparing SRAODA and SEAODV technique to evaluate performance of the proposed technique and the excellent performance can be confirmed.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.413-418
• /
• 2019

Attacks on existing sensor networks include sniffing, flooding, and spoofing attacks. The basic countermeasures include encryption and authentication methods and switching methods. Wormhole attack, HELLO flood attack, Sybil attack, sinkhole attack, and selective delivery attack are the attacks on the network layer in wireless sensor network (WSN). These attacks may not be defended by the basic countmeasures mentioned above. In this paper, new countermeasures against these attacks include periodic key changes and regular network monitoring. Moreover, we present various threats (attacks) in the network layer of wireless sensor networks and new countermeasures accordingly.

• Journal of Korea Multimedia Society
• /
• v.18 no.4
• /
• pp.506-523
• /
• 2015

The intent is to determine whether or not the custody transfer is helpful for data transmission in challenging underwater communications when running Bundle protocol or underwater protocols. From the point of view defending side, Underwater Acoustic Network (UAN) will be a serious threat for its strong functionality long rang and high precision of surveillance and detection. Therefore, countermeasures must be taken to weaken its effect. Our purpose is analyzed that how to benefit from the UIoT to learn from, exploit and preserve the natural underwater resources. Delay/Disruption Tolerant Network (DTN) is essential part of the network heterogeneity communication network. The vulnerability and potential security factors of UIoT are studied thereafter. Security mechanisms for an underwater environment are difficult to apply owing to the limited bandwidth. Therefore, for underwater security, appropriate security mechanisms and security requirements must be defined simultaneously. The paper consists of mathematical and security model. Most important point of view in the security challenges of effective Buffer and Storage management in DTN.