• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.6
• /
• pp.1496-1521
• /
• 2012

Uncertainty is ubiquitous in target tracking wireless sensor networks due to environmental noise, randomness of target mobility and other factors. Sensing results are always unreliable. This paper considers unreliability as it occurs in wireless sensor networks and its impact on target-tracking accuracy. Firstly, we map intersection pairwise sensors' uncertain boundaries, which divides the monitor area into faces. Each face has a unique signature vector. For each target localization, a sampling vector is built after multiple grouping samplings determine whether the RSS (Received Signal Strength) for a pairwise nodes' is ordinal or flipped. A Fault-Tolerant Target-Tracking (FTTT) strategy is proposed, which transforms the tracking problem into a vector matching process that increases the tracking flexibility and accuracy while reducing the influence of in-the-filed factors. In addition, a heuristic matching algorithm is introduced to reduce the computational complexity. The fault tolerance of FTTT is also discussed. An extension of FTTT is then proposed by quantifying the pairwise uncertainty to further enhance robustness. Results show FTTT is more flexible, more robust and more accurate than parallel approaches.

• Journal of The Korean Astronomical Society
• /
• v.37 no.5
• /
• pp.455-460
• /
• 2004

There have been many speculations about the presence of cosmic ray protons (CRps) in galaxy clusters over the past two decades. However, no direct evidence such as the characteristic $\gamma$-ray signature of decaying pions has been found so far. These pions would be a direct tracer of hadronic CRp interactions with the ambient thermal gas also yielding observable synchrotron and inverse Compton emission by additionally produced secondary electrons. The obvious question concerns the type of galaxy clusters most likely to yield a signal: Particularly suited sites should be cluster cooling cores due to their high gas and magnetic energy densities. We studied a nearby sample of clusters evincing cooling cores in order to place stringent limits on the cluster CRp population by using non-detections of EGRET. In this context, we examined the possibility of a hadronic origin of Coma-sized radio halos as well as radio mini-halos. Especially for mini-halos, strong clues are provided by the very plausible small amount of required CRp energy density and a matching radio profile. Introducing the hadronic minimum energy criterion, we show that the energetically favored CRp energy density is constrained to $2\%{\pm}1\%$ of the thermal energy density in Perseus. We also studied the CRp population within the cooling core region of Virgo using the TeV $\gamma$-ray detection of M 87 by HEGRA. Both the expected radial $\gamma$-ray profile and the required amount of CRp support this hadronic scenario.

• Journal of the Korea Society of Computer and Information
• /
• v.5 no.4
• /
• pp.13-20
• /
• 2000

There are many security problems with Electronic Commerce since insecure public networks, especially Internet, are used. Therefore, for implementing secure Electronic Commerce, CAPI(Cryptographic Application Programming Interfaces) is expected to use various form of security applications. The Cryptographic Application Programming Interface supports cryptographic services for each level and various security services. The CSSM API(Common Security Service Management Application Programming Interface) Provides modularity, simplicity, and extensibility in terms of various add-in modules and interfaces in contract to other CAPIs. This paper proposed an applying method of CSSM API having various extensibility and supporting multi-platforms to Electronic Commerce. we describe encryption, digital signature operation of CSSM API's CSP interface and evaluate secureness by matching relation of theratening factors to security services.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.3
• /
• pp.303-317
• /
• 2002

In this paper, we design and implement E-COIRS enabling users to query with concepts and image features used for further refining the concepts. For example, E-COIRS supports the query "retrieve images containing black home appliance to north of reception set. "The query includes two types of concepts: IS-A and composite. "home appliance"is an IS-A concept, and "reception set" is a composite concept. For evaluating such a query. E-COIRS includes three important components: a visual image indexer, thesauri and a query processor. Each pair of objects in an mage captured by the visual image indexer is converted into a triple. The triple consists of the two object identifiers (oids) and their spatial relationship. All the features of an object is referenced by its old. A composite concept is detected by the triple thesaurus and IS-A concept is recolonized by the fuzzy term thesaurus. The query processor obtains an image set by matching each triple in a user with an inverted file and CS-Tree. To support efficient storage use and fast retrieval on high-dimensional feature vectors, E-COIRS uses Cell-based Signature tree(CS-Tree). E-COIRS is a more advanced content-based image retrieval system than other systems which support only concepts or image features.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3258-3273
• /
• 2021

Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.5
• /
• pp.375-382
• /
• 2016

In this paper, we presents a signatures verification by using the nonlinear quantization histogram of polar coordinate based on multi-dimensional adjacent pixel intensity difference. The multi-dimensional adjacent pixel intensity difference is calculated from an intensity difference between a pair of pixels in a horizontal, vertical, diagonal, and opposite diagonal directions centering around the reference pixel. The polar coordinate is converted from the rectangular coordinate by making a pair of horizontal and vertical difference, and diagonal and opposite diagonal difference, respectively. The nonlinear quantization histogram is also calculated from nonuniformly quantizing the polar coordinate value by using the Lloyd algorithm, which is the recursive method. The polar coordinate histogram of 4-directional intensity difference is applied not only for more considering the corelation between pixels but also for reducing the calculation load by decreasing the number of histogram. The nonlinear quantization is also applied not only to still more reflect an attribute of intensity variations between pixels but also to obtain the low level histogram. The proposed method has been applied to verified 90(3 persons * 30 signatures/person) images of 256*256 pixels based on a matching measures of city-block, Euclidean, ordinal value, and normalized cross-correlation coefficient. The experimental results show that the proposed method has a superior to the linear quantization histogram, and Euclidean distance is also the optimal matching measure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.61-75
• /
• 2011

Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

• Journal of Korea Multimedia Society
• /
• v.23 no.11
• /
• pp.1396-1405
• /
• 2020

Cyber threats such as forced personal information collection and distribution of malicious codes using malicious URLs continue to occur. In order to cope with such cyber threats, a security technologies that quickly detects malicious URLs and prevents damage are required. In a web environment, malicious URLs have various forms and are created and deleted from time to time, so there is a limit to the response as a method of detecting or filtering by signature matching. Recently, researches on detecting and predicting malicious URLs using machine learning techniques have been actively conducted. Existing studies have proposed various features and machine learning algorithms for predicting malicious URLs, but most of them are only suggesting specialized algorithms by supplementing features and preprocessing, so it is difficult to sufficiently reflect the strengths of various machine learning algorithms. In this paper, a system for predicting malicious URLs using multiple machine learning algorithms was proposed, and an experiment was performed to combine the prediction results of multiple machine learning models to increase the accuracy of predicting malicious URLs. Through experiments, it was proved that the combination of multiple models is useful in improving the prediction performance compared to a single model.

• The KIPS Transactions:PartB
• /
• v.14B no.1 s.111
• /
• pp.59-64
• /
• 2007

In these days, malicious codes have become reality and evolved significantly to become one of the greatest threats to the modern society where important information is stored, processed, and accessed through the internet and the computers. Computer virus is a common type of malicious codes. The standard techniques in anti-virus industry is still based on signatures matching. The detection mechanism searches for a signature pattern that identifies a particular virus or stain of viruses. Though more accurate in detecting known viruses, the technique falls short for detecting new or unknown viruses for which no identifying patterns present. To cope with this problem, anti-virus software has to incorporate the learning mechanism and heuristic. In this paper, we propose a fuzzy diagnosis system(FDS) using fuzzy c-means algorithm(FCM) for the cluster analysis and a decision status measure for giving a diagnosis. We compare proposed system FDS to three well known classifiers-KNN, RF, SVM. Experimental results show that the proposed approach can detect unknown viruses effectively.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2004.10a
• /
• pp.553-559
• /
• 2004

In todays security industry, personal identification is also based on biometric. Biometric identification is performed basing on the measurement and comparison of physiological and behavioral characteristics, Biometric for recognition includes voice dynamics, signature dynamics, hand geometry, fingerprint, iris, etc. Iris can serve as a kind of living passport or living password. Iris recognition system is the one of the most reliable biometrics recognition system. This is applied to client/server system such as the electronic commerce and electronic banking from stand-alone system or networks, ATMs, etc. A new algorithm using nonlinear function in recognition process is proposed in this paper. An algorithm is proposed to determine the localized iris from the iris image received from iris input camera in client. For the first step, the algorithm determines the center of pupil. For the second step, the algorithm determines the outer boundary of the iris and the pupillary boundary. The localized iris area is transform into polar coordinates. After performing three times Wavelet transformation, normalization was done using sigmoid function. The converting binary process performs normalized value of pixel from 0 to 255 to be binary value, and then the converting binary process is compare pairs of two adjacent pixels. The binary code of the iris is transmitted to the by server. the network. In the server, the comparing process compares the binary value of presented iris to the reference value in the University database. Process of recognition or rejection is dependent on the value of Hamming Distance. After matching the binary value of presented iris with the database stored in the server, the result is transmitted to the client.