• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.555-562
• /
• 2009

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

• KIISE Transactions on Computing Practices
• /
• v.20 no.11
• /
• pp.586-591
• /
• 2014

In recent years, we can access to video contents anywhere and at any time. Therefore distributed video is easily copied, transformed and republished. Since it brings copyright problem, similarity/duplicate detection and measurement is essential to identify the excessive content duplication. In this paper, we analysed various discernment of video which has been transformed with various ways using MPEG-7 Video Signature. MPEG-7 Video Signature, one of video copy detection algorithms, is block based abstraction. Thus we assume Video Signature is weak for spatial transform. The experiments show that MPEG-7 Video Signature is very weak for spatial transform which could occur general as we have assumed.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.13 no.5
• /
• pp.225-234
• /
• 2018

Control flow errors are caused by the vulnerability of memory and result in system failure. Signature-based control flow monitoring is a representative method for alleviating the problem. The method commonly consists of two routines; one routine is signature update and the other is signature verification. However, in the existing signature-based control flow monitoring, monitoring target application is tightly combined with the monitoring code, and the operation of monitoring in a single thread is the basic model. This makes the signature-based monitoring method difficult to expect performance improvement that can be taken in multi-thread and multi-core environments. In this paper, we propose a new signature-based control flow monitoring model that separates signature update and signature verification in thread level. The signature update is combined with application thread and signature verification runs on a separate monitor thread. In the proposed model, the application thread and the monitor thread are separated from each other, so that we can expect a performance improvement that can be taken in a multi-core and multi-thread environment.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.46 no.3
• /
• pp.10-17
• /
• 2009

This paper proposes a compressed domain signature extraction method which can be used for CBCD (Content Based Copy Detection). Since existing signature extraction methods for the CBCD are executed in spatial domain, they need additional computations to decode the compressed video before the signature extraction. To avoid this overhead, we generate a thumbnail image directly from the compressed video without full decoding. Then we can extract the video signature from the thumbnail image. Experimental results of extracting brightness ordering information as the signature for CBCD show that our proposed method is 2.8 times faster than the spatial domain method while maintaining 80.98% accuracy.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.609-616
• /
• 2005

Signature-based Intrusion Detection has many false positive and many difficulties to detect new and changed attacks. Alpha-cut is introduced which reduces false positive with a combination of signature-based IDS and machine learning-based IDS in prior paper [1]. This research is a study of a succession of Alpha-cut, and we introduce Beta-rick in which attacks can be detected but cannot be detected in single signature-based detection. Alpha-cut is a way of increasing detection accuracy for the signature based IDS, Beta-pick is a way which decreases the case of treating attack as normality. For Alpha-cut and Beta-pick we use XIBL as a learning algorithm and also show the difference of result of Sd.5. To describe the value of proposed method we apply Alpha-cut and Beta-pick to signature-based IDS and show the decrease of false alarms.

• ETRI Journal
• /
• v.32 no.6
• /
• pp.871-880
• /
• 2010

Many applications dealing with image management need a technique for removing duplicate images or for grouping related (near-duplicate) images in a database. This paper proposes a concentric circle-based image signature which makes it possible to detect near-duplicates rapidly and accurately. An image is partitioned by radius and angle levels from the center of the image. Feature values are calculated using the average or variation between the partitioned sub-regions. The feature values distributed in sequence are formed into an image signature by hash generation. The hashing facilitates storage space reduction and fast matching. The performance was evaluated through discriminability and robustness tests. Using these tests, the particularity among the different images and the invariability among the modified images are verified, respectively. In addition, we also measured the discriminability and robustness by the distribution analysis of the hashed bits. The proposed method is robust to various modifications, as shown by its average detection rate of 98.99%. The experimental results showed that the proposed method is suitable for near-duplicate detection in large databases.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.5 no.4
• /
• pp.33-40
• /
• 1995

This paper delas with the detection of freehand forgeries of signatures based on the averaged directional amplitudes of gradient vetor which are related to the overall shape of the handwritten signature and fuzzy ARTMAP neural network classifier. In the first step, signature images are extracted from the background by a process involving noise reduction and automatic thresholding. Next, twelve directional amplitudes of gradient vector for each pixel on the signature line are measure and averaged through the entire signature image. With these twelve averaged directional gradient amplitudes, the fuzzy ARTMAP neural network is trained and tested for the detection of freehand forgeries of singatures. The experimental results show that the fuzzy ARTMAP neural network cna lcassify a signature whether genuine or forged with greater than 95% overall accuracy.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11
• /
• pp.3011-3019
• /
• 1999

Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

• Structural Engineering and Mechanics
• /
• v.38 no.1
• /
• pp.81-97
• /
• 2011

In this research, the wavelet transform is used to analyze time response of a cracked beam carrying moving mass for damage detection. In this respect, a new damage detection method based on the combined use of continuous and discrete wavelet transforms is proposed. It is shown that this method is more capable in making damage signature evident than the traditional two approaches based on direct investigation of the wavelet coefficients of structural response. By the proposed method, it is concluded that strain data outperforms displacement data at the same point in revealing damage signature. In addition, influence of moving mass-induced terms such as gravitational, Coriolis, centrifuge forces, and pure inertia force along the deflection direction to damage detection is investigated on a sample case. From this analysis it is concluded that centrifuge force has the most influence on making both displacement and strain data damage-sensitive. The Coriolis effect is the second to improve the damage-sensitivity of data. However, its impact is considerably less than the former. The rest, on the other hand, are observed to be insufficient alone.