• Title/Summary/Keyword: signature-based detection

Search Result 203, Processing Time 0.026 seconds

Packed PE File Detection for Malware Forensics (악성코드 포렌식을 위한 패킹 파일 탐지에 관한 연구)

  • Han, Seung-Won;Lee, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.16C no.5
    • /
    • pp.555-562
    • /
    • 2009
  • In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

Analyzing Performance of MPEG-7 Video Signature for Video Copy Detection (동영상 복사본 검출을 위한 MPEG-7 Video Signature 성능분석)

  • Yu, Jeongsoo;Ryu, Jaesug;Nang, Jongho
    • KIISE Transactions on Computing Practices
    • /
    • v.20 no.11
    • /
    • pp.586-591
    • /
    • 2014
  • In recent years, we can access to video contents anywhere and at any time. Therefore distributed video is easily copied, transformed and republished. Since it brings copyright problem, similarity/duplicate detection and measurement is essential to identify the excessive content duplication. In this paper, we analysed various discernment of video which has been transformed with various ways using MPEG-7 Video Signature. MPEG-7 Video Signature, one of video copy detection algorithms, is block based abstraction. Thus we assume Video Signature is weak for spatial transform. The experiments show that MPEG-7 Video Signature is very weak for spatial transform which could occur general as we have assumed.

Separate Signature Monitoring for Control Flow Error Detection (제어흐름 에러 탐지를 위한 분리형 시그니처 모니터링 기법)

  • Choi, Kiho;Park, Daejin;Cho, Jeonghun
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.13 no.5
    • /
    • pp.225-234
    • /
    • 2018
  • Control flow errors are caused by the vulnerability of memory and result in system failure. Signature-based control flow monitoring is a representative method for alleviating the problem. The method commonly consists of two routines; one routine is signature update and the other is signature verification. However, in the existing signature-based control flow monitoring, monitoring target application is tightly combined with the monitoring code, and the operation of monitoring in a single thread is the basic model. This makes the signature-based monitoring method difficult to expect performance improvement that can be taken in multi-thread and multi-core environments. In this paper, we propose a new signature-based control flow monitoring model that separates signature update and signature verification in thread level. The signature update is combined with application thread and signature verification runs on a separate monitor thread. In the proposed model, the application thread and the monitor thread are separated from each other, so that we can expect a performance improvement that can be taken in a multi-core and multi-thread environment.

Signature Extraction Method from H.264 Compressed Video (H.264/AVC로 압축된 비디오로부터 시그너쳐 추출방법)

  • Kim, Sung-Min;Kwon, Yong-Kwang;Won, Chee-Sun
    • Journal of the Institute of Electronics Engineers of Korea SP
    • /
    • v.46 no.3
    • /
    • pp.10-17
    • /
    • 2009
  • This paper proposes a compressed domain signature extraction method which can be used for CBCD (Content Based Copy Detection). Since existing signature extraction methods for the CBCD are executed in spatial domain, they need additional computations to decode the compressed video before the signature extraction. To avoid this overhead, we generate a thumbnail image directly from the compressed video without full decoding. Then we can extract the video signature from the thumbnail image. Experimental results of extracting brightness ordering information as the signature for CBCD show that our proposed method is 2.8 times faster than the spatial domain method while maintaining 80.98% accuracy.

Automatic Malware Detection Rule Generation and Verification System (악성코드 침입탐지시스템 탐지규칙 자동생성 및 검증시스템)

  • Kim, Sungho;Lee, Suchul
    • Journal of Internet Computing and Services
    • /
    • v.20 no.2
    • /
    • pp.9-19
    • /
    • 2019
  • Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

A Combination of Signature-based IDS and Machine Learning-based IDS using Alpha-cut and Beta pick (Alpha-cut과 Beta-pick를 이용한 시그너쳐 기반 침입탐지 시스템과 기계학습 기반 침입탐지 시스템의 결합)

  • Weon, Ill-Young;Song, Doo-Heon;Lee, Chang-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.12C no.4 s.100
    • /
    • pp.609-616
    • /
    • 2005
  • Signature-based Intrusion Detection has many false positive and many difficulties to detect new and changed attacks. Alpha-cut is introduced which reduces false positive with a combination of signature-based IDS and machine learning-based IDS in prior paper [1]. This research is a study of a succession of Alpha-cut, and we introduce Beta-rick in which attacks can be detected but cannot be detected in single signature-based detection. Alpha-cut is a way of increasing detection accuracy for the signature based IDS, Beta-pick is a way which decreases the case of treating attack as normality. For Alpha-cut and Beta-pick we use XIBL as a learning algorithm and also show the difference of result of Sd.5. To describe the value of proposed method we apply Alpha-cut and Beta-pick to signature-based IDS and show the decrease of false alarms.

Concentric Circle-Based Image Signature for Near-Duplicate Detection in Large Databases

  • Cho, A-Young;Yang, Won-Keun;Oh, Weon-Geun;Jeong, Dong-Seok
    • ETRI Journal
    • /
    • v.32 no.6
    • /
    • pp.871-880
    • /
    • 2010
  • Many applications dealing with image management need a technique for removing duplicate images or for grouping related (near-duplicate) images in a database. This paper proposes a concentric circle-based image signature which makes it possible to detect near-duplicates rapidly and accurately. An image is partitioned by radius and angle levels from the center of the image. Feature values are calculated using the average or variation between the partitioned sub-regions. The feature values distributed in sequence are formed into an image signature by hash generation. The hashing facilitates storage space reduction and fast matching. The performance was evaluated through discriminability and robustness tests. Using these tests, the particularity among the different images and the invariability among the modified images are verified, respectively. In addition, we also measured the discriminability and robustness by the distribution analysis of the hashed bits. The proposed method is robust to various modifications, as shown by its average detection rate of 98.99%. The experimental results showed that the proposed method is suitable for near-duplicate detection in large databases.

A New Approach For Off-Line Signature Verification Using Fuzzy ARTMAP

  • Hsn, Doowhan
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.5 no.4
    • /
    • pp.33-40
    • /
    • 1995
  • This paper delas with the detection of freehand forgeries of signatures based on the averaged directional amplitudes of gradient vetor which are related to the overall shape of the handwritten signature and fuzzy ARTMAP neural network classifier. In the first step, signature images are extracted from the background by a process involving noise reduction and automatic thresholding. Next, twelve directional amplitudes of gradient vector for each pixel on the signature line are measure and averaged through the entire signature image. With these twelve averaged directional gradient amplitudes, the fuzzy ARTMAP neural network is trained and tested for the detection of freehand forgeries of singatures. The experimental results show that the fuzzy ARTMAP neural network cna lcassify a signature whether genuine or forged with greater than 95% overall accuracy.

  • PDF

Intrusion Detection System for Denial of Service Attack using Performance Signature (성능 시그네쳐를 이용한 서비스 거부 공격 침입탐지 시스템 설계)

  • Kim, Gwang-Deuk;Lee, Sang-Ho
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.11
    • /
    • pp.3011-3019
    • /
    • 1999
  • Denial of service is about knocking off services, without permission for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved. This paper analyses system-based inside denial of services attack(DoS) and system metric for performance of each machine provided. And formalize the conclusions results in ways that clearly expose the performance impact of those observations. So, we present new approach. It is detecting DoS attack using performance signature for system and program behavior. We present new approach. It is detecting DoS attack using performance signature for system and program behavior. We believe that metric will be to guide to automated development of a program to detect the attack. As a results, we propose the AIDPS(Architecture for Intrusion Detection using Performance Signature) model to detect DoS attack using performance signature.

  • PDF

Wavelet-based damage detection method for a beam-type structure carrying moving mass

  • Gokdag, Hakan
    • Structural Engineering and Mechanics
    • /
    • v.38 no.1
    • /
    • pp.81-97
    • /
    • 2011
  • In this research, the wavelet transform is used to analyze time response of a cracked beam carrying moving mass for damage detection. In this respect, a new damage detection method based on the combined use of continuous and discrete wavelet transforms is proposed. It is shown that this method is more capable in making damage signature evident than the traditional two approaches based on direct investigation of the wavelet coefficients of structural response. By the proposed method, it is concluded that strain data outperforms displacement data at the same point in revealing damage signature. In addition, influence of moving mass-induced terms such as gravitational, Coriolis, centrifuge forces, and pure inertia force along the deflection direction to damage detection is investigated on a sample case. From this analysis it is concluded that centrifuge force has the most influence on making both displacement and strain data damage-sensitive. The Coriolis effect is the second to improve the damage-sensitivity of data. However, its impact is considerably less than the former. The rest, on the other hand, are observed to be insufficient alone.