• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.137-142
• /
• 2021

Although the internet has gained many conveniences and benefits, it is causing economic and social damage to users due to intelligent malware. Most of the signature-based anti-virus programs are used to detect and defend this, but it is insufficient to prevent malware variants becoming more intelligent. Therefore, we proposes a model that detects and defends the intelligent malware that is pouring out in the paper. The proposed model learns by imaging the characteristics of malware based on deeplearning, and detects newly detected malware variants using the learned model. It was shown that the proposed model detects not only the existing malware but also most of the variants that transform the existing malware.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1553-1571
• /
• 2018

Currently, many of schemes for smart grid data aggregation are based on a one-level gateway (GW) topology. Since the data aggregation granularity in this topology is too single, the control center (CC) is unable to obtain more fine-grained data aggregation results for better monitoring smart grid. To improve this issue, Shen et al. propose an efficient privacy-preserving cube-data aggregation scheme in which the system model consists of two-level GW. However, a risk exists in their scheme that attacker could forge the signature by using leaked signing keys. In this paper, we propose a secure and fine-grained electricity consumption aggregation scheme for smart grid, which employs the homomorphic encryption to implement privacy-preserving aggregation of users' electricity consumption in the two-level GW smart grid. In our scheme, CC can achieve a flexible electricity regulation by obtaining data aggregation results of various granularities. In addition, our scheme uses the forward-secure signature with backward-secure detection (FSBD) technique to ensure the forward-backward secrecy of the signing keys. Security analysis and experimental results demonstrate that the proposed scheme can achieve forward-backward security of user's electricity consumption signature. Compared with related schemes, our scheme is more secure and efficient.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.30 no.2
• /
• pp.177-180
• /
• 2019

To improve the accuracy rate of guided weapons, many studies have been conducted on the accurate detection and identification of targets from sea clutter. Because of the variety and complicated characteristics of both sea-clutter and target signals, an active target recognition technique is required. In this study, we propose an algorithm to distinguish clutter and recognize targets by applying a fractal signature(FS) classifier, which is a fractal dimension, and a high-resolution target image(HRTI) classifier, which applies scene matching to an image formed from a scanned image. Simulation results using the algorithm revealed that the HRTI classifier recognized targets 1 and 2 at a 100 % rate, whereas the FS classifier recognized targets 1 and 2 at rates of 90 % and 93 %, respectively.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.32 no.2
• /
• pp.109-116
• /
• 2019

Survivability of soldiers has been greatly threatened by the development of thermal observation device(TOD). Therefore, infrared, especially thermal, stealth technology is applied to combat suit to avoid detection from TOD. In this study, prior to the thermal camouflage performance evaluation of combat suit, thermal signature characteristic from clothed the human body was analyzed considering the realistic condition for human surface temperature compared to that from unclothed human body. To get the realistic surface temperature distribution of human, thermoregulation and multi-layer skin structure model is applied to the human model. Based on temperature distribution, surface diffuse radiance in thermal range is calculated and by assuming the background conditions, contrast radiance intensity(CRI) characteristic of human body is analyzed. By wearing clothing, the CRI between background and human body became reduced in low emissive background but in high emissive background, the contrast is much more prominent. Therefore, this issue should be considered in design process of thermal camouflage combat suit.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.355-364
• /
• 2023

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• International journal of advanced smart convergence
• /
• v.10 no.1
• /
• pp.1-11
• /
• 2021

Document page segmentation is an important step in building a quality optical character recognition module. The study examined already existing work on the topic of page segmentation and focused on the development of a segmentation model that has greater functional significance for application in an organization, as well as broad capabilities for managing the quality of the model. The main problems of document segmentation were highlighted, which include a complex background of intersecting objects. As classes for detection, not only classic text, table and figure were selected, but also additional types, such as signature, logo and table without borders (or with partially missing borders). This made it possible to pose a non-trivial task of detecting non-standard document elements. The authors compared existing neural network architectures for object detection based on published research data. The most suitable architecture was RetinaNet. To ensure the possibility of quality control of the model, a method based on neural network modeling using the RetinaNet architecture is proposed. During the study, several models were built, the quality of which was assessed on the test sample using the Mean average Precision metric. The best result among the constructed algorithms was shown by a model that includes four neural networks: the focus of the first neural network on detecting tables and tables without borders, the second - seals and signatures, the third - pictures and logos, and the fourth - text. As a result of the analysis, it was revealed that the approach based on four neural networks showed the best results in accordance with the objectives of the study on the test sample in the context of most classes of detection. The method proposed in the article can be used to recognize other objects. A promising direction in which the analysis can be continued is the segmentation of tables; the areas of the table that differ in function will act as classes: heading, cell with a name, cell with data, empty cell.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2689-2694
• /
• 2012

In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spam. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this paper, we propose IRC (Internet Relay Chat) that is used to control the botnet communication in a session channel of IRC servers connected through the analysis of the relationship of the channel and the connection with the server bot-infected hosts and how to detect.

• Journal of Communications and Networks
• /
• v.8 no.3
• /
• pp.290-296
• /
• 2006

In this paper, a generalized blind adaptive algorithm is introduced for multi-user detection of direct sequence code division multiple access (OS-COMA) wireless communication systems. The main property of the proposed algorithm is its ability to resolve the multipath fading channel resulting in inter symbol interference (ISI) as well as multiple access interference (MAI). Other remarkable properties are its low complexity and mitigation to the near-far problem as well as its insensitivity to asynchronous transmission. The proposed system is based on the minimization of the output energy and convergence to the minimum mean square error (MMSE) detector. It is blind in the sense that it needs no knowledge of the other users' signatures, only the intended user signature and timing are required. Furthermore, the convergence of the minimum output energy (MOE) detector to the MMSE detector is analytically proven in case of M-ary PSK. Depicted results show that the performance of the generalized system dominates those previously considered. Further improvements are obtained when multiple input multiple output (MIMO) technique is employed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.357-367
• /
• 2020

According to Symantec's 2018 internet security threat report, The number of new mobile malware variants increased by 54 percent in 2017, as compared to 2016. And last year, there were an average of 24,000 malicious mobile applications blocked each day. Existing signature-based technologies of malware detection have limitations. So, malware detection technique through machine learning is being researched to detect malware variant. However, even in the case of applying machine learning, if the proper features of the malware are not properly selected, the machine learning cannot be shown correctly. We are focusing on feature selection method to find the features of malware variant in this research.