• Tribology and Lubricants
• /
• v.30 no.3
• /
• pp.168-176
• /
• 2014

This paper presents an engine oil change warning algorithm based on the test results of a small dip-stick-gage-type engine-oil-deterioration-detection sensor, software to realize the algorithm and a display device to apply the software. The algorithm determines the engine oil deterioration condition from the rate of change in the dielectric constant based on the average measured capacitance at $80^{\circ}C$ after the engine stops. The rate of change in the dielectric constant at the time for oil change correlates with the time that one of recommended warning limits for engine oil physical properties such as TAN (Total Acid Number), TBN (Total Base Number) and viscosity is first reached. At this point, a warning signal for oil change appears on the display device like a smart-phone or individual display device. The frames of smartphone app have three stages. The user can directly input all of the thresholds into the frame of the smartphone app. The screen of the display device comprises one frame for each warning signature with the related message. The user can input the thresholds to the device through a USB cable connected to a personal computer.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.346-349
• /
• 2014

Currently, the growing cyber threat continues, the damage caused by the evolution of malicious code incidents become more bigger. Such advanced attacks as APT using 'zero-day vulnerability' bring easy way to steal sensitive data or personal information. However it has a lot of limitation that the traditional ways of defense like 'access control' with blocking of application ports or signature base detection mechanism. This study is suggesting a way of controlling application activities focusing on keeping integrity of applications, authorization to running programs and changes of files of operating system by hardening of legitimate resources and programs based on 'white-listing' technology which analysis applications' behavior and its usage.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.19 no.6
• /
• pp.36-45
• /
• 2005

This paper addresses the application of motor current spectral analysis for the detection of rolling-element bearing damage in induction machines. We set the experimental test bed. They is composed of the normal condition bearing system, the abnormal rolling-element bearing system of 2 type induction motors with shaft deflection system by external force and a hole drilled through the outer race of the shaft end bearing of the four pole test motor. We have developed the embedded distributed fault tolerant and fault diagnosis system for industrial motor. These mechanisms are based on two 32-bit DSPs and each TMS320F2407 DSP module is checking stator current The effects on the stator current spectrum are described and related frequencies are also determined. This is an important result in the formulation of a fault detection scheme that monitors the stator currents. We utilized the FFT(Fast Fourier Transform), Wavelet analysis and averaging signal pattern by inner product tool to analyze stator current components. Especially, the analyzed results by inner product clearly illustrate that the stator signature analysis can be used to identify the presence of a bearing fault.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1439-1444
• /
• 2005

Induction motors are the most commonly used electrical drives because they are rugged, mechanically simple, adaptable to widely different operating conditions, and simple to control. The most common faults in squirrel-cage induction motors are bearing, stator and rotor faults. Surveys conducted by the IEEE and EPRI show that the most common fault in induction motor is bearing failure (${\sim}$40% of failure). Thence, this paper addresses experimental results for diagnosing faults with different rolling element bearing damage via motor current spectral analysis. Rolling element bearings generally consist of two rings, an inner and outer, between which a set of balls or rollers rotate in raceways. We set the experimental test bed to detect the rolling-element bearing misalignment of 3 type induction motors with normal condition bearing system, shaft deflection system by external force and a hole drilled through the outer race of the shaft end bearing of the four pole test motor. This paper takes the initial step of investigating the efficacy of current monitoring for bearing fault detection by incipient bearing failure. The failure modes are reviewed and the characteristics of bearing frequency associated with the physical construction of the bearings are defined. The effects on the stator current spectrum are described and related frequencies are also determined. This is an important result in the formulation of a fault detection scheme that monitors the stator currents. We utilized the FFT, Wavelet analysis and averaging signal pattern by inner product tool to analyze stator current components. The test results clearly illustrate that the stator signature can be used to identify the presence of a bearing fault.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.4
• /
• pp.451-456
• /
• 2004

Signature based intrusion detection system (IDS), having stored rules for detecting intrusions at the library, judges whether new inputs are intrusion or not by matching them with the new inputs. However their policy has two restrictions generally. First, when they couldn't make rules against new intrusions, false negative (FN) errors may are taken place. Second, when they made a lot of rules for maintaining diversification, the amount of resources grows larger proportional to their amount. In this paper, we propose the learning algorithm which can evolve the competent of anomaly detectors having the ability to detect anomalous attacks by genetic algorithm. The anomaly detectors are the population be composed of by following the negative selection procedure of the biological immune system. To show the effectiveness of proposed system, we apply the learning algorithm to the artificial network environment, which is a computer security system.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.131-138
• /
• 2020

Malware is generally recognized as a computer program that penetrates another computer system and causes malicious behavior intended by the developer. In cyberspace, it is also used as a cyber weapon to attack adversary. The most important factor that a malware must have as a cyber weapon is that it must achieve its intended purpose before being detected by the other's detection system. It requires a lot of time and expertise to create a single malware to avoid the other's detection system. We propose the framework that automatically generates variant malware when a binary code type malware is input using the DCM technique. In this framework, the sample malware was automatically converted into variant malware, and it was confirmed that this variant malware was not detected in the signature-based malware detection system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.97-110
• /
• 2004

As modem web services become enormously complex, web attacks has become frequent and serious. Existing security solutions such as firewalls or signature-based intrusion detection systems are generally inadequate in securing web services, and analysis of raw web log data is simply impractical for most organizations. Visual display of "interpreted" web logs, with emphasis on anomalous web requests, is essential for an organization to efficiently track web usage patterns and detect possible web attacks. In this paper, we discuss various issues related to effective real-time visualization of web usage patterns and anomalies. We implemented a software tool named SAD (session anomaly detection) Viewer to satisfy such need and conducted an empirical study in which anomalous web traffics such as Misuse attacks, DoS attacks, Code-Red worms and Whisker scans were injected. Our study confirms that SAD Viewer is useful in assisting web security engineers to monitor web usage patterns in general and anomalous web sessions in particular.articular.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.193-204
• /
• 2017

The security of Internet systems critically depends on the capability to keep anti-virus (AV) software up-to-date and maintain high detection accuracy against new malware. However, malware variants evolve so quickly they cannot be detected by conventional signature-based detection. In this paper, we proposed a malware classification method based on sequence patterns generated from the network flow of malware samples. We evaluated our method with 766 malware samples and obtained a classification accuracy of approximately 40.4%. In this study, malicious codes were classified only by network behavior of malicious codes, excluding codes and other characteristics. Therefore, this study is expected to be further developed in the future. Also, we can predict the attack groups and additional attacks can be prevented.