• 한국HCI학회:학술대회논문집
• /
• 2008.02a
• /
• pp.607-611
• /
• 2008

This paper proposes new video signature using spatio-temporal information for copy detection. The proposed video copy detection method is based on concentric circle partitioning method for each key frame. Firstly, key frames are extracted from whole video using temporal bilinear interpolation periodically and each frame is partitioned as a shape of concentric circle. For the partitioned sub-regions, 4 feature distributions of average intensity, its difference, symmetric difference and circular difference distributions are obtained by using the relation between the sub-regions. Finally these feature distributions are converted into binary signature by using simple hash function and merged together. For the proposed video signature, the similarity distance is calculated by simple Hamming distance so that its matching speed is very fast. From experiment results, the proposed method shows high detection success ratio of average 97.4% for various modifications. Therefore it is expected that the proposed method can be utilized for video copy detection widely.

• Journal of Institute of Control, Robotics and Systems
• /
• v.14 no.1
• /
• pp.54-61
• /
• 2008

This paper proposes a new algorithm for detecting and recognizing overlapped objects among a stack of arbitrarily located objects using a signature representation scheme. The proposed algorithm consists of two processes of detecting overlap of objects and of determining the boundary between overlapping objects. To determine overlap of objects, in the first step, the edge image of object region is extracted and those areas in the object region are considered as the object areas if an area is surrounded by a closed edge. For each object, its signature image is constructed by measuring the distances of those edge points from the center of the object, along the angle axis, which are located at every angle with reference to the center of the object. When an object is not overlapped, its features which consist of the positions and angles of outstanding points in the signature are searched in the database to find its corresponding model. When an object is overlapped, its features are partially matched with those object models among which the best matching model is selected as the corresponding model. The boundary among the overlapping objects is determined by projecting the signature to the original image. The performance of the proposed algorithm has been tested with the task of picking the top or non-overlapped object from a stack of arbitrarily located objects. In the experiment, a recognition rate of 98% has been achieved.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.434-437
• /
• 2010

NIPS(Network Intrusion Prevention System) is in line at the end of the external and internal networks which performed two kinds of action: Signature-based filtering and anomaly detection and prevention-based on self-learning. Among them, a signature-based filtering is well known to defend against attacks. By using signature-based filtering, intrusion prevention system passing a payload of packets is compared with attack patterns which are signature. If match, the packet is discard. However, when there is packet delay, it will increase the required pattern matching time as the number of signature is increasing whenever there is delay occur. Therefore, to ensure the performance of IPS, we needed more efficient pattern matching algorithm for high-performance ISP. To improve the performance of pattern matching the most important part is to reduce the number of comparisons signature rules and the packet whenever the packets arrive. In this paper, we propose an improve signature hashing-based pattern matching method. We use tuple pruning algorithm with Bloom filters, which effectively remove unnecessary tuples. Unlike other existing signature hashing-based IPS, our proposed method to improve the performance of IPS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.2
• /
• pp.277-284
• /
• 2016

Various network attacks such as DDoS(Distributed Denial of service) and orm are one of the biggest problems in the modern society. These attacks reduce the quality of internet service and caused the cyber crime. To solve the above problem, signature based IDS(Intrusion Detection System) has been developed by network vendors. It has a high detection rate by using database of previous attack signatures or known malicious traffic pattern. However, signature based IDS have the fatal weakness that the new types of attacks can not be detected. The reason is signature depend on previous attack signatures. In this paper, we propose a k-means clustering based malicious traffic detection method to complement the problem of signature IDS. In order to demonstrate efficiency of the proposed method, we apply the bayesian theorem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.963-974
• /
• 2018

With the growing interest in cryptocurrency such as bitcoin, the blockchain technology has attracted much attention in various applications as a distributed security platform with excellent security. However, Cryptojacking, an attack that hijack other computer resources such as CPUs, has occured due to vulnerability to the Cryptomining process. In particular, browser-based Cryptojacking is considered serious because attacks can occur only by visiting a Web site without installing it on a visitor's PC. The current Cryptojacking detection system is mostly signature-based. Signature-based detection methods have problems in that they can not detect a new Cryptomining code or a modification of existing Cryptomining code. In this paper, we propose a Cryptojacking detection solution using a dynamic analysis-based that uses a headless browser to detect unknown Cryptojacking attacks. The proposed dynamic analysis-based Cryptojacking detection system can detect new Cryptojacking site that cannot be detected in existing signature-based Cryptojacking detection system and can detect it even if it is called or obfuscated by bypassing Cryptomining code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• The KIPS Transactions:PartA
• /
• v.18A no.1
• /
• pp.19-24
• /
• 2011

As era of multi-core processors has arrived, transactional memory has been considered as an effective method to achieve easy and fast multi-threaded programming. Various hardware transactional memory systems such as UTM, VTM, FastTM, LogTM, and LogTM-SE, have been introduced in order to implement high-performance multi-core processors. Especially, LogTM-SE has provided study performance with an efficient memory management policy and a practical thread scheduling method through conflict detection based on signatures. However, increasing number of cores on a processor imposes the hardware complexity for signature processing. This causes overall performance degradation due to the heavy workload on signature comparison. In this paper, we propose a new architecture of multiple signature comparison to improve conflict detection of signature based transactional memory systems.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.40 no.1
• /
• pp.96-102
• /
• 2003

Video copy detection is a complementary approach to watermarking. As opposed to watermarking, which relies on inserting a distinct pattern into the video stream, video copy detection techniques match content-based signatures to detect copies of video. Existing typical content-based copy detection schemes have relied on image matching. This paper proposes two new sequence matching techniques for copy detection and compares the performance with color techniques that is the existing techniques. Motion, intensity and color-based signatures are compared in the context of copy detection. Comparison of experimental results are reported on detecting copies of movie clips.

• Journal of Korea Multimedia Society
• /
• v.7 no.12
• /
• pp.1639-1649
• /
• 2004

In this paper, a method for detection of forged signatures based on spectral analysis of directional gradient density function and a weighted fuzzy classifier is proposed. The well defined outline of an incoming signature image is extracted in a preprocessing stage which includes noise reduction, automatic thresholding, image restoration and erosion process. The directional gradient density function derived from extracted signature outline is highly related to the overall shape of signature image, and thus its frequency spectrum is used as a feature set. With this spectral feature set, having a property to be invariant in size, shift, and rotation, a weighted fuzzy classifier is evaluated for the verification of freehand and random forgeries. Experiments show that less than 5% averaged error rate can be achieved on a database of 500 signature samples.

• Smart Media Journal
• /
• v.8 no.3
• /
• pp.17-22
• /
• 2019

Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires considerable knowledge of various fields. Attackers may modify previous attempts to escape intrusion detection rules. In this paper, we deal with the problem of detecting modified attacks based on previous intrusion detection rules. We show a simple method of reporting approximate occurrences of at least one of the network intrusion detection rules, based on q-grams and the longest increasing subsequences. Experimental results showed that our approach could detect modified attacks, modeled with edit operations.