• Title/Summary/Keyword: signature-based detection

Search Result 203, Processing Time 0.023 seconds

Location Estimation Enhancement Using Space-time Signal Processing in Wireless Sensor Networks: Non-coherent Detection

  • Oh, Chang-Heon
    • Journal of information and communication convergence engineering
    • /
    • v.10 no.3
    • /
    • pp.269-275
    • /
    • 2012
  • In this paper, we proposed a novel location estimation algorithm based on the concept of space-time signature matching in a moving target environment. In contrast to previous fingerprint-based approaches that rely on received signal strength (RSS) information only, the proposed algorithm uses angle, delay, and RSS information from the received signal to form a signature, which in turn is utilized for location estimation. We evaluated the performance of the proposed algorithm in terms of the average probability of error and the average error distance as a function of target movement. Simulation results confirmed the effectiveness of the proposed algorithm for location estimation even in moving target environment.

Limits and Countermeasures on Buffer Overflow Attack Detection Based on Signature Matching (시그너쳐 매칭에 기반한 버퍼넘침 공격 탐지의 한계 및 대응)

  • 김성수;위규범
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04a
    • /
    • pp.404-406
    • /
    • 2003
  • C언어는 포인터형 변수를 제공하며 배열의 경계를 인식하지 않는다. 이러한 특성에서 기인한 버퍼넘침 (buffer overflew)은 널리 알려진 취약점으로서 보안침해 수단으로 널리 악용되고 있다. 이 문제를 해결하기 위한 한 방법으로 오용탐지기술은 버퍼넘침에 공통적으로 사용되는 시그너쳐(Signature)를 가지고 클라이언트(client)가 전송한 패킷을 검사함으로서 고전적인 버퍼넘침을 탐지하고 있다. 본 논문에서는 이러한 탐지 방법을 우회할 수 있는 보다 위협적이고 지능적인 보안침해 가능성을 제시한다.

  • PDF

Photonic sensors for micro-damage detection: A proof of concept using numerical simulation

  • Sheyka, M.;El-Kady, I.;Su, M.F.;Taha, M.M. Reda
    • Smart Structures and Systems
    • /
    • v.5 no.4
    • /
    • pp.483-494
    • /
    • 2009
  • Damage detection has been proven to be a challenging task in structural health monitoring (SHM) due to the fact that damage cannot be measured. The difficulty associated with damage detection is related to electing a feature that is sensitive to damage occurrence and evolution. This difficulty increases as the damage size decreases limiting the ability to detect damage occurrence at the micron and submicron length scale. Damage detection at this length scale is of interest for sensitive structures such as aircrafts and nuclear facilities. In this paper a new photonic sensor based on photonic crystal (PhC) technology that can be synthesized at the nanoscale is introduced. PhCs are synthetic materials that are capable of controlling light propagation by creating a photonic bandgap where light is forbidden to propagate. The interesting feature of PhC is that its photonic signature is strongly tied to its microstructure periodicity. This study demonstrates that when a PhC sensor adhered to polymer substrate experiences micron or submicron damage, it will experience changes in its microstructural periodicity thereby creating a photonic signature that can be related to damage severity. This concept is validated here using a three-dimensional integrated numerical simulation.

Evaluations of AI-based malicious PowerShell detection with feature optimizations

  • Song, Jihyeon;Kim, Jungtae;Choi, Sunoh;Kim, Jonghyun;Kim, Ikkyun
    • ETRI Journal
    • /
    • v.43 no.3
    • /
    • pp.549-560
    • /
    • 2021
  • Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.

Novelty Detection on Web-server Log Dataset (웹서버 로그 데이터의 이상상태 탐지 기법)

  • Lee, Hwaseong;Kim, Ki Su
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.10
    • /
    • pp.1311-1319
    • /
    • 2019
  • Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

Infrared Signature Analysis of the Aircraft Exhaust Plume with Radiation Database (복사 데이터베이스를 활용한 항공기 배기 플룸 IR 신호 해석)

  • Cho, Pyung Ki;Gu, Bonchan;Baek, Seung Wook;Kim, Won Cheol
    • Journal of the Korean Society for Aeronautical & Space Sciences
    • /
    • v.44 no.7
    • /
    • pp.568-575
    • /
    • 2016
  • For the combat survivability, an infrared signature emitted from aircraft is needed to be predicted and analyzed. In this study, we studied the infrared signature from the exhaust plume from the viewpoint of Infrared(IR) detector. The Line-By-Line method using the radiation database is used for radiative property, and radiative intensity analysis is conducted along 1-D line of sight based on the radiative property. The numerical thermo-fluid field for the plume is conducted by ANSYS FLUENT, while setting the lines of sight having the different detection angle on the thermo-fluid field. We found the high IR signature on the line of sight passing through the locally high temperature region of the plume inside, and the strongest signature from the line of sight toward the nozzle surface. Based on this, it confirms the influence of the surface radiative emission on the infrared signature.

Packer Identification Using Adaptive Boosting Algorithm (Adaptive Boosting을 사용한 패커 식별 방법 연구)

  • Jang, Yun-Hwan;Park, Seong-Jun;Park, Yongsu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.2
    • /
    • pp.169-177
    • /
    • 2020
  • Malware analysis is one of the important concerns of computer security, and advances in analysis techniques have become important for computer security. In the past, the signature-based method was used to detect malware. However, as the percentage of packed malware increased, it became more difficult to detect using the conventional method. In this paper, we propose a method for identifying packers of packed programs using machine learning. The proposed method parses the packed program to extract specific PE information that can identify the packer and identifies the packer using the Adaptive Boosting algorithm among the machine learning models. To verify the accuracy of the proposed method, we collected and tested 391 programs packed with 12 types of packers and found that the packers were identified with an accuracy of about 99.2%. In addition, we presented the results of identification using PEiD, a signature-based PE identification tool, and existing machine learning method. The proposed method shows better performance in terms of accuracy and speed in identifying packers than existing methods.

A Designing Method of Digital Forensic Snort Application Model (Snort 침입탐지 구조를 활용한 디지털 Forensic 응용모델 설계방법)

  • Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.10 no.2
    • /
    • pp.1-9
    • /
    • 2010
  • Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

Whitelist-Based Anomaly Detection for Industrial Control System Security (제어시스템 보안을 위한 whitelist 기반 이상징후 탐지 기법)

  • Yoo, Hyunguk;Yun, Jeong-Han;Shon, Taeshik
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.8
    • /
    • pp.641-653
    • /
    • 2013
  • Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.

A Configurable Software-based Approach for Detecting CFEs Caused by Transient Faults

  • Liu, Wei;Ci, LinLin;Liu, LiPing
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.5
    • /
    • pp.1829-1846
    • /
    • 2021
  • Transient faults occur in computation units of a processor, which can cause control flow errors (CFEs) and compromise system reliability. The software-based methods perform illegal control flow detection by inserting redundant instructions and monitoring signature. However, the existing methods not only have drawbacks in terms of performance overhead, but also lack of configurability. We propose a configurable approach CCFCA for detecting CFEs. The configurability of CCFCA is implemented by analyzing the criticality of each region and tuning the detecting granularity. For critical regions, program blocks are divided according to space-time overhead and reliability constraints, so that protection intensity can be configured flexibly. For other regions, signature detection algorithms are only used in the first basic block and last basic block. This helps to improve the fault-tolerant efficiency of the CCFCA. At the same time, CCFCA also has the function of solving confusion and instruction self-detection. Our experimental results show that CCFCA incurs only 10.61% performance overhead on average for several C benchmark program and the average undetected error rate is only 9.29%. CCFCA has high error coverage and low overhead compared with similar algorithms. This helps to meet different cost requirements and reliability requirements.