• Proceedings of the Computational Structural Engineering Institute Conference
• /
• 2004.04a
• /
• pp.373-380
• /
• 2004

This paper presents the feasibility of an impedance-based damage detection technique using piezoelectric (PZT) transducers for civil infrastructures such as steel bridges. The impedance-based damage detection method is based on monitoring the changes in the electrical impedance. Those changes in the electrical impedance are due to the electro-mechanical coupling property of the piezoelectric material and structure. An effective integrated structural health monitoring system must include a statistical process of damage detection that is automated and real time assessment of damage in the structure. Once measured, damage sensitive features from this impedance change can be statistically quantified for various damage cases. The results of the experimental study on three kinds of structural members show that cracks or loosened bolts/nuts near the PZT sensors may be effectively detected by monitoring the shifts of the resonant frequencies. The root mean square (RMS) deviations of impedance functions between before and after damages were also considered as a damage indicator. The subsequent statistical methods using the impedance signature of the PZT sensors were investigated.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3258-3273
• /
• 2021

Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.411-418
• /
• 2020

In the field of information security, IDS(Intrusion Detection System) is normally classified in two different categories: signature-based IDS and anomaly-based IDS. Many studies in anomaly-based IDS have been conducted that analyze network traffic data generated in cyberspace by machine learning algorithms. In this paper, we studied pre-processing methods to overcome performance degradation problems cashed by rare classes. We experimented classification performance of a Machine Learning algorithm by reconstructing data set based on rare classes and semi rare classes. After reconstructing data into three different sets, wrapper and filter feature selection methods are applied continuously. Each data set is regularized by a quantile scaler. Depp neural network model is used for learning and validation. The evaluation results are compared by true positive values and false negative values. We acquired improved classification performances on all of three data sets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.551-561
• /
• 2018

As the computational technology using quantum computing has been developed, several threats on cryptographic systems are recently increasing. Therefore, many researches on post-quantum cryptosystems which can withstand the analysis attacks using quantum computers are actively underway. Nevertheless, the lattice-based NTRU system, one of the post-quantum cryptosystems, is pointed out that it may be vulnerable to the fault injection attack which uses the weakness of implementation of NTRU. In this paper, we investigate the fault injection attacks and their previous countermeasures on the NTRU signature system and propose a secure and efficient countermeasure to defeat it. As a simulation result, the proposed countermeasure has high fault detection ratio and low implementation costs.

• Journal of Communications and Networks
• /
• v.13 no.2
• /
• pp.187-200
• /
• 2011

We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifiesmalware signatures that are not of interest (99%). The screening step significantly improves end-to-end performance because safe files are quickly identified and are not processed further, and malware files can subsequently be scanned using only the signatures that are necessary. Our approach naturally leads to a network-based anti-malware solution in which clients only receive signatures they needed, not every malware signature ever created as with current approaches. We have implemented SplitScreen as an extension to ClamAV, the most popular open source anti-malware software. For the current number of signatures, our implementation is $2{\times}$ faster and requires $2{\times}$ less memory than the original ClamAV. These gaps widen as the number of signatures grows.

• Proceedings of the KSRS Conference
• /
• 2003.11a
• /
• pp.820-824
• /
• 2003

One of the most important research areas on remote sensing is spectral unmixing of hyper-spectral data. For spectral unmixing of hyper spectral data, accurate land cover information is necessary. But obtaining accurate land cover information is difficult process. Obtaining land cover information from high-resolution data may be a useful solution. In this study spectral signature of endmembers on ASTER acquired in October was calculated from land cover information on IKONOS acquired in September. Then the spectral signature of endmembers applied to ASTER images acquired on January and March. Then the result of spectral unmxing of them evauateted. The spectral signatures of endmembers could be applied to different seasonal images. When it applied to an ASTER image which have similar zenith angle to the image of the spectral signatures of endmembers, spectral unmixing result was reliable. Although test data has different zenith angle from the image of spectral signatures of endmembers, the spectral unmixing results of urban and vegetation were reliable.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.1
• /
• pp.85-94
• /
• 2014

This paper studied the detection technique using file DNA-based behavior pattern analysis in order to minimize damage to user system by malicious programs before signature or security patch is released. The file DNA-based detection technique was applied to defend against zero day attack and to minimize false detection, by remedying weaknesses of the conventional network-based packet detection technique and process-based detection technique. For the file DNA-based detection technique, abnormal behaviors of malware were splitted into network-related behaviors and process-related behaviors. This technique was employed to check and block crucial behaviors of process and network behaviors operating in user system, according to the fixed conditions, to analyze the similarity of behavior patterns of malware, based on the file DNA which process behaviors and network behaviors are mixed, and to deal with it rapidly through hazard warning and cut-off.

• Journal of the Society of Naval Architects of Korea
• /
• v.60 no.1
• /
• pp.57-64
• /
• 2023

Recently, the increased use of anti-ship guided missiles, a weapon system that detects and attacks targets in naval engagement, has come to pose a major threat to the survivability of ships. In order to improve the survivability of ships in response to such anti-ship guided missiles, many studies of means to counteract them have been conducted in militarily advanced countries. The integrated survivability of a ship can be largely divided into susceptibility, vulnerability, and recoverability, and is expressed as the conditional probability, if the ship is hit, of damage and recovery. However, as research on susceptibility is a major military secret of each country, access to it is very limited and there are few publicly available data. Therefore, in this study, a possibility of estimating the susceptibility of ships using an anti-air defense system corresponding to anti-ship guided missiles was reviewed. To this, scenarios during engagement, weapon systems mounted to counter threats, and maximum detection/battle range according to the operational situation of the defense weapon system were defined. In addition, the effectiveness of the anti-air defense system and susceptibility was calculated based on the performance of the weapon system, the crew's ability to operate the weapon system, and the detection probability of the detection/defense system. To evaluate the susceptibility estimation feasibility, the sensitivity of the detailed variables was reviewed, and the usefulness of the established process was confirmed through sensitivity analysis.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.145-154
• /
• 2022

Recently, the widespread proliferation and high sophistication of botnets are having serious consequences not only for enterprises and users, but also for cyber warfare between countries. Therefore, research to detect botnets is steadily progressing. However, the DGA-based botnet has a high detection rate with the existing signature and statistics-based technology, but also has a high limit in the false positive rate. Therefore, in this paper, we propose a detection model using text-based n-gram to detect DGA-based botnets. Through the proposed model, the detection rate, which is the limit of the existing detection technology, can be increased and the false positive rate can also be minimized. Through experiments on large-scale domain datasets and normal domains used in various DGA botnets, it was confirmed that the performance was superior to that of the existing model. It was confirmed that the false positive rate of the proposed model is less than 2 to 4%, and the overall detection accuracy and F1 score are both 97.5%. As such, it is expected that the detection and response capabilities of DGA-based botnets will be improved through the model proposed in this paper.

• International Commerce and Information Review
• /
• v.9 no.3
• /
• pp.305-320
• /
• 2007

With expanded use of B2B(between enterprises), B2G(between enterprises and government) and EDI(Electronic Data Interchange), and increased amount of available network information and information protection threat, as it was judged that security can not be perfectly assured only with security technology such as electronic signature/authorization and access control, Bayesian networks have been developed for protection of information. Therefore, this study speculates Bayesian networks system, centering on ERP(Enterprise Resource Planning). The Bayesian networks system is one of the methods to resolve uncertainty in electronic data interchange and is applied to overcome uncertainty of abnormal invasion detection in ERP. Bayesian networks are applied to construct profiling for system call and network data, and simulate against abnormal invasion detection. The host-based abnormal invasion detection system in electronic trade analyses system call, applies Bayesian probability values, and constructs normal behavior profile to detect abnormal behaviors. This study assumes before and after of delivery behavior of the electronic document through Bayesian probability value and expresses before and after of the delivery behavior or events based on Bayesian networks. Therefore, profiling process using Bayesian networks can be applied for abnormal invasion detection based on host and network. In respect to transmission and reception of electronic documents, we need further studies on standards that classify abnormal invasion of various patterns in ERP and evaluate them by Bayesian probability values, and on classification of B2B invasion pattern genealogy to effectively detect deformed abnormal invasion patterns.