• Journal of KIISE
• /
• v.45 no.1
• /
• pp.1-8
• /
• 2018

Recently, distribution of malicious codes using the Internet has been one of the most serious cyber threats. Technology of malicious code distribution with detection bypass techniques has been also developing and the research has focused on how to detect and analyze them. However, obfuscated malicious JavaScript is almost impossible to detect, because the existing malicious code distributed web page detection system is based on signature and another limitation is that it requires constant updates of the detection patterns. We propose to overcome these limitations by means of an intelligent malicious code distributed web page detection system using a real browser that can analyze and detect intelligent malicious code distributed web sites effectively.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• ETRI Journal
• /
• v.33 no.4
• /
• pp.600-610
• /
• 2011

This paper presents a novel approach to face detection by localizing faces as the goal-specific saliencies in a scene, using the framework of selective visual attention of a human with a particular goal in mind. The proposed approach aims at achieving human-like robustness as well as efficiency in face detection under large scene variations. The key is to establish how the specific knowledge relevant to the goal interacts with the bottom-up process of external visual stimuli for saliency detection. We propose a direct incorporation of the goal-related knowledge into the specification and/or modification of the internal process of a general bottom-up saliency detection framework. More specifically, prior knowledge of the human face, such as its size, skin color, and shape, is directly set to the window size and color signature for computing the center of difference, as well as to modify the importance weight, as a means of transforming into a goal-specific saliency detection. The experimental evaluation shows that the proposed method reaches a detection rate of 93.4% with a false positive rate of 7.1%, indicating the robustness against a wide variation of scale and rotation.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.489-494
• /
• 2007

침입방지 시스템(IPS, Intrusion Prevention System)은 인라인모드(in-line mode)로 네트워크에 설치되어, 네트워크를 지나는 패킷 또는 세션을 검사하여 만일 그 패킷에서 공격이 감지되면 해당 패킷을 폐기하거나 세션을 종료시킴으로서 외부의 침입으로부터 네트워크를 보호하는 시스템을 의미한다. 침입방지 시스템은 크게 두 가지 종류의 동작을 수행한다. 하나는 이미 알려진 공격으로부터 방어하는 시그너처 기반 필터링(signature based filtering)이고 다른 하나는 알려지지 않은 공격이나 비정상 세션으로부터 방어하는 자기 학습 기반의 변칙 탐지 및 방지(anomaly detection and prevention based on selflearning)이다. 시그너처 기반 필터링에서는 침입방지시스템을 통과하는 패킷의 페이로드와 시그너처라고 불리는 공격 패턴들과 비교하여 같으면 그 패킷을 폐기한다. 시그너처의 개수가 증가함에 따라 하나의 들어온 패킷에 대하여 요구되는 패턴 매칭 시간은 증가하게 되어 패킷지연 없이 동작하는 고성능 침입탐지시스템을 개발하는 것이 어렵게 되었다. 공개 침입방지 소프트웨어인 SNORT를 위한 여러 개의 효율적인 패턴 매칭 방식들이 제안되었는데 시그너처들의 공통된 부분에 대해 한번만 매칭을 수행하거나 한 바이트 단위 비교대신 여러 바이트 비교 동작을 수행함으로써 불필요한 매칭동작을 줄이려고 하였다. 본 논문에서는 패턴 매칭 시간을 시그너처의 개수와 무관하게 하기 위하여 시그너처 해싱 기반에 기반한 고성능 침입방지시스템을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5527-5545
• /
• 2019

Through-wall ultra-wide band (UWB) radar has been considered as one of the preferred and non-contact technologies for the targets detection owing to the better time resolution and stronger penetration. The high time resolution is a result of a larger of bandwidth of the employed UWB pulses from the radar system, which is a useful tool to separate multiple targets in complex environment. The article emphasised on human subject localization and detection. Human subject usually can be detected via extracting the weak respiratory signals of human subjects remotely. Meanwhile, the range between the detection object and radar is also acquired from the 2D range-frequency matrix. However, it is a challenging task to extract human respiratory signals owing to the low signal to clutter ratio. To improve the feasibility of human respiratory signals detection, a new method is developed via analysing the standard deviation based kurtosis of the collected pulses, which are modulated by human respiratory movements in slow time. The range between radar and the detection target is estimated using joint time-frequency analysis (JTFA) of the analysed characteristics, which provides a novel preliminary signature for life detection. The breathing rates are obtained using the proposed accumulation method in time and frequency domain, respectively. The proposed method is validated and proved numerically and experimentally.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.61-75
• /
• 2011

Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

• Proceedings of the KIEE Conference
• /
• 2002.07d
• /
• pp.2222-2224
• /
• 2002

Induction motors are critical components of many industrial machines and are frequently integrated in commercial equipment. The heavy economical losses and the deterioration of system reliability might be caused by the failure of induction motors in industrial field. Based on the reliability and cost competitiveness of driving system (motors), the faults detection and diagnosis of system is considered very important factors. In order to perform the faults detection and diagnosis of motors, the vibration monitoring method and motor current signature analysis (MCSA) method are emphasized. In this paper, MCSA method are used for induction motor fault diagnosis. This method analyzes the motors supply current. since this diagnoses faults of the motor. The diagnostic algorithm is based on the artificial neural network, and the diagnosis system is programmed by using LabVIEW and MATLAB.

• Proceedings of the KSR Conference
• /
• 2003.10c
• /
• pp.529-534
• /
• 2003

Within industry induction motors have a broad application area to drive pumps, fans, elevators and electric trains. Sudden failures of such machines can cause the heavy economical losses and the deterioration of system reliability. Based on the reliability and cost competitiveness of driving system (motors), the faults detection and the diagnosis of system are considered very important factors. In order to perform the faults detection and diagnosis of motors, the vibration monitoring method and motor current signature analysis (MCSA) method are emphasized. In this paper, MCSA method are used for induction motor fault diagnosis. This method analyzes the motor's supply current, since this diagnoses faults of the motor. The diagnostic algorithm is based on the principal component analysis(PCA), and the diagnosis system is programmed by using LabVIEW and MATLAB.

• Proceedings of the KIEE Conference
• /
• 2003.11c
• /
• pp.645-648
• /
• 2003

Induction motors are a critical component of industrial processes. Sudden failures of such machines can cause the heavy economical losses and the deterioration of system reliability. Based on the reliability and cost competitiveness of driving system (motors), the faults detection and the diagnosis of system are considered very important factors. In order to perform the faults detection and diagnosis of motors, the vibration monitoring method and motor current signature analysis (MCSA) method are emphasized. In this paper, MCSA method is used for induction motor fault diagnosis. This method analyses the motor's supply current. since this diagnoses faults of the motor. The diagnostic algorithm is based on the principal component analysis(PCA), and the diagnosis system is programmed by using LabVIEW and MATLAB.