• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.7C
• /
• pp.712-718
• /
• 2003

C.elegans are often used to study of function of gene, but it is difficult for human observation to distinguish the mutants of C.elegans. To solve this problem, the system, which can classify the mutant types automatically using the computer vision, is now studying. Tn previous work［1］, we described the preprocessing method for automated-classification system. In this paper, we introduce shape features, which can be extracted from an acquisition image. We divide the feature into two categories, which are related to size and posture of the worm, and each feature is described mathematically We validate the shape information experimentally. And we use hierarchical clustering algorithm for classification. It reveals that 4 mutants of the worm, which are used in experiment, can be classified with over 90% of success rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.1
• /
• pp.233-262
• /
• 2024

Due to the rapid evolution of vehicular ad hoc networks (VANETs), effective communication and security are now essential components in providing secure and reliable vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. However, due to their dynamic nature and potential threats, VANETs need to have strong security mechanisms. This paper presents a novel approach to improve VANET security by combining the Vehicular Delay-Tolerant Network (VDTN) protocol with the Deep Reinforcement Learning (DRL) technique known as the Twin Delayed Deep Deterministic Policy Gradient (TD3) algorithm. A store-carry-forward method is used by the VDTN protocol to resolve the problems caused by inconsistent connectivity and disturbances in VANETs. The TD3 algorithm is employed for capturing and detecting Worm Hole Attack (WHA) behaviors in VANETs, thereby enhancing security measures. By combining these components, it is possible to create trustworthy and effective communication channels as well as successfully detect and stop rushing attacks inside the VANET. Extensive evaluations and simulations demonstrate the effectiveness of the proposed approach, enhancing both security and communication efficiency.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.49-57
• /
• 2006

Firewall to block a network access of unauthorized IP system and IDS (Intrusion Detection System) to detect malicious code pattern to be known consisted the main current of the information security system at the past. But, with rapid growth the diffusion speed and damage of malicious code like the worm, study of the unknown attack traffic is processed actively. One of such method is detection technique using traffic statistics information on the network viewpoint not to be an individual system. But, it is very difficult but to reserve traffic raw data or statistics information. Therefore, we present extraction technique of a network traffic Raw data and a statistics information like the time series. Also, We confirm the validity of a mixing traffic and show the evidence which is suitable to the experiment.

• Journal of information and communication convergence engineering
• /
• v.7 no.2
• /
• pp.157-163
• /
• 2009

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.153-156
• /
• 2001

Code Red, Nimda 등 최근 인터넷웜(Internet Worm)에 의한 침입은 방화벽시스템, 침입탐지시스템 등 보안제품이 존재하는 네트워크에서도 적절한 대책이 되지 않은 경향을 보이고 있다. 침입차단시스템을 통과할 수 있는 신종 취약점을 이용한 침입에는 오용방지방법(Misuse Detection)에 의한 침입탐지시스템이 침입패턴을 업데이트하기 전에 이미 네트 워크에 피해를 입힐 가능성이 크게 증가하는 것이다. 향후에도 크게 증가할 것으로 보이는 인터넷웜 공격 등에는 침입차단시스템, 침입탐지시스템 등 보안제품의 로그기록 상황과 네트워크의 보안상태를 지속적으로 감시함으로서 조기에 침입을 탐지할 수 있다. 본 논문에서는 신종 웜 공격에 의한 침입이 발생되었을 때 IDS가 탐지하지 못하는 상황에서도 침입의 흔적을 조기에 발견할 수 있는 네트워크 보안 상태변수확인방법(Network Security Parameter Matching Method)을 제안하고자 한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.278-282
• /
• 2004

Recently traffic flooding attack has happened faster and faster owing to expansion of the worm attack and development of the method of traffic flooding attack. The method in the past time is problematic in detecting the recent traffic flooding attacks, which are running quickly. Therefore, this paper aims to establish the algorithm which reduces the time of detection to traffic flooding attack in collecting and analyzing traffics.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.6
• /
• pp.1462-1470
• /
• 2013

This paper proposes an SWAD-KNH(Sybil & Wormhole Attack Detection using Key, Neighbor list and Hop count) technique which consists of an SWAD(Sybil & Wormhole Attack Detection) module detecting an Worm attack and a KGDC(Key Generation and Distribution based on Cluster) module generating and an sense node key and a Group key by the cluster and distributing them. The KGDC module generates a group key and an sense node key by using an ECDH algorithm, a hash function, and a key-chain technique and distributes them safely. An SWAD module strengthens the detection of an Sybil attack by accomplishing 2-step key acknowledgement procedure and detects a Wormhole attack by using the number of the common neighbor nodes and hop counts of an source and destination node. As the result of the SWAD-KNH technique shows an Sybil attack detection rate is 91.2% and its average FPR 3.82%, a Wormhole attack detection rate is 90%, and its average FPR 4.64%, Sybil and wormhole attack detection rate and its reliability are improved.

• Biomedical Science Letters
• /
• v.6 no.2
• /
• pp.93-100
• /
• 2000

The change in mean absorbance values for IgA/IgE in rats and mice infected with Echinostoma hortense metacercariae was studied from the 2nd week to the 8th week after infection. Serum and intestinal luminal content (ILC) levels of IGA/IGE were measured by enzyme-linked immunosorbent assay(ELISA). The mean absorbance values obtained from IgA in the rats' ILC increased from the 2nd week to the 8th week after infection. The peak value (0.47$\pm$0.01) appeared in the 8th week. The mean absorbance values of IgE in the rats' ILC didn't increase significantly (p>0.05). The worm recovery rate decreased at a slower, pace after, infection. The duration in which the peak value of IgA in rats' ILC appeared was similar to that in which the worm recovery rate declined significantly. Serum levels of IgA/IgE in mice increased gradually from the 2nd week after infection. The peak value (0.45$\pm$0.01) of IgA appeared in the 8th week, and that (0.23$\pm$0.02) of IgE appeared in the 7th week after infection. The ILC level of IgA in mice continued to increase after infection, and reached its peak in the 8th week. The change in IgA/lgE in the serum and IgA in the ILC of mice was inversely related to worm recovery rate. As a result of this experiment, it is supposed that IgA/IgE may play an important role in the expulsion of Echinostoma hortense.

• Convergence Security Journal
• /
• v.6 no.2
• /
• pp.91-99
• /
• 2006

As the speed of network has fastened and the Internet has became common, an ill-intentioned aggression, such as worm and E-mail virus rapidly increased. So that there too many defenses created the recent Intrusion detection system as well as the Intrusion Prevention Systems to defense the malicious aggression to the network. Also as the form of malicious aggression has changed, at the same time the method of defense has changed. There is "snort" the most representive method of defense and its Rules file increases due to the change of aggression form. This causes decline of capability for detection. This paper suggest, design, and realize the structure for the improvement of processing capability by separating the files of Snort Rule according to o/s. This system show more improvement of the processing capability than the existing composion.