Abstract:
A computing device configured to execute an instruction set is provided. The computing device includes a system call hooker for hooking system calls that occur by the instruction set while the instruction set is executed, a category extractor for extracting a category to which each of the hooked system calls belongs with reference to category information associated with a correspondence relationship between a system call and a category, a sequence extractor for extracting one or more behavior sequences expressed in an N-gram manner from a full sequence of the hooked system calls with reference to the extracted category, and a model generator for generating a behavior pattern model of the system calls that occur when the instruction set is executed, based on a number of times that each of the extracted behavior sequences occurs.
Abstract:
Disclosed is a video recording apparatus for a vehicle, which includes a camera unit formed so as to change a capturing direction; a driver's viewing direction detecting unit configured to detect a driver's viewing direction; a control unit configured to control the camera unit so that the detected viewing direction corresponds to the capturing direction; and a storing unit configured to store a video obtained by the camera unit. Therefore, a video in a direction at which the driver views is obtained and stored without mounting a plurality of cameras so that it is possible to obtain a video for a situation of an accident of a vehicle of the driver or a vehicle of another driver occurring not only in the front of the driver's vehicle but also in the side of the driver's vehicle.
Abstract:
A behavior-based malicious code detecting apparatus and method using multiple feature vectors is disclosed. A malicious code learning method may include collecting characteristic factor information when a training target process comprising a malicious code is executed, generating a feature vector for malicious code verification based on the collected characteristic factor information, learning the generated feature vector through a plurality of machine learning algorithms to generate a model of representing the malicious code and a model of representing a normal file, and storing the model of representing the malicious code and the model of representing the normal file generated through the learning.
Abstract:
Disclosed herein a method and apparatus for detecting a malicious code based on an assembly language model. According to an embodiment of the present disclosure, there is provided a method for detecting a malicious code. The method comprising: generating an instruction code sequence by converting an input file, for which a malicious code is to be detected, into an assembly code; embedding the instruction code sequence by using a prelearned assembly language model for instruction code embedding and outputting an embedding result of the instruction code sequence; and detecting whether or not the input file is a malicious code, by using a prelearned malicious code classification model with the embedding result as an input.
Abstract:
Disclosed are a method and apparatus for searching for an attack path. The apparatus generates an attack graph, generates an attack graph ontology, generates a semantic attack graph by imparting semantics to the attack graph on the basis of the attack graph ontology, and searches for the attack path on the basis of the semantic attack graph.
Abstract:
In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.
Abstract:
Disclosed are a method and system, capable of performing adaptive intrusion detection proactively coping with a new type of attack unknown to the system and capable of training an intrusion type classification model by using a small volume of training data, the system including a data collector configured to collect host and network log information, an input data preprocessor configured to convert data acquired through the data collector into a feature vector, which is an input type of intelligence intrusion detection, and an intelligence intrusion detection analyzer configured to perform an intrusion detection and a model update by using the extracted feature vector, and an intrusion detection learning model configured to detect an intrusion and learn classification of the type of attack based on training data.