This page has only limited features, please log in for full access.

Unclaimed
Jungsuk Song
Korea Institute of Science and Technology Information

Basic Info

Basic Info is private.

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Conference paper
Published: 29 October 2017 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Recently, the community is recognizing to an importance of network vulnerability. Also, through the using this vulnerability, attackers can acquire the information of vulnerable users. Therefore, many researchers have been studying about a countermeasure of network vulnerabillty. In recent, the darknet is a received attention to research for detecting action of attackers. The means of darknet are formed a set of unused IP addresses and no real systems of connect to the darknet. In this paper, we proposed an using darknet for the detecting black IPs. So, it was choosen to classification and analysis through source IP of daily darknet traffic. The proposed method prepared 8,192 destination IP addresses in darknet space and collected the darknet traffic during 1 months. It collected total 277,002,257 in 2016, August. An applied results of the proposed process were seen for an effectiveness of pre-detection for real attacks.

ACS Style

JinHak Park; Jangwon Choi; Jungsuk Song. Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic. Transactions on Petri Nets and Other Models of Concurrency XV 2017, 427 -433.

AMA Style

JinHak Park, Jangwon Choi, Jungsuk Song. Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic. Transactions on Petri Nets and Other Models of Concurrency XV. 2017; ():427-433.

Chicago/Turabian Style

JinHak Park; Jangwon Choi; Jungsuk Song. 2017. "Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 427-433.

Journal article
Published: 03 August 2017 in Symmetry
Reads 0
Downloads 0

As the Internet of Things (IoT) has developed, the emerging sensor network (ESN) that integrates emerging technologies, such as autonomous driving, cyber-physical systems, mobile nodes, and existing sensor networks has been in the limelight. Smart homes have been researched and developed by various companies and organizations. Emerging sensor networks have some issues of providing secure service according to a new environment, such as a smart home, and the problems of low power and low-computing capacity for the sensor that previous sensor networks were equipped with. This study classifies various sensors used in smart homes into three classes and contains the hierarchical topology for efficient communication. In addition, a scheme for establishing secure communication among sensors based on physical unclonable functions (PUFs) that cannot be physically cloned is suggested in regard to the sensor’s low performance. In addition, we analyzed this scheme by conducting security and performance evaluations proving to constitute secure channels while consuming fewer resources. We believe that our scheme can provide secure communication by using fewer resources in a smart home environment in the future.

ACS Style

Mansik Kim; Kyung-Soo Lim; Jungsuk Song; Moon-Seog Jun. An Efficient Secure Scheme Based on Hierarchical Topology in the Smart Home Environment. Symmetry 2017, 9, 143 .

AMA Style

Mansik Kim, Kyung-Soo Lim, Jungsuk Song, Moon-Seog Jun. An Efficient Secure Scheme Based on Hierarchical Topology in the Smart Home Environment. Symmetry. 2017; 9 (8):143.

Chicago/Turabian Style

Mansik Kim; Kyung-Soo Lim; Jungsuk Song; Moon-Seog Jun. 2017. "An Efficient Secure Scheme Based on Hierarchical Topology in the Smart Home Environment." Symmetry 9, no. 8: 143.

Journal article
Published: 01 March 2017 in Applied Mathematics & Information Sciences
Reads 0
Downloads 0
ACS Style

Jungsuk Song; Takayuki Itoh; GilHa Park; Hiroki Takakura. An Advanced Security Event Visualization Method for Identifying Real Cyber Attacks. Applied Mathematics & Information Sciences 2017, 11, 353 -361.

AMA Style

Jungsuk Song, Takayuki Itoh, GilHa Park, Hiroki Takakura. An Advanced Security Event Visualization Method for Identifying Real Cyber Attacks. Applied Mathematics & Information Sciences. 2017; 11 (2):353-361.

Chicago/Turabian Style

Jungsuk Song; Takayuki Itoh; GilHa Park; Hiroki Takakura. 2017. "An Advanced Security Event Visualization Method for Identifying Real Cyber Attacks." Applied Mathematics & Information Sciences 11, no. 2: 353-361.

Journal article
Published: 13 February 2017 in Sustainability
Reads 0
Downloads 0

The darknet (i.e., a set of unused IP addresses) is a very useful solution for observing the global trends of cyber threats and analyzing attack activities on the Internet. Since the darknet is not connected with real systems, in most cases, the incoming packets on the darknet (‘the darknet traffic’) do not contain a payload. This means that we are unable to get real malware from the darknet traffic. This situation makes it difficult for security experts (e.g., academic researchers, engineers, operators, etc.) to identify whether the source hosts of the darknet traffic are infected by real malware or not. In this paper, we present the overall procedure of the in-depth analysis between the darknet traffic and IDS alerts using real data collected at the Science and Technology Cyber Security Center (S&T CSC) in Korea and provide the detailed in-depth analysis results. The ultimate goal of this paper is to provide practical experience, insight and know-how to security experts so that they are able to identify and trace the root cause of the darknet traffic. The experimental results show that correlation analysis between the darknet traffic and IDS alerts is very useful to discover potential attack hosts, especially internal hosts, and to find out what kinds of malware infected them.

ACS Style

Jungsuk Song; Younsu Lee; Jang-Won Choi; Joon-Min Gil; Jaekyung Han; Sang-Soo Choi. Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet. Sustainability 2017, 9, 262 .

AMA Style

Jungsuk Song, Younsu Lee, Jang-Won Choi, Joon-Min Gil, Jaekyung Han, Sang-Soo Choi. Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet. Sustainability. 2017; 9 (2):262.

Chicago/Turabian Style

Jungsuk Song; Younsu Lee; Jang-Won Choi; Joon-Min Gil; Jaekyung Han; Sang-Soo Choi. 2017. "Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet." Sustainability 9, no. 2: 262.

Conference paper
Published: 10 November 2015 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Since attackers easily have been making malware using dedicated malware generation tools, the number of malware is increasing rapidly. However, it is hard to analyze all malwares because of rise in high-volume of malwares. For this reason, many researchers have proposed the malware classification methods for classifying new and well-known types of malwares in order to focus on analyzing new malwares. The existing methods mostly try to find out good features which are used as a criterion of calculating a similarity between malwares for improving a classification accuracy. So, these methods extract the features including malicious behavior information by performing static and dynamic analysis, but analyzing many malwares itself spends too much time and efforts. In this paper, we propose a malware classification method for finding new types from large scale malwares using generic malware information. Proposed method can be used for a pre-step so as to help the existing methods reduce the spending time in analysis and classification for malwares. It improve the classificaion accuracy of malwares by using an imphash and proved a classification accuracy based on the imphash is more than 99 % while maintaining a low false positive rate.

ACS Style

Jiyeon Choi; Heeseok Kim; Jangwon Choi; Jungsuk Song. A Malware Classification Method Based on Generic Malware Information. Transactions on Petri Nets and Other Models of Concurrency XV 2015, 9490, 329 -336.

AMA Style

Jiyeon Choi, Heeseok Kim, Jangwon Choi, Jungsuk Song. A Malware Classification Method Based on Generic Malware Information. Transactions on Petri Nets and Other Models of Concurrency XV. 2015; 9490 ():329-336.

Chicago/Turabian Style

Jiyeon Choi; Heeseok Kim; Jangwon Choi; Jungsuk Song. 2015. "A Malware Classification Method Based on Generic Malware Information." Transactions on Petri Nets and Other Models of Concurrency XV 9490, no. : 329-336.

Journal article
Published: 31 December 2014 in Journal of the Korea Institute of Information Security and Cryptology
Reads 0
Downloads 0
ACS Style

Kyu-Il Kim; Sang-So Choi; Hark-Soo Park; Sang-Jun Ko; Jung-Suk Song. A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response. Journal of the Korea Institute of Information Security and Cryptology 2014, 24, 1185 -1195.

AMA Style

Kyu-Il Kim, Sang-So Choi, Hark-Soo Park, Sang-Jun Ko, Jung-Suk Song. A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response. Journal of the Korea Institute of Information Security and Cryptology. 2014; 24 (6):1185-1195.

Chicago/Turabian Style

Kyu-Il Kim; Sang-So Choi; Hark-Soo Park; Sang-Jun Ko; Jung-Suk Song. 2014. "A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response." Journal of the Korea Institute of Information Security and Cryptology 24, no. 6: 1185-1195.

Journal article
Published: 31 October 2014 in Journal of the Korea Institute of Information Security and Cryptology
Reads 0
Downloads 0
ACS Style

Ji-Yeon Choi; Heeseok Kim; Kyu-Il Kim; Hark-Soo Park; Jung-Suk Song. A study on extraction of optimized API sequence length and combination for efficient malware classification. Journal of the Korea Institute of Information Security and Cryptology 2014, 24, 897 -909.

AMA Style

Ji-Yeon Choi, Heeseok Kim, Kyu-Il Kim, Hark-Soo Park, Jung-Suk Song. A study on extraction of optimized API sequence length and combination for efficient malware classification. Journal of the Korea Institute of Information Security and Cryptology. 2014; 24 (5):897-909.

Chicago/Turabian Style

Ji-Yeon Choi; Heeseok Kim; Kyu-Il Kim; Hark-Soo Park; Jung-Suk Song. 2014. "A study on extraction of optimized API sequence length and combination for efficient malware classification." Journal of the Korea Institute of Information Security and Cryptology 24, no. 5: 897-909.

Journal article
Published: 31 October 2014 in Journal of the Korea Institute of Information Security and Cryptology
Reads 0
Downloads 0
ACS Style

Kyu-Il Kim; Sang-Soo Choi; Hark-Soo Park; Sang-Jun Ko; Jung-Suk Song. Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response. Journal of the Korea Institute of Information Security and Cryptology 2014, 24, 871 -883.

AMA Style

Kyu-Il Kim, Sang-Soo Choi, Hark-Soo Park, Sang-Jun Ko, Jung-Suk Song. Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response. Journal of the Korea Institute of Information Security and Cryptology. 2014; 24 (5):871-883.

Chicago/Turabian Style

Kyu-Il Kim; Sang-Soo Choi; Hark-Soo Park; Sang-Jun Ko; Jung-Suk Song. 2014. "Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response." Journal of the Korea Institute of Information Security and Cryptology 24, no. 5: 871-883.

Book chapter
Published: 01 January 2014 in Algorithms and Data Structures
Reads 0
Downloads 0

Most organizations or CERTs deploy and operate Intrusion Detection Systems (IDSs) to carry out the security monitoring and response service. Although IDSs can contribute for defending our information property and crucial systems, they have a fatal drawback in that they are able to detect only known attacks that were matched to the predefined signatures. In our previous work, we proposed a security monitoring and response framework based on not only IDS alerts, but also darknet traffic. The proposed framework regards all incoming darknet packets that were not detected by IDSs as unknown attacks. In our further analysis, we recognized that not all of darknet traffic is related to the real attacks. In this paper, we propose an advanced classification method of darknet packets to effectively identify whether they were caused by the real attacks or not. With the proposed method, the security analyst can ignore the darknet packets that were not related to the real attacks. In fact, the experimental results show that it succeeded in removing 23.45% of unsuspicious darknet packets.

ACS Style

Sangjun Ko; Kyuil Kim; Younsu Lee; Jungsuk Song. A Classification Method of Darknet Traffic for Advanced Security Monitoring and Response. Algorithms and Data Structures 2014, 357 -364.

AMA Style

Sangjun Ko, Kyuil Kim, Younsu Lee, Jungsuk Song. A Classification Method of Darknet Traffic for Advanced Security Monitoring and Response. Algorithms and Data Structures. 2014; ():357-364.

Chicago/Turabian Style

Sangjun Ko; Kyuil Kim; Younsu Lee; Jungsuk Song. 2014. "A Classification Method of Darknet Traffic for Advanced Security Monitoring and Response." Algorithms and Data Structures , no. : 357-364.

Journal article
Published: 10 May 2013 in Information Sciences
Reads 0
Downloads 0

During the last decade, various machine learning and data mining techniques have been applied to Intrusion Detection Systems (IDSs) which have played an important role in defending critical computer systems and networks from cyber attacks. Unsupervised anomaly detection techniques have received a particularly great amount of attention because they enable construction of intrusion detection models without using labeled training data (i.e., with instances preclassified as being or not being an attack) in an automated manner and offer intrinsic ability to detect unknown attacks; i.e., 0-day attacks. Despite the advantages, it is still not easy to deploy them into a real network environment because they require several parameters during their building process, and thus IDS operators and managers suffer from tuning and optimizing the required parameters based on changes of their network characteristics. In this paper, we propose a new anomaly detection method by which we can automatically tune and optimize the values of parameters without predefining them. We evaluated the proposed method over real traffic data obtained from Kyoto University honeypots. The experimental results show that the performance of the proposed method is superior to that of the previous one.

ACS Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Koji Nakao. Toward a more practical unsupervised anomaly detection system. Information Sciences 2013, 231, 4 -14.

AMA Style

Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Koji Nakao. Toward a more practical unsupervised anomaly detection system. Information Sciences. 2013; 231 ():4-14.

Chicago/Turabian Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Koji Nakao. 2013. "Toward a more practical unsupervised anomaly detection system." Information Sciences 231, no. : 4-14.

Conference paper
Published: 01 January 2013 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

DNS sinkhole is one of the powerful techniques to mitigate attack activities of bots, i.e., zombie PCs, by blocking the communication between C&C server and them. If a zombie PC sends a DNS query to our DNS server for communicating with its C&C server, our DNS server that contains domain blacklist of C&C servers returns IP address of our sinkhole server. As a result, since the zombie PC tries to communicate with our sinkhole server, it is unable to communicate with its C&C server. On the other hand, there are many cyber attacks caused by malicious URLs included in spam emails. Therefore, if we extract malicious URLs from spam emails and apply them into DNS sinkhole system, many of spam based attacks can be blocked. In this paper, we propose a methodology to enhance the capability of DNS sinkhole system by analyzing spam emails. Especially, we use double bounce emails, which do not have any valid sender and recipient addresses, as spam emails and extract malicious URLs from them. Our preliminary experimental results demonstrate that the existing domain blacklist of DNS sinkhole system is not effective. Thus, we design a new method collecting the malicious URLs from double bounce emails and show how new domain blacklist can be generated. With DNS sinkhole system using new domain blacklist, we will be able to early detect and block the latest malicious behaviors on the Internet.

ACS Style

Heeseok Kim; Sang-Soo Choi; Jungsuk Song. A Methodology for Multipurpose DNS Sinkhole Analyzing Double Bounce Emails. Transactions on Petri Nets and Other Models of Concurrency XV 2013, 8226, 609 -616.

AMA Style

Heeseok Kim, Sang-Soo Choi, Jungsuk Song. A Methodology for Multipurpose DNS Sinkhole Analyzing Double Bounce Emails. Transactions on Petri Nets and Other Models of Concurrency XV. 2013; 8226 ():609-616.

Chicago/Turabian Style

Heeseok Kim; Sang-Soo Choi; Jungsuk Song. 2013. "A Methodology for Multipurpose DNS Sinkhole Analyzing Double Bounce Emails." Transactions on Petri Nets and Other Models of Concurrency XV 8226, no. : 609-616.

Conference paper
Published: 01 January 2012 in Computer Vision
Reads 0
Downloads 0

Since a darknet is a set of unused IP addresses(i.e., no real hosts are operated with them), we are unable to observe the network traffic on it generally. In many cases, however, attackers or infected hosts by some malwares send their attack codes to the target systems or networks at random. Because of this, the darknet gives us the good opportunity to monitor malicious activities that are happening on the Internet. By analyzing the darknet traffic, it is able to get an insight into recent attack trends, but there is a fatal limitation that most of the darknet traffic have no payload data. This means that we cannot collect the real attack codes from the original darknet traffic. In this paper, we propose a malware collection and analysis framework based on the darknet traffic. With the proposed framework, it is able to get real attack codes in the wild and to respond against potential cyber attacks using them. Our experimental results on the real network environments show the effectiveness of the proposed framework.

ACS Style

Jungsuk Song; Jang-Won Choi; Sang-Soo Choi. A Malware Collection and Analysis Framework Based on Darknet Traffic. Computer Vision 2012, 7664, 624 -631.

AMA Style

Jungsuk Song, Jang-Won Choi, Sang-Soo Choi. A Malware Collection and Analysis Framework Based on Darknet Traffic. Computer Vision. 2012; 7664 ():624-631.

Chicago/Turabian Style

Jungsuk Song; Jang-Won Choi; Sang-Soo Choi. 2012. "A Malware Collection and Analysis Framework Based on Darknet Traffic." Computer Vision 7664, no. : 624-631.

Book chapter
Published: 22 March 2011 in Intrusion Detection Systems
Reads 0
Downloads 0
ACS Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Yongjin Kwo. Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM. Intrusion Detection Systems 2011, 1 .

AMA Style

Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Yongjin Kwo. Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM. Intrusion Detection Systems. 2011; ():1.

Chicago/Turabian Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Yongjin Kwo. 2011. "Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM." Intrusion Detection Systems , no. : 1.

Conference paper
Published: 01 January 2011 in Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - BADGERS '11
Reads 0
Downloads 0
ACS Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Masashi Eto; Daisuke Inoue; Koji Nakao. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - BADGERS '11 2011, 1 .

AMA Style

Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Masashi Eto, Daisuke Inoue, Koji Nakao. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - BADGERS '11. 2011; ():1.

Chicago/Turabian Style

Jungsuk Song; Hiroki Takakura; Yasuo Okabe; Masashi Eto; Daisuke Inoue; Koji Nakao. 2011. "Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation." Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - BADGERS '11 , no. : 1.

Conference paper
Published: 01 January 2011 in Proceedings of the First Workshop on In Situ Infrastructures for Enabling Extreme-Scale Analysis and Visualization
Reads 0
Downloads 0
ACS Style

Masashi Eto; Daisuke Inoue; Jungsuk Song; Junji Nakazato; Kazuhiro Ohtaka; Koji Nakao. nicter: a large-scale network incident analysis system. Proceedings of the First Workshop on In Situ Infrastructures for Enabling Extreme-Scale Analysis and Visualization 2011, 1 .

AMA Style

Masashi Eto, Daisuke Inoue, Jungsuk Song, Junji Nakazato, Kazuhiro Ohtaka, Koji Nakao. nicter: a large-scale network incident analysis system. Proceedings of the First Workshop on In Situ Infrastructures for Enabling Extreme-Scale Analysis and Visualization. 2011; ():1.

Chicago/Turabian Style

Masashi Eto; Daisuke Inoue; Jungsuk Song; Junji Nakazato; Kazuhiro Ohtaka; Koji Nakao. 2011. "nicter: a large-scale network incident analysis system." Proceedings of the First Workshop on In Situ Infrastructures for Enabling Extreme-Scale Analysis and Visualization , no. : 1.

Journal article
Published: 01 January 2011 in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Reads 0
Downloads 0
ACS Style

Jungsuk Song; Daisuke Inoue; Masashi Eto; Hyung Chan Kim; Koji Nakao. O-means: An Optimized Clustering Method for Analyzing Spam Based Attacks. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2011, E94-A, 245 -254.

AMA Style

Jungsuk Song, Daisuke Inoue, Masashi Eto, Hyung Chan Kim, Koji Nakao. O-means: An Optimized Clustering Method for Analyzing Spam Based Attacks. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2011; E94-A (1):245-254.

Chicago/Turabian Style

Jungsuk Song; Daisuke Inoue; Masashi Eto; Hyung Chan Kim; Koji Nakao. 2011. "O-means: An Optimized Clustering Method for Analyzing Spam Based Attacks." IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E94-A, no. 1: 245-254.