An Effective Threat Detection Framework for Advanced Persistent Cyberattacks

Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats.In particular,because telecommuting,telemedicine,and teleeducation are implemented in uncontrolled environments,attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information,and reports of endpoint attacks have been increasing considerably.Advanced persistent threats(APTs)using various novel variant malicious codes are a form of a sophisticated attack.However,conventional commercial antivirus and anti-malware systems that use signature-based attack detectionmethods cannot satisfactorily respond to such attacks.In this paper,we propose a method that expands the detection coverage inAPT attack environments.In this model,an open-source threat detector and log collector are used synergistically to improve threat detection performance.Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks,as defined by MITRE Adversarial Tactics,Techniques,and Common Knowledge(ATT&CK).We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response(GRR),an open-source threat detection tool,and Graylog,an open-source log collector.The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11%compared with that conventional methods.

Wake-Up Security:Effective Security ImprovementMechanism for Low Power Internet of Things

As time and space constraints decrease due to the development of wireless communication network technology,the scale and scope of cyber-attacks targeting the Internet of Things(IoT)are increasing.However,it is difficult to apply high-performance security modules to the IoT owing to the limited battery,memory capacity,and data transmission performance depend-ing on the size of the device.Conventional research has mainly reduced power consumption by lightening encryption algorithms.However,it is difficult to defend large-scale information systems and networks against advanced and intelligent attacks because of the problem of deteriorating security perfor-mance.In this study,we propose wake-up security(WuS),a low-power security architecture that can utilize high-performance security algorithms in an IoT environment.By introducing a small logic that performs anomaly detection on the IoT platform and executes the security module only when necessary according to the anomaly detection result,WuS improves security and power efficiency while using a relatively high-complexity security module in a low-power environment compared to the conventional method of periodically exe-cuting a high-performance security module.In this study,a Python simulator based on the UNSW-NB15 dataset is used to evaluate the power consumption,latency,and security of the proposed method.The evaluation results reveal that the power consumption of the proposed WuS mechanism is approxi-mately 51.8%and 27.2%lower than those of conventional high-performance security and lightweight security modules,respectively.Additionally,the laten-cies are approximately 74.8%and 65.9%lower,respectively.Furthermore,the WuS mechanism achieved a high detection accuracy of approximately 96.5%or greater,proving that the detection efficiency performance improved by approximately 33.5%compared to the conventional model.The performance evaluation results for the proposed model varied depending on the applied anomaly-detection model.Therefore,they can be used in various ways by selecting suitable models based on the performance levels required in each industry.

Machine Learning-Based Efficient Discovery of Software Vulnerability for Internet of Things

With the development of the 5th generation of mobile communi-cation(5G)networks and artificial intelligence(AI)technologies,the use of the Internet of Things(IoT)has expanded throughout industry.Although IoT networks have improved industrial productivity and convenience,they are highly dependent on nonstandard protocol stacks and open-source-based,poorly validated software,resulting in several security vulnerabilities.How-ever,conventional AI-based software vulnerability discovery technologies cannot be applied to IoT because they require excessive memory and com-puting power.This study developed a technique for optimizing training data size to detect software vulnerabilities rapidly while maintaining learning accuracy.Experimental results using a software vulnerability classification dataset showed that different optimal data sizes did not affect the learning performance of the learning models.Moreover,the minimal data size required to train a model without performance degradation could be determined in advance.For example,the random forest model saved 85.18%of memory and improved latency by 97.82%while maintaining a learning accuracy similar to that achieved when using 100%of data,despite using only 1%.

The relationship between cardiovascular disease risk factors and gender

The purpose of this study was to investigate the relationship between three socioeconomic sta- tuses and five behavior-related cardiovascular risk factors by gender, based on data from the Third Korea National Health and Nutrition Examination III. Data from 4556 people were analyzed. The propensity toward obesity, hypercholesterolemia, and physical inactivity was significantly higher in women than in men. Hypertension and smoking were significantly more prevalent in men than in women. The differences in the prevalence of cardiovascular disease risk factors by gender is important and should be considered when developing programs to reduce the incidence of cardiovascular diseases.

Relationships among Event-Related Potentials, Memory, and Schizophrenic Symptoms in College Students with Schizotypal-Traits

The present study investigated the relationships among event-related potentials (ERPs), memory, and schizophrenic symptoms in college students with schizotypal-traits. Scores on the Schizotypal Personality Questionnaire (SPQ) were used to categorize the participants into schizotypal-trait (n = 30) and normal control (n = 37) groups. ERPs were assessed using an auditory oddball paradigm, in which a series of standard tones (1000 Hz) and target tones (1500 Hz) were presented;participants were asked to count the number of presented target tones. The verbal memory and visual memory of the participants were evaluated using the Korean version of the California Verbal Learning Test (K-CVLT) and the Rey-Osterrieth Complex Figure Test (RCFT), respectively. The schizotypal-trait and control groups did not differ in terms of age, educational level, IQ score, accuracy on the auditory oddball task, or performance on the K-CVLT and RCFT measures. However, the schizotypal-trait group exhibited significantly smaller P300 amplitudes than the control group. Additionally, the P300 amplitudes measured at Cz and Pz were negatively correlated with the cognitive-perceptual factor scores on the SPQ. Thus, the present results indicate that reduced P300 amplitudes may represent a biological marker of schizophrenia.

Behavioral inhibition in female college students with schizotypal traits: An event-related potential study

This study investigated behavioral inhibition in female college students with psychometrically defined schizotypal traits using a Go/NoGo task and event-related potentials (ERPs). The schizotypal-trait (n = 15) and normal control (n = 15) groups were selected based on scores of the Schizotypal Personality Questionnaire (SPQ). The Go/NoGo task consisted of Go (requires response) and NoGo (requires no response) conditions. In terms of response time and accuracy rate for the Go/NoGo task, the two groups did not differ significantly. In terms of ERPs, the control group showed greater N2 amplitudes in response to NoGo (NoGo-N2) than to Go stimuli (Go-N2), whereas the schizotypal-trait group showed no significant difference in NoGo-N2 and Go-N2 amplitudes. In addition, the schizotypal-trait group showed reduced NoGo-N2 amplitudes at the frontal site compared to controls, and an association between SPQ scores and NoGo-N2 amplitudes measured at the frontal site. The two groups did not differ in P3 amplitudes. Since the N2 reflects the detection of response conflict and behavioral inhibition, the present results indicate that nonclinical individuals with schizotypal traits have difficulties in detecting response conflict and behavioral inhibition.

Citrus Peel Ethanol Extract Inhibits the Adipogenesis Caused from High Fat-Induced DIO Model

Background: Flavonoids are multi-functional bioactive compounds that have been used as natural compounds against various diseases. Citrus fruit is an important source for bioactive flavonoids with potential anti-obesity benefits. Methods: To determine the anti-obese effects of citrus peel, a 45% high fat diet-induced obesity (DIO) model using C57BL/6 mice was prepared for 10 weeks and then treated orally for 12 weeks with ethanol extracts of citrus peel (300 mg/kg, CP). CP was compared with normal chow diet (C), high fat diet (HF), and the anti-obesity drug orlistat (30 mg/kg, O) as a positive control. HF caused increases in lipid accumulation, body weight gain, and hepatic toxicity compared with the C group. Results: CP treatment reduced body weight gain and decreased epididymal fat, mesenteric fat, and plasma and hepatic TG levels in a similar manner as O treatment. Besides, CP was comparatively more effective than O at increasing high density lipoprotein cholesterol (HDL-c) while reducing hepatic toxicity, which is caused by HF. Fat accumulation in adipose tissue was decreased by CP treatment because of up-regulation of specific lipolysis enzymes such as HSL and AMPK and down-regulation of adipogenesis related genes such as C/EBPα and ACC. The proinflammatory cytokines, TNF-α and IL-6, which are the key factors for regulation of inflammation, were significantly decreased by CP. Conclusion: CP may be a potential natural source for new anti-obesity candidate because of its inhibitory effect on fat synthesis-related inflammation and its positive effect on lipolysis activation.

Suboptimal Feature Selection Techniques for Effective Malicious Traffic Detection on Lightweight Devices

With the advancement of wireless network technology,vast amounts of traffic have been generated,and malicious traffic attacks that threaten the network environment are becoming increasingly sophisticated.While signature-based detection methods,static analysis,and dynamic analysis techniques have been previously explored for malicious traffic detection,they have limitations in identifying diversified malware traffic patterns.Recent research has been focused on the application of machine learning to detect these patterns.However,applying machine learning to lightweight devices like IoT devices is challenging because of the high computational demands and complexity involved in the learning process.In this study,we examined methods for effectively utilizing machine learning-based malicious traffic detection approaches for lightweight devices.We introduced the suboptimal feature selection model(SFSM),a feature selection technique designed to reduce complexity while maintaining the effectiveness of malicious traffic detection.Detection performance was evaluated on various malicious traffic,benign,exploits,and generic,using the UNSW-NB15 dataset and SFSM sub-optimized hyperparameters for feature selection and narrowed the search scope to encompass all features.SFSM improved learning performance while minimizing complexity by considering feature selection and exhaustive search as two steps,a problem not considered in conventional models.Our experimental results showed that the detection accuracy was improved by approximately 20%compared to the random model,and the reduction in accuracy compared to the greedy model,which performs an exhaustive search on all features,was kept within 6%.Additionally,latency and complexity were reduced by approximately 96%and 99.78%,respectively,compared to the greedy model.This study demonstrates that malicious traffic can be effectively detected even in lightweight device environments.SFSM verified the possibility of detecting various attack traffic on lightweight devices.