Journal of Web Engineering

Adversarial Attacks on Pre-trained Deep Learning Models for Encrypted Traffic Analysis

Byoungjin Seok, Kiwook Sohn — Mon, 04 Nov 2024 00:00:00 +0100

For web security, it’s essential to accurately classify traffic across various web applications to detect malicious activities lurking within network traffic. However, the encryption protocols for privacy protection, such as TLS 1.3 and IPSec, make it difficult to apply traditional traffic classification methods like deep packet inspection (DPI). Recently, the advent of deep learning has significantly advanced the field of encrypted traffic analysis (ETA), outperforming traditional traffic analysis approaches. Notably, pre-trained deep learning based ETA models have demonstrated superior analytical capabilities. However, the security aspects of these deep learning models are often overlooked during the design and development process. In this paper, we conducted adversarial attacks to evaluate the security of pre-trained ETA models. We targeted ET-BERT, a state-of-the-art model demonstrating superior performance, to generate adversarial traffic examples. To carry out the adversarial example generation, we drew inspiration from adversarial attacks on discrete data, such as natural language, defining fluency from a network traffic perspective and proposing a new attack algorithm that can preserve this fluency. Finally, in our experiments, we showed our target model is vulnerable to the proposed adversarial attacks.

Priority-based QoS Extensions and IAM Improvements

Gyudong Park, Hyoek Jin Choi — Mon, 04 Nov 2024 00:00:00 +0100

The command and control system operates in a harsh and dynamic environment with limited resources and have a very high risk of failure or malfunction. In the case of military information systems, including the command and control system, the efficiency and effectiveness of system resource management are very important and required. Therefore, the application of a QoS-like approach is necessary to improve the operational effectiveness of all command and control system resources. However, supporting QoS at the entire command and control system level incurs additional costs and burdens for implementation and operation. This paper describes the necessity and possibility of collaboration with QoS and IAM (identity and access management) among the collaboration between core functions within the command and control system. This paper proposes an extended QoS approach to improve the operational effectiveness of the entire command and control system resources. As a result of this research, expanded concepts, structures, standards, and methods of collaboration between QoS and IAM are developed and presented, and their feasibility is demonstrated through prototype development and experiments.

Enhancing Security in Low-power Wide-area (LPWA) IoT Environments: The Role of HSM, Tamper-proof Technology, and Quantum Cryptography

Hyung-Sub Han, Tae-hyuk Choi, Jong-Seong Yoon — Mon, 04 Nov 2024 00:00:00 +0100

Low-power wide-area (LPWA) networks are integral to expanding Internet of Things (IoT) applications, offering extensive coverage with low power consumption. However, these networks face significant security challenges due to their widespread deployment and inherent constraints. In order to provide secure services in an LPWA IoT environment, important information stored in IoT devices (encryption keys, device unique numbers, etc.) must be safely protected from external hacking or theft by physical access, and it is necessary to develop tamper-proof technology to enhance physical security. Meanwhile, with so many ruggedized IoT devices processing and transmitting sensitive information, security systems are essential to protect the integrity and privacy of IoT data. This paper explores the critical role of hardware security modules (HSMs), tamper-proof technology, and quantum cryptography in enhancing the physical, network, and data security of LPWA IoT environments. We propose operational strategies for HSMs, tamper-proof technology in ruggedized LPWA IoT settings, and a quantum key distribution (QKD)-based IPsec solution for robust network and data security.

Optimal Path Calculation for Multi-ring Based Packet–Optical Transport Networks

Hyuncheol Kim — Mon, 04 Nov 2024 00:00:00 +0100

Multi-domain optical transport networks are inherently non-interoperable and require integrated orchestration and path provisioning mechanisms at the network-wide level. Moreover, ensuring the network’s survivability is a critical issue. While the MPLS-TP (multi-protocol label switching-transport profile) defines various protection and recovery mechanisms as standards, it does not address methods for calculating and selecting protection and recovery paths. Therefore, an algorithm is needed to calculate and set up paths to ensure quick protection and recovery across the entire integrated network, minimizing conflicts in protection and recovery at the packet optical integrated network level. In this paper, we proposed an algorithm that calculates and sets a path that enables rapid protection and recovery in an MPLS-TP network composed of a multi-ring-mesh topology. To this end, this study proposes the concept of a transparent node (T-node) for calculating link-disjoint SPF (shortest path first) in a multi-ring network with dual or more rings. A T-node is a node in a ring with more than a dual ring and indicates that the node has been used once in route calculation. Therefore, during path calculation, a T-node can be used as a source node and an intermediate node but not as a destination node.

Research on Quantum Key, Distribution Key and Post-quantum Cryptography Key Applied Protocols for Data Science and Web Security

Kyu-Seok Shim, Boseon Kim, Wonhyuk Lee — Mon, 04 Nov 2024 00:00:00 +0100

Currently, data security is one of the most concerning research topics. The traditional RSA encryption system has become vulnerable to quantum algorithms such as Grover and Shor, leading to the development of new security systems for the quantum. As a result, quantum cryptography is gaining importance as a key element of future communication security. This study focuses on quantum key distribution protocols for data quantum encryption, aiming to achieve quantum robustness in all stages of quantum cryptography communication processes. Quantum cryptography communication requires robust quantum encryption not only between end-nodes but also between all components. Therefore, this study demonstrates the process of end-to-end data quantum encryption and proves the overall quantum robustness in this process.

A Study on Functional Requirements and Inspection Items for AI System Change Management and Model Improvement on the Web Platform

Dongsoo Moon, Seongjin Ahn — Mon, 04 Nov 2024 00:00:00 +0100

The rapid adoption of artificial intelligence (AI) on the web platform across multiple sectors has highlighted not only its inherent technical hurdles, such as unpredictability and lack of transparency, but also significant societal concerns. These include the misuse of AI technology, invasions of privacy, discrimination fueled by biased data, and infringements of copyright. Such challenges jeopardize the sustainable growth of AI and risk the erosion of societal trust, industry adoption and financial investment.

This analysis explores the AI system’s lifecycle, emphasizing the essential continuous monitoring and the need for creating trustworthy AI technologies. It advocates for an ethically oriented development process to mitigate adverse effects and support sustainable progress. The dynamic and unpredictable nature of AI, compounded by variable data inputs and evolving distributions, requires consistent model updates and retraining to preserve the integrity of services.

Addressing the ethical aspects, this paper outlines specific guidelines and evaluation criteria for AI development, proposing an adaptable feedback loop for model improvement. This method aims to detect and rectify performance declines through prompt retraining, thereby cultivating robust, ethically sound AI systems. Such systems are expected to maintain performance while ensuring user trust and adhering to data science and web technology standards. Ultimately, the study seeks to balance AI’s technological advancements with societal ethics and values, ensuring its role as a positive, reliable force across different industries. This balance is crucial for harmonizing innovation with the ethical use of data and science, thereby facilitating a future where AI contributes significantly and responsibly to societal well-being.

Implementation of Sports Science and Technology Integration Infrastructure: A Case Study of Speed Skating Utilizing Web and Mobile Applications, and Information Visualization Technologies

Minkyu Kim, Soojung Park — Mon, 04 Nov 2024 00:00:00 +0100

In the field of sports, there is an active discussion on and an attempt to apply technologies that integrate sports with cutting-edge science and technology for the purpose of enhancing athletic performance. In line with this trend, South Korea is supporting research on the fusion of sports and science technology at an interdepartmental level. For the improvement of performance in elite sports, it is important to consider the athlete’s skills, the coach’s information analysis, the scientification of equipment, and the environmental optimization. Accordingly, this study aims to propose web and mobile app technologies to establish an integrated infrastructure of sports science and technology for the three factors of athletes, equipment, and environment to improve the performance of speed skating. Furthermore, it aims to make policy recommendations to activate this integration. The application of such technologies and policy recommendations can be transferred and organically integrated into other sports, including track and field, which are time-based competitions. Additionally, it is expected that this approach will lead to the formation of new theories that consider the emotional aspects occurring in sports situations.

A Study on Estimating Theme Park Attendance Using the AdaBoost Algorithm Based on Weather Information from the Korea Meteorological Administration Web

Jinkook Kim, Soohyun Kim — Mon, 04 Nov 2024 00:00:00 +0100

The purpose of this study is to propose an efficient machine learning model based on five years of data for Seoul Grand Park in Republic of Korea, depending on the weather and day characteristics, and to increase its effectiveness as a strategic foundation for national theme park management and marketing. To this end, the AdaBoost model, which reflects the characteristics of the weather and the day of the week, was recently compared with the actual number of visitors and the predicted number of visitors to analyze the accuracy. The analysis showed 30 days of abnormal cases, and the overall annual distribution was found to show similar patterns. Abnormal cases required details of wind speed, average relative humidity, and fine dust concentration for weather information, and it was derived that more accurate predictions would be possible considering variables such as group visitors, new events, and unofficial holidays.