Pankoo Kim

Ontology-based access control model for security policy reasoning in cloud computing

There are many security issues in cloud computing service environments, including virtualization, distributed big-data processing, serviceability, traffic management, application security, access control, authentication, and cryptography, among others. In particular, data access using various resources requires an authentication and access control model for integrated management and control in cloud computing environments. Cloud computing services are differentiated according to security policies because of differences in the permitted access right between service providers and users. RBAC (Role-based access control) and C-RBAC (Context-aware RBAC) models do not suggest effective and practical solutions for managers and users based on dynamic access control methods, suggesting a need for a new model of dynamic access control that can address the limitations of cloud computing characteristics. This paper proposes Onto-ACM (ontology-based access control model), a semantic analysis model that can address the difference in the permitted access control between service providers and users. The proposed model is a model of intelligent context-aware access for proactively applying the access level of resource access based on ontology reasoning and semantic analysis method.

A Telematics Service System Based on the Linux Cluster

This paper designs and implements a taxi telematics service system, aiming at providing an efficient framework by means of a Linux cluster to host emerging telematics services that need intensive computing. Combined with global positioning system and radio communication technology, the taxi telematics service system traces the position of taxis, finds a time saving route between start and destination points, dispatches the nearest taxi to the service call point based on the latest traffic information, and finally decides an efficient route for multiple destinations. The performance measurement result demonstrates that the implemented system can process up to 200 map matches for every minute, keeping average response time for other requests below 1.5 seconds.

Automatic Enrichment of Semantic Relation Network and Its Application to Word Sense Disambiguation

The most fundamental step in semantic information processing (SIP) is to construct knowledge base (KB) at the human level; that is to the general understanding and conception of human knowledge. WordNet has been built to be the most systematic and as close to the human level and is being applied actively in various works. In one of our previous research, we found that a semantic gap exists between concept pairs of WordNet and those of real world. This paper contains a study on the enrichment method to build a KB. We describe the methods and the results for the automatic enrichment of the semantic relation network. A rule based method using WordNets glossaries and an inference method using axioms for WordNet relations are applied for the enrichment and an enriched WordNet (E-WordNet) is built as the result. Our experimental results substantiate the usefulness of E-WordNet. An evaluation by comparison with the human level is attempted. Moreover, WSD-SemNet, a new word sense disambiguation (WSD) method in which E-WordNet is applied, is proposed and evaluated by comparing it with the state-of-the-art algorithm.

A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment

Cloud computing is a more advanced technology for distributed processing, e.g., a thin client and grid computing, which is implemented by means of virtualization technology for servers and storages, and advanced network functionalities. However, this technology has certain disadvantages such as monotonous routing for attacks, easy attack method, and tools. This means that all network resources and operations are blocked all at once in the worst case. Various studies such as pattern analyses and network-based access control for infringement response based on Infrastructure as a Service, Platform as a Service and Software as a Service in cloud computing services have therefore been recently conducted. This study proposes a method of integration between HTTP GET flooding among Distributed Denial-of-Service attacks and MapReduce processing for fast attack detection in a cloud computing environment. In addition, experiments on the processing time were conducted to compare the performance with a pattern detection of the attack features using Snort detection based on HTTP packet patterns and log data from a Web server. The experimental results show that the proposed method is better than Snort detection because the processing time of the former is shorter with increasing congestion.

Efficient Malicious Code Detection Using N-Gram Analysis and SVM

-- As the use of the internet increases, the distribution of web based malicious code has also vastly increased. By inputting malicious code that can attack vulnerabilities, it enables one to perform various illegal acts, such as SQL Injection and Cross Site Scripting (XSS). Furthermore, an extensive amount of computer, network and human resources are consumed to prevent it. As a result much research is being done to prevent and detecting malicious code. Currently, research is being done on readable sentences which do not use proper grammar. This type of malicious code cannot be classified by previous vocabulary analysis or document classification methods. This paper proposes an approach that results in an effective n-gram feature extraction from malicious code for classifying executable as malicious or benign with the use of Support Vector Machines (SVM) as the machine learning classifier.

Travel Ontology for Intelligent Recommendation System

Nowadays, travel information is increasing to appeal the tourists on the web. Although there are numerous information provided on the web, the user gets puzzled in finding accurate information. In order to solve these web problems, the concept of semantic web comes into existence to have communication between human and computer.In this paper, we propose intelligent recommendation system based on Jeju travel ontology. The proposed system can recommend the tourist more intelligent information using properties, relationships of travel ontology. Next, the system is responsible for finding personalized attractions and plotting location of traveler on the AlMap.

A new methodology for merging the heterogeneous domain ontologies based on the WordNet

As the study on the semantic Web actively progresses, many domain ontologies are being built. However, most engineers are building the ontologies based on their academic background and research interests. Consequently, ontologies on the same subject are different because the ontology engineers have different view point. Furthermore, there is no standard method for building ontologies, and there are many ontology tools using different ontology languages. Because of these reasons, interoperability between the ontologies is very low. And, current ontology tools mostly concentrate on the functions to create, edit, inference the ontology. Methods for merging heterogeneous domain ontologies are not in most tools. This paper presents a study on a merging method for building a more complete ontology. The method was based on WordNet. The study tried to merge heterogeneous domain ontologies about the same subject throughout specific steps.

Automatic liver segmentation of contrast enhanced CT images based on histogram processing

Pixel values of contrast enhanced computed tomography (CE-CT) images are randomly changed. Also, the middle liver part has a problem to segregate the liver structure because of similar gray-level values of neighboring organs in the abdomen. In this paper, an automatic liver segmentation method using histogram processing is proposed for overcoming randomness of CE-CT images and removing other abdominal organs. Forty CE-CT slices of ten patients were selected to evaluate the proposed method. As the evaluation measure, the normalized average area and area error rate were used. From the results of experiments, liver segmentation using histogram process has similar performance as the manual method by medical doctor.

Least Slack Time Rate First: New Scheduling Algorithm for Multi-Processor Environment

Real-time systems have to complete the execution of a task within the predetermined time while ensuring that the execution results are logically correct. Such systems require scheduling methods that can adequately distribute the given tasks to a processor. Scheduling methods that all tasks can be executed within a predetermined deadline are called an optimal scheduling. In this paper, we propose a new and simple scheduling algorithm (LSTR: least slack time rate first) as a dynamic-priority algorithm for a multi-processor environment and demonstrate its optimal possibility through various tests.

Text analysis for detecting terrorism-related articles on the web

Classifying web documents is considered as one of the most important tasks to reveal the terrorism-related documents. Internet provides a lot of valuable information to the users and the amount of web contents is progressively increasing. This makes it very difficult to identify potentially dangerous documents. Simply extracting keywords from documents is not enough to classify the contents. To build automated document classification systems, many techniques have been studied so far, but they are mostly statistical and knowledge-based approaches. These methods, however, do not yield satisfactory results because of complexity of natural languages. To overcome this deficiency, we propose a method to use word similarity based on WordNet hierarchy and n-gram data frequency. This method was tested with the sampled New York Times articles by querying four distinct words from four different areas. Experimental results show our proposed method effectively extracts context words from the text and identifies terrorism-related documents.