Daeseon Choi | Kongju National University (original) (raw)
Papers by Daeseon Choi
Information Security Applications, 2018
We propose an online game money chargeback fraud detection method using operation sequence, gradi... more We propose an online game money chargeback fraud detection method using operation sequence, gradient of charge/purchase amount, time and country as features of a transaction. We model the sequence of transactions with a recurrent neural network which also combines charge and purchase transaction features in single feature vector. In experiments using real data (a 483,410 transaction log) from a famous online game company in Korea, the proposed method shows a 78% recall rate with a 0.057% false positive rate. This recall rate is 7% better than current methodology utilizing transaction statistics as features.
Applied Sciences, 2020
Black-box attacks against deep neural network (DNN) classifiers are receiving increasing attentio... more Black-box attacks against deep neural network (DNN) classifiers are receiving increasing attention because they represent a more practical approach in the real world than white box attacks. In black-box environments, adversaries have limited knowledge regarding the target model. This makes it difficult to estimate gradients for crafting adversarial examples, such that powerful white-box algorithms cannot be directly applied to black-box attacks. Therefore, a well-known black-box attack strategy creates local DNNs, called substitute models, to emulate the target model. The adversaries then craft adversarial examples using the substitute models instead of the unknown target model. The substitute models repeat the query process and are trained by observing labels from the target model’s responses to queries. However, emulating a target model usually requires numerous queries because new DNNs are trained from the beginning. In this study, we propose a new training method for substitute ...
Journal of KIISE, 2019
Recently, there has been an increase in P2P lending users, a product that supports investments th... more Recently, there has been an increase in P2P lending users, a product that supports investments through lending among individuals using online platforms. However, since P2P lending's investors have to take financial risks, the investors may fail to investment due to the close of investment while they considering whether to invest or not. This paper predicts how long an investment product will take from a certain point to the close in order to provide deadline information for P2P loan investment products. To predicts the investment deadline, we have transforms into Timeseries data and Step data based on investment information on actual P2P products. The regression, classification, and time series prediction model were generated using machine learning algorithm. The results of the performance evaluation showed that in the Timeseries data-based model, the Multi-layer Perceptron regression model and the classification model showed the highest performance at 0.725 and 0.703 respectively. The Step data-based model was also the highest with the Multi-layer Perceptron regression model and the classification model at 0.782 and 0.651 respectively.
Journal of the Korea Institute of Information Security and Cryptology, 2017
PURPOSE: An identity management system of a user for controlling the circulation stream of person... more PURPOSE: An identity management system of a user for controlling the circulation stream of personal information is provided to conveniently manage personal information by controlling the circulation stream of the personal information. CONSTITUTION: A browser receives a service parameter corresponding to a service from a service provider server. An interactive unit(40) receives the service parameter through a browser. The interactive unit selects one of a plurality of protocol parameters. A service processing unit performs a service protocol with the service provider server. The service processing unit transmits token information to the browser for the service.
In this paper, we propose identity data backup system for the digital Identity wallet (DIDW) that... more In this paper, we propose identity data backup system for the digital Identity wallet (DIDW) that is a personal identity management system for the Internet. The DIDW is client side software that stores identity data such as personal profile and account (identifier and shared-secret) for logging on to the web sites that has been registered to. The DIDW provides ways of managing distributed identity data conveniently and securely. However, there is concern about loss/damage of the storage and misuse of lost data by malicious people who acquired it. The proposed system provides backup and recovery of the identity data. Suspending of the accounts is also provided for the case that it is assumed that the lost information is acquired by malicious people. The method for securely resuming suspended account and updating shared secret that is used in authentication is also provided.
Lecture Notes in Computer Science, 2004
ABSTRACT Ubicomp (Ubiquitous Computing) makes computers ubiquitous in anywhere and anytime, and s... more ABSTRACT Ubicomp (Ubiquitous Computing) makes computers ubiquitous in anywhere and anytime, and so provides users with seamless services. In this paper, we present a user location privacy protection mechanism for Smart Space which is a feasible Ubicomp environment. At first, we present a feasible Ubicomp use scenario and define Smart Space to support this derived scenario. Then, we analyze security requirements for Smart Space and derive conceptual security model for that Space. Among the conceptual security model, we focus on user location privacy protection. In order to protect user location privacy, we propose a location privacy protection mechanism based on policy. We classify the policy as user policy and space policy and present policy resolution mechanism to resolve policy conflicts. Further we present system configuration to execute the proposed mechanism.
Journal of the Korea Institute of Information Security and Cryptology, 2014
This paper shows the users' birthplace information can be inferred with only the public informati... more This paper shows the users' birthplace information can be inferred with only the public information in FaceBook SNS. Through experiments with various machine learning algorithms and various parameters, we have found that SVM algorithm with the location of the highschool, the current address, and the graduate year of highschool performs best for the inference, as this can infer 78% of users' birthplaces correctly. Since the birthplace information is used for various security purpose such as questions for getting the forgotten password and a part of korean residence registration number, this is a non-trival security breach and users need be cautious about it.
The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005., 2005
Trust evaluation is an important aspect in ad hoc networks. By clarifying the trust relationship,... more Trust evaluation is an important aspect in ad hoc networks. By clarifying the trust relationship, we can take security measures easily. In our paper, we propose a new trust model and trust evaluation method. Our trust model is based on the cluster. In the paper, we also explain the clustering method and show how to be applied on the various
2006 8th International Conference Advanced Communication Technology, 2006
In this paper, we propose a method for preventing the personal information leakage that is consid... more In this paper, we propose a method for preventing the personal information leakage that is considered as a severe problem. The main ways of the personal information leakage are the leakage of the personal information registered in Web site, the Internet Phishing, the spyware. In our method, all the network packet that is sent to the outer entity from the user pc are monitored if they contain any personal information. If a transfer of personal information is sensed, a decision about safety of the transfer is made based on the type of information, trustworthiness of the destination under a control policy. If the decision result is not safe, the packet is dismissed. We present a model for controlling personal information transfer and a system architecture for implementing this model. An analysis is presented to show the effect of the proposed method
Information Security Applications, 2018
We propose an online game money chargeback fraud detection method using operation sequence, gradi... more We propose an online game money chargeback fraud detection method using operation sequence, gradient of charge/purchase amount, time and country as features of a transaction. We model the sequence of transactions with a recurrent neural network which also combines charge and purchase transaction features in single feature vector. In experiments using real data (a 483,410 transaction log) from a famous online game company in Korea, the proposed method shows a 78% recall rate with a 0.057% false positive rate. This recall rate is 7% better than current methodology utilizing transaction statistics as features.
Applied Sciences, 2020
Black-box attacks against deep neural network (DNN) classifiers are receiving increasing attentio... more Black-box attacks against deep neural network (DNN) classifiers are receiving increasing attention because they represent a more practical approach in the real world than white box attacks. In black-box environments, adversaries have limited knowledge regarding the target model. This makes it difficult to estimate gradients for crafting adversarial examples, such that powerful white-box algorithms cannot be directly applied to black-box attacks. Therefore, a well-known black-box attack strategy creates local DNNs, called substitute models, to emulate the target model. The adversaries then craft adversarial examples using the substitute models instead of the unknown target model. The substitute models repeat the query process and are trained by observing labels from the target model’s responses to queries. However, emulating a target model usually requires numerous queries because new DNNs are trained from the beginning. In this study, we propose a new training method for substitute ...
Journal of KIISE, 2019
Recently, there has been an increase in P2P lending users, a product that supports investments th... more Recently, there has been an increase in P2P lending users, a product that supports investments through lending among individuals using online platforms. However, since P2P lending's investors have to take financial risks, the investors may fail to investment due to the close of investment while they considering whether to invest or not. This paper predicts how long an investment product will take from a certain point to the close in order to provide deadline information for P2P loan investment products. To predicts the investment deadline, we have transforms into Timeseries data and Step data based on investment information on actual P2P products. The regression, classification, and time series prediction model were generated using machine learning algorithm. The results of the performance evaluation showed that in the Timeseries data-based model, the Multi-layer Perceptron regression model and the classification model showed the highest performance at 0.725 and 0.703 respectively. The Step data-based model was also the highest with the Multi-layer Perceptron regression model and the classification model at 0.782 and 0.651 respectively.
Journal of the Korea Institute of Information Security and Cryptology, 2017
PURPOSE: An identity management system of a user for controlling the circulation stream of person... more PURPOSE: An identity management system of a user for controlling the circulation stream of personal information is provided to conveniently manage personal information by controlling the circulation stream of the personal information. CONSTITUTION: A browser receives a service parameter corresponding to a service from a service provider server. An interactive unit(40) receives the service parameter through a browser. The interactive unit selects one of a plurality of protocol parameters. A service processing unit performs a service protocol with the service provider server. The service processing unit transmits token information to the browser for the service.
In this paper, we propose identity data backup system for the digital Identity wallet (DIDW) that... more In this paper, we propose identity data backup system for the digital Identity wallet (DIDW) that is a personal identity management system for the Internet. The DIDW is client side software that stores identity data such as personal profile and account (identifier and shared-secret) for logging on to the web sites that has been registered to. The DIDW provides ways of managing distributed identity data conveniently and securely. However, there is concern about loss/damage of the storage and misuse of lost data by malicious people who acquired it. The proposed system provides backup and recovery of the identity data. Suspending of the accounts is also provided for the case that it is assumed that the lost information is acquired by malicious people. The method for securely resuming suspended account and updating shared secret that is used in authentication is also provided.
Lecture Notes in Computer Science, 2004
ABSTRACT Ubicomp (Ubiquitous Computing) makes computers ubiquitous in anywhere and anytime, and s... more ABSTRACT Ubicomp (Ubiquitous Computing) makes computers ubiquitous in anywhere and anytime, and so provides users with seamless services. In this paper, we present a user location privacy protection mechanism for Smart Space which is a feasible Ubicomp environment. At first, we present a feasible Ubicomp use scenario and define Smart Space to support this derived scenario. Then, we analyze security requirements for Smart Space and derive conceptual security model for that Space. Among the conceptual security model, we focus on user location privacy protection. In order to protect user location privacy, we propose a location privacy protection mechanism based on policy. We classify the policy as user policy and space policy and present policy resolution mechanism to resolve policy conflicts. Further we present system configuration to execute the proposed mechanism.
Journal of the Korea Institute of Information Security and Cryptology, 2014
This paper shows the users' birthplace information can be inferred with only the public informati... more This paper shows the users' birthplace information can be inferred with only the public information in FaceBook SNS. Through experiments with various machine learning algorithms and various parameters, we have found that SVM algorithm with the location of the highschool, the current address, and the graduate year of highschool performs best for the inference, as this can infer 78% of users' birthplaces correctly. Since the birthplace information is used for various security purpose such as questions for getting the forgotten password and a part of korean residence registration number, this is a non-trival security breach and users need be cautious about it.
The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005., 2005
Trust evaluation is an important aspect in ad hoc networks. By clarifying the trust relationship,... more Trust evaluation is an important aspect in ad hoc networks. By clarifying the trust relationship, we can take security measures easily. In our paper, we propose a new trust model and trust evaluation method. Our trust model is based on the cluster. In the paper, we also explain the clustering method and show how to be applied on the various
2006 8th International Conference Advanced Communication Technology, 2006
In this paper, we propose a method for preventing the personal information leakage that is consid... more In this paper, we propose a method for preventing the personal information leakage that is considered as a severe problem. The main ways of the personal information leakage are the leakage of the personal information registered in Web site, the Internet Phishing, the spyware. In our method, all the network packet that is sent to the outer entity from the user pc are monitored if they contain any personal information. If a transfer of personal information is sensed, a decision about safety of the transfer is made based on the type of information, trustworthiness of the destination under a control policy. If the decision result is not safe, the packet is dismissed. We present a model for controlling personal information transfer and a system architecture for implementing this model. An analysis is presented to show the effect of the proposed method