Huy Kang Kim

Huy Kang Kim
Korea University | KU · School of Cybersecurity

Ph.D

About

263
Publications
81,189
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,388
Citations
Additional affiliations
March 2010 - present
Korea University
Position
  • Professor (Associate)

Publications

Publications (263)
Article
Full-text available
The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments t...
Preprint
Full-text available
Following the enactment of the UN Regulation, substantial efforts have been directed toward implementing intrusion detection and prevention systems (IDPSs) and vulnerability analysis in Controller Area Network (CAN). However, Society of Automotive Engineers (SAE) J1939 protocol, despite its extensive application in camping cars and commercial vehic...
Article
Full-text available
This study assessed how matchmaking and match results affect player churn in a multiplayer competitive game. In competitive games, matchmaking is crucial in gathering players with similar skills and creating balanced player-versus-player matches. Players are highly motivated when they win matches, whereas losing matches is demotivating, leading to...
Article
Full-text available
Attackers are known to utilize domain generation algorithms (DGAs) to generate domain names for command and control (C&C) servers and facilitate the distribution of uniform resource locators within malicious software. DGAs pose a significant threat to cybersecurity owing to their ability to dynamically generate unpredictable domain names. Extensive...
Preprint
Full-text available
Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent action...
Article
Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent action...
Article
Automotive Ethernet enables high-bandwidth in-vehicle networking, facilitating the transmission of sensor data among electronic control units. However, the increasing connectivity and potential vulnerability inheritance in connected and autonomous vehicles expose them to security risks. To address this challenge, an intrusion detection system (IDS)...
Article
Full-text available
Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, provid...
Preprint
As technology advances, it is possible to process a lot of data, and as various elements in the city become diverse and complex, cities are becoming smart cities. One of the core systems of smart cities is Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system that provides drivers with real-time accident risk information such as surr...
Preprint
We collected attack data from unmanned vehicles using the UAVCAN protocol, and public and described technical documents. A testbed was built with a drone using PX4, and a total of three attacks, Flooding, Fuzzy, and Replay, were performed. The attack was carried out in a total of 10 scenarios. We expect that the attack data will help develop techno...
Article
Game bots are illegal programs that facilitate account growth and goods acquisition through continuous and automatic play. Early detection is required to minimize the damage caused by evolving game bots. In this study, we propose a game bot detection method based on action time intervals (ATIs). We observe the actions of the bots in a game and iden...
Article
Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of thin...
Article
Recently, Critical Infrastructures (CI) such as energy, power, transportation, and communication have come to be increasingly dependent on advanced information and communication technology (ICT). This change has increased the connection between the Industrial Control System (ICS) supporting the CI and the Internet, resulting in an increase in secur...
Article
Multiplayer Online Battle Arena (MOBA) is one of the most successful game genres. MOBA games such as League of Legends have competitive environments where players race for their rank. In most MOBA games, a player's rank is determined by the match result (win or lose). It seems natural because of the nature of team play, but in some sense, it is unf...
Preprint
Multiplayer Online Battle Arena (MOBA) is one of the most successful game genres. MOBA games such as League of Legends have competitive environments where players race for their rank. In most MOBA games, a player's rank is determined by the match result (win or lose). It seems natural because of the nature of team play, but in some sense, it is unf...
Preprint
Full-text available
Due to its high expressiveness and speed, Deep Learning (DL) has become an increasingly popular choice as the detection algorithm for Network-based Intrusion Detection Systems (NIDSes). Unfortunately, DL algorithms are vulnerable to adversarial examples that inject imperceptible modifications to the input and cause the DL algorithm to misclassify t...
Article
Since malware creates severe damage to the system, past studies leveraged various algorithms to detect malicious domains generated from Domain Generation Algorithms (DGAs). Although they achieved a promising performance, security practitioners had to acquire a large amount of fine-labeled dataset with a particular effort. Throughout the research, w...
Article
Full-text available
Recently, despite massively multiplayer online role-playing game (MMORPG) based on the PC implementation environment in mobile games, related fraudulent and illegal activities are still prevalent in response to the extension and diversity of the online gaming market. For game users who enjoy the game as leisure or cultural content, these issues inh...
Article
Full-text available
Fuzzing is widely utilized as a practical test method to determine unknown vulnerabilities in software. Although fuzzing shows excellent results for code coverage and crash count, it is not easy to apply these effects to library fuzzing. A library cannot run independently; it is only executed by an application called a customer program. In particul...
Article
Devices that ensure vehicle and driver safety or provide services to drivers generate a substantial amount of network traffic. The traffic is transmitted to the In-Vehicle Network (IVN) depending on the defined function. Consequently, to quickly process a lot of traffic transmitted to the IVN, an advanced network protocol such as Automotive Etherne...
Article
Full-text available
As the importance of cyberspace grows, malicious software (malware) is threatening not only individuals but also countries. In addition, numerous malware is still circulating in cyberspace, and as technology advances, new or advanced malware are emerging. In the real world, files from cross-platforms are distributed via e-mail, network-attached sto...
Chapter
In the era of intelligent transportation, driver behavior profiling has become a beneficial technology as it provides knowledge regarding the driver’s aggressiveness. Previous approaches achieved promising driver behavior profiling performance through establishing statistical heuristics rules or supervised learning-based models. Still, there exist...
Article
Full-text available
Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques th...
Preprint
In the era of intelligent transportation, driver behavior profiling has become a beneficial technology as it provides knowledge regarding the driver's aggressiveness. Previous approaches achieved promising driver behavior profiling performance through establishing statistical heuristics rules or supervised learning-based models. Still, there exist...
Article
Owing to the advances in automated hacking and analysis technologies in recent years, numerous software security vulnerabilities have been announced. Software vulnerabilities are increasing rapidly, whereas methods to analyze and cope with them depend on manual analyses, which result in a slow response. In recent years, studies concerning the predi...
Article
Owing to the widespread use of smartphones, various online games based on mobile platforms are being launched. Although mobile games have the advantage of better accessibility compared to PC games, there is a limitation in that it is difficult to input specific actions. To overcome this limitation, game companies apply autoplay systems to support u...
Article
As the game industry is moving from PC to smartphone platforms, security problems related to mobile games are becoming critical. Considering the characteristics of mobile games such as having short life-cycles and high communication costs, the server/network-side security technologies designed for PC games are not appropriate for mobile games. In t...
Article
Full-text available
The number of studies on applying machine learning to cyber security has increased over the past few years. These studies, however, are facing difficulties with making themselves usable in the real world, mainly due to the lack of training data and reusability of a created model. While transfer learning seems like a solution to these problems, the...
Article
Full-text available
Most of the companies have firewalls in order to protect their internal networks and assets from the attacker of the cyber space. Firewall policies should be maintained and organized with high importance. However, considering the length of time needed in analyzing the highly complex policies and the risks of disabling firewall that may arise in cas...
Article
Vehicle communication technology has been steadily progressing alongside the convergence of the in-vehicle network (IVN) and wireless communication technology. The communication with various external networks further reinforces the connectivity between the inside and outside of a vehicle. However, this bears risks of malicious packet attacks on com...
Article
Full-text available
Unmanned Aerial Vehicles are expected to create enormous benefits to society, but there are safety concerns in recognizing faults at the vehicle's control component. Prior studies proposed various fault detection approaches leveraging heuristics-based rules and supervised learning-based models, but there were several drawbacks. The rule-based appro...
Article
In recent years, vehicular technology has rapidly evolved in terms of the driver’s convenience and safety, along with the convergence of vehicle communication and the expansion of external interfaces. However, the connectivity of the vehicle to the external environment poses a considerable driving risk because of the pre-existing vulnerabilities in...
Preprint
Connected and autonomous vehicles (CAVs) are an innovative form of traditional vehicles. Automotive Ethernet replaces the controller area network and FlexRay to support the large throughput required by high-definition applications. As CAVs have numerous functions, they exhibit a large attack surface and an increased vulnerability to attacks. Howeve...
Article
Connected and autonomous vehicles (CAVs) are an innovative form of traditional vehicles. Automotive Ethernet replaces the controller area network and FlexRay to support the large throughput required by high-definition applications. As CAVs have numerous functions, they exhibit a large attack surface and an increased vulnerability to attacks. Howeve...
Article
As the risk of cyber and safety threats to vehicle systems has increased, the anomaly detection in in-vehicle networks (IVN) has received the attention of researchers. Although, machine-learning-based anomaly detection methods have been proposed, there are limitations in detecting unknown attacks that the model has not learned because general super...
Article
As technology has evolved, cities have become increasingly smart. Smart mobility is a crucial element in smart cities, and autonomous vehicles are an essential part of smart mobility. However, vulnerabilities in autonomous vehicles can be damaging to quality of life and human safety. For this reason, many security researchers have studied attacks a...
Article
Full-text available
Recently, using artificial neural networks (ANNs) for network intrusion detection systems (NIDSs) has drawn much attention from security researchers. The capability of ANNs to learn patterns from numerous data helps detect attacks on networked systems. Moreover, to effectively monitor a newly emerging networked system consisting of distributed subs...
Chapter
Along with the importance of safety, an IDS has become a significant task in the real world. Prior studies proposed various intrusion detection models for the UAV. Past rule-based approaches provided a concrete baseline IDS model, and the machine learning-based method achieved a precise intrusion detection performance on the UAV with supervised lea...
Article
Full-text available
Several methods exist for detecting hacking programs operating within online games. However, a significant amount of computational power is required to detect the illegal access of a hacking program in game clients. In this study, we propose a novel detection method that analyzes the protected memory area and the hacking program's process in real t...
Article
Full-text available
National disasters can threaten national security and require several organizations to integrate the functionalities to correspond to the event. Many countries are constructing a nationwide mobile communication network infrastructure to share information and promptly communicate with corresponding organizations. Public Safety Long-Term Evolution (P...
Article
Data wiping is used to securely delete securely unwanted files. However, the misuse of data wiping can destroy pieces of evidence to be spoiled in a digital forensic investigation. To cope with the misuse of data wiping, we proposed an anti-anti-forensic method based on NTFS transaction features and a machine learning algorithm. This method allows...
Preprint
The game industry has long been troubled by malicious activities utilizing game bots. The game bots disturb other game players and destroy the environmental system of the games. For these reasons, the game industry put their best efforts to detect the game bots among players' characters using the learning-based detections. However, one problem with...
Article
Full-text available
A model for detecting unauthorized Apps use events by combined analysis of situation information in an offline service and user behavior in an online environment is proposed. The detection and response to abnormal behavior in the O2O service environment can be focused on providers, whose decisions change dynamically based on the offline market stat...
Preprint
Along with the importance of safety, an IDS has become a significant task in the real world. Prior studies proposed various intrusion detection models for the UAV. Past rule-based approaches provided a concrete baseline IDS model, and the machine learning-based method achieved a precise intrusion detection performance on the UAV with supervised lea...
Preprint
National disasters can threaten national security and require several organizations to integrate the functionalities to correspond to the event. Many countries are constructing a nationwide mobile communication network infrastructure to share information and promptly communicate with corresponding organizations. Public Safety Long-Term Evolution (P...
Article
Full-text available
There have been many efforts to detect rumors using various machine learning (ML) models, but there is still a lack of understanding of their performance against different rumor topics and available features, resulting in a significant performance degrade against completely new and unseen (unknown) rumors. To address this issue, we investigate the...
Article
Controller area network (CAN) is a de facto standard for in-vehicle network (IVN) that provides an efficient communication channel between electronic control units (ECUs). As the external connectivity of modern vehicles increase, concerns about cyber threats to in-vehicle networks are increasing. However, since global vehicle manufacturers do not r...
Article
The modern automotive system, based on the convergence of information and communication technologies, is equipped with various functions to ensure vehicle safety and convenience of the driver. A driver-identification technology is an effective method to perform vehicle-theft detection. It can also provide customized driver-personalization services,...
Article
With the evolution of state-of-the-art applications and paradigms, the world is progressing toward smart cities. Smart homes are an important aspect of smart cities, wherein various mobile computing and network technologies are used. However, they are also susceptible to security threats that can cause serious issues related to privacy and safety....
Article
Full-text available
In recent years, there has been significant interest in developing autonomous vehicles such as self-driving cars. In-vehicle communications, due to simplicity and reliability, a Controller Area Network (CAN) bus is widely used as the de facto standard to provide serial communications between Electronic Control Units (ECUs). However, prior research...
Article
Full-text available
As the scale of the system and network grows, IT infrastructure becomes more complex and hard to be managed. Many organizations have a serious problem to manage their system and network security. In addition, vulnerabilities of hardware and software are increasing in number rapidly. In such a complex IT environment, security administrators need mor...
Chapter
With the rapid growth of MMORPG market, game bot detection has become an essential task for maintaining stable in-game ecosystem. To classify bots from normal users, detection methods are proposed in both game client and server-side. Among various classification methods, data mining method in server-side captured unique characteristics of bots effi...
Article
Full-text available
It has been demonstrated that deception technologies are effective in detecting advanced persistent threats and zero-day attacks which cannot be detected by traditional signature-based intrusion detection techniques. Especially, a file-based deception technology is promising because it is very difficult (if not impossible) to commit an attack witho...
Article
Full-text available
Criminal profiling is a useful technique to identify the most plausible suspects based on the evidence discovered at the crime scene. Similar to offline criminal profiling, in-depth profiling for cybercrime investigation is useful in analysing cyberattacks and for speculating on the identities of the criminals. Every cybercrime committed by the sam...
Conference Paper
Fuzzing is an effective method to find bugs in software. Many security communities are interested in fuzzing as an automated approach to verify software security because most of the bugs discovered by fuzzing are related to security vulnerabilities. However, not all software can be tested by fuzzing because fuzzing requires a running environment, e...
Preprint
As a car becomes more connected, a countermeasure against automobile theft has become a significant task in the real world. To respond to automobile theft, data mining, biometrics, and additional authentication methods are proposed. Among current countermeasures, data mining method is one of the efficient ways to capture the owner driver's unique c...
Conference Paper
For sustainable growth and profitability, online game companies are constantly carrying out various events to attract new game users, to maximize return users, and to minimize churn users in online games. Because minimizing churn users is the most cost-effective method, many pieces of research are being conducted on ways to predict and to prevent c...
Article
The implementation of electronics in modern vehicles has resulted in an increase in attacks targeting in-vehicle networks; thus, attack detection models have caught the attention of the automotive industry and its researchers. Vehicle network security is an urgent and significant problem because the malfunctioning of vehicles can directly affect hu...
Article
Full-text available
The objectives of cyberattacks are becoming sophisticated, and attackers are concealing their identity by masquerading as other attackers. Cyber threat intelligence (CTI) is gaining attention as a way to collect meaningful knowledge to better understand the intention of an attacker and eventually predict future attacks. A systemic threat analysis b...
Preprint
Full-text available
For sustainable growth and profitability, online game companies are constantly carrying out various events to attract new game users, to maximize return users, and to minimize churn users in online games. Because minimizing churn users is the most cost-effective method, many pieces of research are being conducted on ways to predict and to prevent c...
Preprint
As automobiles become intelligent, automobile theft methods are evolving intelligently. Therefore automobile theft detection has become a major research challenge. Data-mining, biometrics, and additional authentication methods have been proposed to address automobile theft, in previous studies. Among these methods, data-mining can be used to analyz...
Preprint
Due to the ability to overcome the geospatial limitations and to the possibility to converge the various information communication technologies, the application domains and the market size of drones are increasing internationally. Public authorities in South Korean are investing for the domestic drone industry and the technological advancement as a...
Article
Ransomware has become the most dangerous threat today because of its unique and destructive characteristics. Ransomware encrypts the victim’s important files and then requires money to decrypt them. Ransomware has become among the most preferred measures for cybercriminals to earn money. Moreover, the technology for producing ransomware continues t...
Preprint
Full-text available
With the rapid growth of MMORPG market, game bot detection has become an essential task for maintaining stable in-game ecosystem. To classify bots from normal users, detection methods are proposed in both game client and server-side. Among various classification methods, data mining method in server-side captured unique characteristics of bots effi...
Preprint
A Controller Area Network (CAN) bus in the vehicles is an efficient standard bus enabling communication between all Electronic Control Units (ECU). However, CAN bus is not enough to protect itself because of lack of security features. To detect suspicious network connections effectively, the intrusion detection system (IDS) is strongly required. Un...
Preprint
While the rapid adaptation of mobile devices changes our daily life more conveniently, the threat derived from malware is also increased. There are lots of research to detect malware to protect mobile devices, but most of them adopt only signature-based malware detection method that can be easily bypassed by polymorphic and metamorphic malware. To...
Patent
Full-text available
A computer-implemented method for monitoring the security of a computing network which includes a plurality of hosts and a plurality of edges which link connected hosts . The method comprises capturing and storing first and second network state information at first and second times respectively. The method comprises comparing the first and second n...
Chapter
Since with massive data growth, the need for autonomous and generic anomaly detection system is increased. However, developing one stand-alone generic anomaly detection system that is accurate and fast is still a challenge. In this paper, we propose conventional time-series analysis approaches, the Seasonal Autoregressive Integrated Moving Average...
Article
Full-text available
The electric power system infrastructure has begun to adopt digital information technologies such as transmission control protocol/internet protocol (TCP/IP) and Ethernet infrastructures. With this adoption, information technology-centric network and system management (NSM) tools are used to manage the intermediate communication systems and electri...