https://scholar.dgist.ac.kr/handle/20.500.11750/13670 2026-04-21T16:04:05Z 2026-04-21T16:04:05Z Chae, Chuck Heo, Wonje Shin, Donghoon https://scholar.dgist.ac.kr/handle/20.500.11750/59278 2026-01-29T09:40:11Z 2025-11-30T15:00:00Z

Title: QR: Modular Arithmetic-Enhanced Virtual Bit Plane Construction for High-Capacity Image Steganography Author(s): Chae, Chuck; Heo, Wonje; Shin, Donghoon Abstract: Conventional steganography techniques based on Pixel Intensity Decomposition (PID) suffer from a critical 'pixel jump' problem that severely limits payload capacity, creating a major obstacle to achieving high-capacity data hiding. To address this challenge, this paper proposes a novel high-capacity image steganography technique, termed the Quotient and Remainder (QR) method, which provides a unified framework for robust k-LSB embedding by integrating PID with an advanced Pixel Indicator Technique (PIT). The proposed method introduces a dynamic virtual bit plane construction using an optimized integer sequence in conjunction with a novel bit-plane congruence matrix (BPCM). By leveraging quotient and remainder operations, this approach minimizes embedding distortion, enables unique and accurate data extraction, and significantly enhances payload capacity while preserving high imperceptibility in stego images. Experimental results for k = 3, 4, and 5 demonstrate that the QR method achieves an outstanding balance between capacity and imperceptibility, yielding embedding capacities of 6, 8, and 10 bits per pixel (bpp), respectively, while maintaining excellent PSNR values of 44.68, 40.48, and 35.37 dB. The proposed framework is also robust against common steganalysis attacks and well-suited for secure IoT applications where high payload efficiency and visual fidelity are essential.

2025-11-30T15:00:00Z Heo, Wonje Shin, Donghoon https://scholar.dgist.ac.kr/handle/20.500.11750/59279 2026-02-13T07:40:11Z 2025-11-30T15:00:00Z

Title: Automated Identification of ICS Topology and Device Types via Protocol-Agnostic Passive Monitoring Author(s): Heo, Wonje; Shin, Donghoon Abstract: Industrial Control Systems (ICS) are increasingly targeted by sophisticated cyber threats, yet many deployments still lack accurate device documentation and comprehensive visibility across segmented environments. Legacy heterogeneity and strict uptime constraints limit traditional asset discovery and segmentation validation. This paper proposes a protocol-agnostic framework for automatically reconstructing ICS hierarchies and identifying device types from passively captured network traffic. The method first infers structural layers by analyzing Strongly Connected Components (SCC) and betweenness centrality in a directed communication graph. It then refines device classification by transforming network flows into byte-sequence images - combining raw bytes, Gramian Angular Fields (GAF), and Markov Transition Fields (MTF) - and clustering them based on communication behavior. A supervised encoder trained on known types guides a mimicry-based model, enabling scalable and label-efficient inference. Experiments on ICSSIM and SWaT validate accurate topology recovery and semi-supervised, label-efficient device-type clustering. Temporal views (GAF, MTF) improve stability over raw bytes alone, and the mimicry model is robust to label scarcity and operational noise, achieving mean Adjusted Rand Index (ARI) 0:954 ± 0:015, Normalized Mutual Information (NMI) 0:953 ± 0:012, and silhouette 0:837 ± 0:039 across folds and label splits. The framework delivers scalable, interpretable ICS visibility without active probing or protocol parsers, and the attacker-injection study shows adversarial paths highlighted without spurious cross-layer links, providing a practical foundation for behavior-aware anomaly/threat detection.

2025-11-30T15:00:00Z Kim, Yooshin Kwon, Namhyeok Shin, Donghoon https://scholar.dgist.ac.kr/handle/20.500.11750/59277 2025-12-24T04:40:10Z 2025-12-31T15:00:00Z

Title: KDPrint: Passive authentication using keystroke dynamics-to-image encoding via standardization Author(s): Kim, Yooshin; Kwon, Namhyeok; Shin, Donghoon Abstract: Personal identification number (PIN) authentication remains prevalent in mobile and IoT systems due to its simplicity, yet it is inherently vulnerable to various attacks such as shoulder surfing, smudge analysis, and brute force attempts. To reinforce its security without compromising usability, we propose KDPrint, a passive authentication framework that transforms keystroke dynamics into graph-based image representations. By applying a hash-based permutation and standardized feature processing, KDPrint captures the temporal and spatial structure of user behavior while mitigating raw data exposure. The resulting images are used with lightweight anomaly detection models, enabling accurate user verification under resource-constrained environments. Experiments involving 50 participants across both laboratory and real-world environments demonstrated that KDPrint maintained robustness under two adversarial scenarios: an EER of 3.3 % when only the PIN was leaked, and an EER of 4.4 % when both the PIN and behavioral characteristics were exposed. These results demonstrate that KDPrint offers a practical and interpretable solution for augmenting PIN authentication in mobile and IoT systems, balancing robustness, efficiency, and user transparency.

2025-12-31T15:00:00Z Jeong, Dahoon Kim, Yooshin Shin, Donghoon https://scholar.dgist.ac.kr/handle/20.500.11750/58292 2025-08-29T01:40:12Z 2025-07-31T15:00:00Z

Title: Privacy-Preserving Anomaly Detection with Homomorphic Encryption for Industrial Control Systems in Critical Infrastructure Author(s): Jeong, Dahoon; Kim, Yooshin; Shin, Donghoon Abstract: Critical infrastructure (CI) is essential for societal and economic stability, making it a prime target for cyber threats. Traditional anomaly detection models like LSTM and Transformers require substantial computational resources, which are often unavailable in CI environments. Cloud computing offers on-demand resources but introduces privacy concerns due to the need to transmit sensitive data to cloud servers. Homomorphic encryption (HE) enables secure processing of encrypted data but is computationally intensive, particularly due to operations like bootstrapping. This paper proposes a bootstrapping-free lightweight anomaly detection model optimized for homomorphically encrypted data, leveraging CI's operational characteristics. The model employs a two-stage data separation process and introduces state-vectors for normal operation detection, forming a whitelist anomaly detection approach. Experimental results on the SWaT and WADI datasets demonstrate the model's competitive performance and efficiency, with significantly reduced training times while maintaining robust security. © IEEE.

2025-07-31T15:00:00Z