DOI QR코드

DOI QR Code

네트워크 수집정보를 이용한 정보보호 위험도 예측지수 개발

Developing the information security risk index using network gathering data

  • 박진우 (수원대학교 응용통계학과) ;
  • 윤석훈 (수원대학교 응용통계학과) ;
  • 김진흠 (수원대학교 응용통계학과) ;
  • 정형철 (수원대학교 응용통계학과)
  • 투고 : 2016.05.25
  • 심사 : 2016.08.10
  • 발행 : 2016.12.31

초록

본 연구에서는 네트워크 가입자들로부터 수집된 악성코드 감염 정보에 기초하여 악성코드 감염에 대한 위험정도를 파악할 수 있는 지수 산출 문제를 다루었다. 계층적 의사결정 방법을 사용하여 여러 악성코드들의 상대적 위험 가중치를 제안하였으며, 이들 가중치를 결합하여 위험도 지수를 산출하였다. 개발된 위험도지수에 대한 시계열 분석 및 통계적 모형 적합을 시도하였으며, 관리도를 통해 정보보호 위험을 예보할 수 있는 지수의 활용성을 살펴보았다.

In this paper, we proposed an information security risk index to diagnose users' malware infection situations (such as computer virus and adware) by gathering data from KT network systems. To develop the information security risk index, we used the analytic hierarchy process methodology and estimated the risk weights of malware code types using the judgments of experts. The control chart could be used effectively to forecast the information security risk for the proposed information security risk index data.

키워드

참고문헌

  1. Choi, H. Y. and Jeong, H. C. (2015). Multivariate time series modeling for information security data, Journal of the Korean Data Analysis Society, 17, 1309-1318.
  2. Jeong, H. C. (2010). Study on AHP and non-parametric verification on the importance of the diagnosis indicators of personal information security level, Journal of the Korean Data Analysis Society, 12, 1499-1510.
  3. Jeong, H. C. (2012). A study on Korea domain registration forecasting, Journal of the Korean Data Analysis Society, 14, 1889-1898.
  4. Jeong, H. C. (2013). A development of spam score card using the data mining method, Journal of the Korean Data Analysis Society, 15, 697-707.
  5. Jeong, H. C., Lee, J. C., and Jhun, M. (2012). A study for obtaining weights in pairwise comparison matrix in AHP, The Korean Journal of Applied Statistics, 25, 531-541. https://doi.org/10.5351/KJAS.2012.25.3.531
  6. Lee, J. C., Jhun, M., and Jeong, H. C. (2014). A statistical testing of the consistency index in analytic hierarchy process, The Korean Journal of Applied Statistics, 27, 103-114. https://doi.org/10.5351/KJAS.2014.27.1.103
  7. KISA (2010). The Study on the Public Publication Promotion related to the Information Security, Korea Internet & Security Agency.
  8. KISA (2011). Survey for Information Security Industry in Korea, Korea Internet & Security Agency.
  9. KISA (2012). Internet Security Focus, Statistics, Korea Internet & Security Agency, Available from: http://www.kisa.or.kr/public/library/
  10. Saaty, T. L. (1980). The Analytic Hierarchy Process, McGraw-Hill, New York.
  11. Saaty, T. L. (2003). Decision-making with the AHP: Why is the principle eigenvector necessary, European Journal of Operational Research, 145, 85-91. https://doi.org/10.1016/S0377-2217(02)00227-8
  12. Venables, W. N., Smith, D. M., and The R Development Core Team (2010). An Introduction to R, Available from: http://cran.r-project.org/