• The Journal of the Korea Contents Association
• /
• v.16 no.11
• /
• pp.139-153
• /
• 2016

Cyber incident collected from cyber-threat-intelligence sharing Center is growing rapidly due to expanding malicious code. It is difficult for Incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems the existing Similarity Analysis Method is based on single or multiple cyber observable of similar incidents from Cyber Attacks data mining. This method reduce the workload for the analysis but still has a problem with enhancing the unreality caused by the provision of improper and ambiguous information. We propose a incident analysis model performed similarity analysis on the hierarchically classified cyber observable based on cyber incident that can enhance both availability by the provision of proper information. Appling specific cyber incident analysis model, we will develop a system which will actually perform and verify our suggested model.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.5
• /
• pp.1044-1051
• /
• 2003

This paper surveys the EBP(Error Back Propagation) learning, the Cross Entropy function and the LBL(Layer By Layer) learning, which are used for learning the MLP(Multi Layer Perceptrons). We compare the merits and demerits of each learning method in the handwritten digit recognition. Although the speed of EBP learning is slower than other learning methods in the initial learning process, its generalization capability is better. Also, the speed of Cross Entropy function that makes up for the weak points of EBP learning is faster than that of EBP learning. But its generalization capability is worse because the error signal of the output layer trains the target vector linearly. The speed of LBL learning is the fastest speed among the other learning methods in the initial learning process. However, it can't train for more after a certain time, it has the lowest generalization capability. Therefore, this paper proposes the standard of selecting the learning method when we apply the MLP.

• Journal of the Korea Society for Simulation
• /
• v.17 no.3
• /
• pp.95-105
• /
• 2008

In this paper, we propose the DAMMC(Distributed Authentication Model using Multi-level Cluster) for wireless sensor networks. The proposed model is that one cluster header in m-layer has a role of CA(Certificate Authority) but it just authenticates sensor nodes in lower layer for providing an efficient authentication without authenticating overhead among clusters. In here, the m-layer for authentication can be properly predefined by user in consideration of various network environments. And also, the DAMMC uses certificates based on the threshold cryptography scheme for more reliable configuration of WSN. Experimental results show that the cost of generation and reconfiguration certification are decreased but the security performance are increased compared to the existing method.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2003

In the distributed-computing environment, applications or users have to share resources and communicate with each other in order to perform their jobs more efficiently. In this case, it is important to keep resources and information integrity from the unexpected use by the unauthorized user. Therefore, there is a steady increase in need for a reasonable way to authentication and access control of distributed-shared resources. In RBAC, there are role hierarchies in which a higher case role can perform permissions of a lower case role. No vise versa. Actually, however, it is necessary for a lower case role to perform a higher case role's permission, which is not allowed to a lower case role basically. In this paper, we will propose a permission delegation method, which is a permission delegation server, and a permission delegation protocols with the secret key system. As the result of a permission delegation, junior roles can perform senior role's permissions or senior role itself on the exceptional condition in a dedicated interval.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.25-32
• /
• 2018

Cyber hackings are increasing and becoming more intelligent. The government and private companies conduct various information protection activities by investing lots of money and employing security personnel to protect import ant assets and personal information. It is important to evaluate the efficiency of the information protection activities that cost lots of money and manpower. However, the studies on the efficiency of the information protection activities were mainly conducted for government agencies the information of which is more readily available. This study suggests a model that can evaluate the efficiency of the activities of information protection and information security certification of various private companies. Our model evaluates the efficiency of the information protection activities by applying AHP and DEA on the information that are publicly announced by the private companies. Our model identifies the DMUs that are efficiently operated and suggests the improvement policies for the DMU that are non-efficiently operated.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.91-99
• /
• 2020

The purpose of this study is to present the application of Information and Communication Technology(ICT) during the 4th Industrial Revolution for the efficient implementation of government emergency preparedness policies. Brainstorming by experts categorized the government's emergency preparedness policies into 4 types and 12 detailed tasks. Classification results were used by AHP(Analytic Hierarchy Process) to analyze relative importance and priorities. The AHP survey found that strengthening crisis management responsiveness was the most important detailed task. Artificial Intelligence(AI), Internet of Things(IoT), Unmanned Autonomy System, Virtual Reality(VR), and Augmented Reality(AR) were presented as major information and communication technology(ICT) for the efficient execution of detailed tasks.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.29-34
• /
• 2007

This paper proposes RCB(Reduced Compact Binary) trie to correct faults of CB(Compact Binary) trie. First, in the case of CB trie, a compact structure was tried for the first time, but as the amount of data was increasing, that of inputted data gained and much difficulty was experienced in insertion due to the dummy nods used in balancing trees. On the other hand, if the HCB trie realized hierarchically, given certain depth to prevent the map from increasing on the right, reached the depth, the method for making new trees and connecting to them was used. Eventually, fast progress could be made in the inputting and searching speed, but this had a disadvantage of the storage space becoming bigger because of the use of dummy nods like CB trie and of many tree links. In the case of RCB trie in this thesis, a capacity is increased by about 60% by completely cutting down dummy nods.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.565-574
• /
• 2003

This paper implements an intrusion detection message exchange protocol library (IDMEPL) for SDMS-RTIR, which Korea Information Security Agency (KISA) has developed to hierarchically detect and respond to network vulnerability scan attacks. The IDMEPL, based on the IDMEF and the IAP of the IDWG, enables SDMS-RTIR to interact with other intrusion detection systems (IDS) in realtime, and supports the TLS protocol to prevent security threats in exchanging messages between its server and its agents. Especially, with the protocol selection stage, the IDMEPL can support various protocols such as the IDXP besides the IAP. Furthermore, it can allow for agents to choose an appropriate security protocol for their own network, achieving security stronger than mutual authentication. With the IDMEPL, SDMS-RTIR can receive massive intrusion detection messages from heterogeneous IDSes in large-scale networks and analyze them.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.23-28
• /
• 2019

Cloud services are services developed to serve a wider variety of users in different fields. However, although cloud services are designed to reflect the needs of different users, a variety of security damages resulting from them are increasing and technologies are needed to address them. This paper proposes a user signature management model that prevents third parties from exploiting the user's signature in a heterogeneous cloud The proposed model strengthens the functionality of the intermediate devices that make up the hierarchical cloud while also managing the signature information of the partitioned user. As a result of the performance assessment, the proposed model not only distributed user signature management, but also improved efficiency by 8.5% on average because intermediate devices distributed user signature processing, and reduced the user's signature latency by 13.3% on average when performing user authentication processing. On average, the overhead generated by intermediate devices processing a user's signature was 10.1 percent lower than that of conventional techniques.