• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• Fire Science and Engineering
• /
• v.25 no.2
• /
• pp.39-46
• /
• 2011

In correctional facilities with majority of occupants in custody, the safe evacuation guide without getaway accidents should be very important due to complexity in escape paths. Fire causes are various in correctional facilities, for example, arson fire is a major cause in mental treatment facilities, however, old facilities or carelessness of flammable materials consist of fire causes in jail facilities. Both types of correctional facilities are the same in terms of many casualties from the fire cases. The thesis focus on escape paths and evacuation guide plans on the basis of analysis on fire cases and structural vulnerability, and then an electronic unlocking system is concededly installed for safe evacuation of occupants in custody without getaway accidents. Especially, the effect of the electronic unlocking system is going to be analyzed on the basis of RSET (required safe egress time) in order to realize for the occupants to evacuate safely to the front yard in case of emergency. In conclusion, if electronic security allowed system with USN (Ubiquitous Sensor Networks) technology should be installed in multi-storey correctional buildings, it is proposed that the occupants in custody might be a guided safely without getaway trials.

• The Journal of the Korea Contents Association
• /
• v.21 no.12
• /
• pp.896-905
• /
• 2021

In the field of SIEM(Security information and event management), many studies try to use a feedback system to solve lack of completeness of training data and false positives of new attack events that occur in the actual operation. However, the current feedback system requires too much human inputs to improve the running model and even so, those feedback from inexperienced analysts can affect the model performance negatively. Therefore, we propose "active model improving feedback technology" to solve the shortage of security analyst manpower, increasing false positive rates and degrading model performance. First, we cluster similar predicted events during the operation, calculate feedback priorities for those clusters and select and provide representative events from those highly prioritized clusters using XAI (eXplainable AI)-based event visualization. Once these events are feedbacked, we exclude less analogous events and then propagate the feedback throughout the clusters. Finally, these events are incrementally trained by an existing model. To verify the effectiveness of our proposal, we compared three distinct scenarios using PKDD2007 and CSIC2012. As a result, our proposal confirmed a 30% higher performance in all indicators compared to that of the model with no feedback and the current feedback system.

• KNOM Review
• /
• v.23 no.2
• /
• pp.18-28
• /
• 2020

With the development of the virtual community, the benefits that IT technology provides to people in fields such as healthcare, industry, communication, and culture are increasing, and the quality of life is also improving. Accordingly, there are various malicious attacks targeting the developed network environment. Firewalls and intrusion detection systems exist to detect these attacks in advance, but there is a limit to detecting malicious attacks that are evolving day by day. In order to solve this problem, intrusion detection research using machine learning is being actively conducted, but false positives and false negatives are occurring due to imbalance of the learning dataset. In this paper, a Random Oversampling method is used to solve the unbalance problem of the UNSW-NB15 dataset used for network intrusion detection. And through experiments, we compared and analyzed the accuracy, precision, recall, F1-score, training and prediction time, and hardware resource consumption of the models. Based on this study using the Random Oversampling method, we develop a more efficient network intrusion detection model study using other methods and high-performance models that can solve the unbalanced data problem.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.2
• /
• pp.201-208
• /
• 2024

In this study, we investigated whether the evacuation time according to the exit installation standards specified in the building code during a food factory fire is compatible with the evacuation time based on the performance-based design specified by the fire department, in order to determine if evacuation safety is ensured. We used the Pathfinder program to confirm the evacuation time, and experimented with three scenarios for exit installation standards towards the outside of the building: 60m, 80m, and 100m. The target building in the experiment corresponded to the building code's exit installation standard of 100m from each dwelling. The experimental results showed tt in the cases of 80m and 100m, ASET exceeded RSET, indicating tt evacuation safety was not ensured, while in the case of 60m, evacuation safety was maintained. Through this study, it was confirmed tt even when the exit installation standards towards the outside of the building are met, evacuation safety may not be guaranteed.

• Journal of forensic and investigative science
• /
• v.2 no.1
• /
• pp.32-51
• /
• 2007

Serial violent crimes have occurred more frequently. Additional attention is paid to relevant areas in which discussions has also increased. This study analyzed Young-cheol Yoo, serial killer case. Two of Yoo's crimes were studied for modus operandi. The cases selected were the premeditated break-in homicide of upper-class elderly people and the impulsive homicide of the Hwanghak-Dong street vendor. Crime motives, targets, times, places, means and methods were analyzed. Profiling techniques in Young-cheol Yoo cases were evaluated and the problems discovered during investigation were discussed. The followings are the findings of the analysis of the serial killer Yoo cases. Yoo exhibited a hatred toward the rich, the elderly, and women as well as a fear of diseases and death. Yoo's crime targets were the elderly residing in wealthy houses, street vendors and prostitutes. The numbers of victims were: 3 men and 5 women victims in 4 homicide cases involving the elderly residents in wealthy houses; one man in 1 street vendor homicide case 11 women in 11 prostitute homicide cases, so total 20 persons were murdered in 16 cases. The time of the crimes were between 10 am and noon in the homicide cases of the elderly and very late at night or early in the morning in the prostitute homicide cases. Means and methods facilitated include the use of a knife as a threat and a hammer made by Yoo to strike the head and face of victims. In the homicide cases involving the elderly, he attempted to disguise the crime scene as a burglary or committed arson to destroy the evidence; in the prostitute homicide cases, bodies were mutilated and buried in secret. 1) Generally each serial killer case has different characteristics, motives, and purposes; while some serial killer cases involve similar methods, others use different methods. Unlike other crimes, serial killers' characteristics and tastes are very different, so it is difficult to explain serial killings based on a specific model. It is important to accurately capture modus operandi of each serial killing and for detectives to familiarize themselves with them. The process of tracing and use of imagination which follows a serial killer's psychology and thought must be used to find out what kind of thoughts pushed the killer to commit the crime. In order to investigate and research difficult subjects such as serial killing, various methods, skills, and relevant knowledge should be studied, and institutional endeavors should go hand in hand with individual efforts.

• Journal of Sericultural and Entomological Science
• /
• v.52 no.2
• /
• pp.134-141
• /
• 2014

This study was examined the pollinating activity and the economical effect according to numbers released of Apis mellifera in the $825m^2$ strawberry (Seolhyang var.) vinyl-houses. The time-zone of pollinating activity relative to numbers of honeycomb released at the strawberry (Seolhyang var.) vinyl-houses was together from 9A.M. to 4P.M., and the peak time of pollinating activity was 11A.M.. The effects on pollinating activity relative to the honeycomb numbers in the honeybee hive released at the strawberry houses were ordered 5 honeycombs (11,000 heads), 4 honeycombs (8,800 heads) and 3 honeycombs (6,600 heads). The rate of workers lost in A. mellifera hives with 5 honeybee combs and 4 honeycombs during the strawberry cultivating period were lower than that of 3 honeycombs. The rates of fruit set by pollinating activity relative to the honeycomb numbers in the honeybee hive released at the strawberry vinyl-houses were same level with over 98%. The fruit qualities; No. of seeds, sugar content and rate of normal fruit set were same level, but fruit weights were ordered 5 honeycombs in 37.2 g, 4 honeycombs in 35.6 g and 3 honeycombs in 32.6 g. The marketing incomes of 4 honeycombs and 5 honeycombs were 9% to 13% higher than that of 3 honeycombs, respectively. Therefore, when the strawberry (Seolhyang var.) was planted at $825m^2$ of a vinyl-houses, it was surveyed that the most suitable numbers of honeycomb were over 4 honeycombs (8,800 heads).

• Water for future
• /
• v.5 no.1
• /
• pp.27-36
• /
• 1972

This thesis is the study of the rainfall probability depth in the major areas of Korea, such as Seoul, Pusan and Taegu. The purpose of the paper is to analyze the rainfall in connection with the safe planning of the hydraulic structures and with the project life. The methodology used in this paper is the statistical treatment of the rainfall data in the above three areas. The scheme of the paper is the following. 1. The complementation of the rainfall data We tried to select the maximm values among the values gained by the three methods: Fourier Series Method, Trend Diagram Method and Mean Value Method. By the selection of the maximum values we tried to complement the rainfall data lacking in order to prevent calamities. 2. The statistical treatment of the data The data are ordered by the small numbers, transformed into log, $\sqrt{}, \sqrt[3]{}, \sqrt[4], and$\sqrt[5], and calculated their statistical values through the electronic computer. 3. The examination of the distribution types and the determination of the optimum distibution types By the $x^2-Test$ the distribution types of rainfall data are examined, and rejected some part of the data in order to seek the normal rainfall distribution types. In this way, the optimum distribution types are determined. 4. The computation of rainfall probability depth in the safety project life We tried to study the interrelation between the return period and the safety project life, and to present the rainfall probability depth of the safety project life. In conclusion we set up the optimum distribution types of the rainfall depths, formulated the optimum distributions, and presented the chart of the rainfall probability depth about the factor of safety and the project life.ct life.

• Korean Security Journal
• /
• no.36
• /
• pp.255-292
• /
• 2013

Burglary (also called breaking and entering and sometimes housebreaking) is a crime, the essence of which is illegal entry into a building for the purposes of committing an offence. It is one of the most common types of crime and also a serious issue for every society. A house that is left insecure is an accessible and attractive target for burglars and therefore burglary resistance test & certification system for doors and windows has been developed in many countries. This paper explores several advanced foreign burglary resistance test/certifcation cases (the British SBD, the Dutch KOMO SKH/SKG, the Japanese CP mark, the Australian Standard Certification) for security products and domestic test/certification systems for fire safety products as a comparative study so that any improvement points can be gained for South Korea in the field of security product performance. The comparative analysis results show that South Korea is far behind the security product certification system and needs a lot of improvement in the system by benchmarking foreign cases. The domestic test/certification systems for fire safety products also give some insights for burglary-related security products' performance certification system in Korea. Overall, the need for relevant rules and regulations, the establishment of standards regarding testing and certification, including certified security +hardware product in building security certification system, performance testing as well as production testing (i.e. quality management system evaluation), the basic competency of testers, incentive system for certified/high quality security products were suggested in order to make an optimal model for the security production performance testing and certification system in Korea.

• Fire Science and Engineering
• /
• v.15 no.1
• /
• pp.23-33
• /
• 2001

The utility tunnels are the important facility as a mainstay of country because of the latest communication developments. However, the utilities tunnel is difficult to deal with in case of a fire accident. When a cable burns, the black smoke containing poisonous gas will be reduced. This black smoke goes into the tunnel, and makes it difficult to extinguish the fire. Therefore, when there was a fire in the utility tunnel, the central nerves of the country had been paralyzed, such as property damage, communication interruption, in addition to inconvenience for people. This paper is based on the fire occurred in the past, and reenacting the fire by making the real utilities tunnel model. The aim of this paper is the scientific analysis of the character image of the fire, and the verification of each fire protection system whether it works well after process of setting up a fire protection system in the utilities tunnel at a constant temperature. The fire experiment was equipped with the linear heat detector, the fire door, the connection water spray system and the ventilation system in the utilities tunnel. Fixed portion of an electric power supply cable was coated with a fire retardant coating, and a heating tube was covered with a fireproof. The result showed that the highest temperature was $932^{\circ}c$ and the linear heat detector was working at the constant temperature, and it pointed at the place of the fire on the receiving board, and Fixed portion of the electric power supply cable coated with the fire retardant coating did not work as the fireproof. The heating tube was covered with the fireproof about 30 minutes.