• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.987-997
• /
• 2012

A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.353-363
• /
• 2021

As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.16 no.1
• /
• pp.25-36
• /
• 2021

This paper presents a topology based on packet tracer and a five-step scenario model to make it easier for students to understand the network on which VLANs are applied. Virtual LAN (VLAN), developed as an alternative solution to the Routers that distribute broadcast traffic, is a virtual local area network that logically configured regardless of the physical network. The VLAN prevents the network performance degradation resulting from the broadcast traffic by dividing the broadcast domain so that the bandwidth can be used more efficiently. In addition, it enhances the security because on communication between the devices belonging to different VLANs is impossible. The five-step scenarios in this paper presented an efficient implementation case for students to understand and validate the various functions of VLANs through ping/telnet/tracert test and simulation, after setting up each step of programming switches and routers in the virtual network.

• Journal of Industrial Convergence
• /
• v.20 no.7
• /
• pp.65-71
• /
• 2022

With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

• Advanced Industrial SCIence
• /
• v.2 no.1
• /
• pp.21-38
• /
• 2023

An attempt has been made in this article to discuss the fundamentals of technical analysis of the stock market. A retail investor or trader may not have the wherewithal to source that kind of information. Technical analysis requires a candlestick chart only. Most of the brokers in India provide charting solutions as well. Studying the price action of a security or commodity or Forex generally indicates a price pattern. Prices react at certain levels and widely known as support and resistance levels. Since whatever is happening with the price of the security is considered to be a part of a pattern or cycle which has already played out sometime in the past, these studies help a keen technical analyst to identify with certain probability, the future movement of the price. Study of the candlestick patterns, price action, volumes and indicators offer the opportunities to identify a high probability trade with probable target and a stop loss. A trader or investor can take high probability trade or position and control only her losses.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.43-50
• /
• 2019

With the development of IT technology, computer-related crimes are rapidly increasing, and in recent years, the damage to ransomware infections is increasing rapidly at home and abroad. Conventional security solutions are not sufficient to prevent ransomware infections, and to prevent threats such as malware and ransomware that are evolving, a combination of deep learning technologies is needed to detect abnormal behavior and abnormal symptoms. In this paper, a method is proposed to detect user abnormal behavior using CNN-LSTM model and various deep learning models. Among the proposed models, CNN-LSTM model detects user abnormal behavior with 99% accuracy.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.73-81
• /
• 2008

We can find easily about researches or technical development that deal with grasping the location of an object with GPS(Global Positioning System) in order to use them as a useful information. Most researches or technical development on application of tracing have been developed for the purpose of tracing objects in broad area as physical distribution or transportation, but recently, there are many researches on tracing materials in premise area as a fork lift, carts, or the equipment of work. In general, a system that utilizes location information of objects needs data communication network to transmit location data and it ensures data communication network by using common networks(SK, LG, KFT) or wireless LAN. However these two methods need monthly payment for the rental fee or require considerable amount of investment for the early stage so it is difficult to use them merely for tracing premise subjects. This study was conducted to build a tracing system for premise area by local area RF relay algorithm with low cost applying RF relay algorithm to local area wireless communication(ZIGBEE, 424MHz, Bluetooth, 900MHz) system in order to supplement these demerits and included relay algorithm, RF locating information terminal, local area RF gab-fillers, a plan for collection server of locating information, and the way of realization as they are needed in this system. I consider that this study would be applicable with flexibility in the industry area that needs tracing solution within a specific area or needs ensuring data communication network, to transmit data in ubiquitous environment, by easier and more rapid way with lower cost.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Journal of Information Technology and Architecture
• /
• v.11 no.4
• /
• pp.427-439
• /
• 2014

Introduction of new information systems due to continuous progress of ICT has made the enterprise IT environment into a mixed pot of various IT resources. Rapidly changing business situation has emphasized the integration of organizational IT resources as one of key competitive advantages. Those distributed IT resources are now demanding to solve the problems not only on their own effective management but also on security and control issues against unauthorized infiltration and information leakages. Under the situation that the number of IT resources is constantly increasing, it is needed to study a management model and its implementation that integrally solves above all problems. In this paper, it is revealed that a directory service can be used to integrally manage distributed IT resources and a directory service based system model for distributed IT resource management is suggested. By implementing an HR solution over active directory service, it is demonstrated that our integrated management model for distributed resources is applicable to real business cases. It is expected that for small and medium sized enterprises with limited IT investments, directory service based IT resource management system can be a cost-effective solution for increasing security threats and lack of governance.