• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.187-196
• /
• 2016

Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.11-20
• /
• 2019

Numerous enterprises, organizations and individual users are exposed to large DDoS (Distributed Denial of Service) attacks. DDoS attacks are performed through a BotNet, which is composed of a number of computers infected with a malware, e.g., zombie PCs and a special computer that controls the zombie PCs within a hierarchical chain of a command system. In order to detect a malware, a malware detection software or a vaccine program must identify the malware signature through an in-depth analysis, and these signatures need to be updated in priori. This is time consuming and costly. In this paper, we propose a botnet detection scheme that does not require a periodic signature update using an artificial neural network model. The proposed scheme exploits Word2Vec and accelerated hierarchical density-based clustering. Botnet detection performance of the proposed method was evaluated using the CTU-13 dataset. The experimental result shows that the detection rate is 99.9%, which outperforms the conventional method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.421-430
• /
• 2010

Now a days, as a communications network is being broadband, IPTV(Internet Protocol Television) service which provides various two-way TV service is increasing. But as the data which is transmitted between IPTV set-top box and smart card is almost transmitted to set-top box, the illegal user who gets legal authority by approaching to the context of contents illegally using McComac Hack Attack is not prevented perfectly. In this paper, set-top box access security model is proposed which is for the protection from McComac Hack Attack that tries to get permission for access of IPTV service illegally making data line which is connected from smart card to set-top box by using same kind of other set-top box which illegal user uses. The proposed model reports the result of test which tests the user who wants to get permission illegally by registration the information of a condition of smart card which is usable in set-top box in certification server so that it prevents illegal user. Specially, the proposed model strengthen the security about set-top box by adapting public key which is used for establishing neighbor link and inter-certification process though secret value and random number which is created by Pseudo random function.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.49 no.9
• /
• pp.55-64
• /
• 2012

Until now, Side Channel Attack has been known to be effective to crack decrypt key such as smart cards, electronic passports and e-ID card based on Chip. Combination of Masking and shuffling methods have been proposed practical countermeasure. Newly, S.Tillich suggests biased-mask using template attack(TA) to attack AES with masking and shuffling. However, an additional assumption that is acquired template information previously for masking value is necessary in order to apply this method. Moreover, this method needs to know exact time position of the target masking value for higher probability of success. In this paper, we suggest new practical method called Biasing Power Analysis(BPA) to find a secret key of AES based on masking-shuffling method. In BPA, we don't use time position and template information from masking value. Actually, we do experimental works of BPA attack to 128bit secret key of AES based on masking-shuffling method performed MSP430 Chip and we succeed in finding whole secret key. The results of this study will be utilized for next-generation ID cards to verify physical safety.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.251-257
• /
• 2004

Todays, the more information technologies(IT) like internet is developed, the more main facilities of individuals and social organizations get deeply involved in IT. Also, the trend of cyber threats such as internet worms and viruses is moving from local pc attacks to IT infrastructure attacks by exploiting inherent vulnerabilities of IT. Social organizations has a limit to response these attacks individually, and so the systematic coordinate center for social organizations is necessary. To analyze and share cyber threat information is performed prior to the construction of the coordinate center. In this paper, we survey domestic alert systems for cyber threats of related organizations and companies, and then classify them into two categories by the range of threat assessment: global alert systems for global If infrastructure and individual alert systems for each threat. Next, we identify problems of domestic alert systems and suggest approaches to resolve them.

• Journal of Korean Academy of Nursing
• /
• v.5 no.1
• /
• pp.48-58
• /
• 1975

대부분의 정신과적 위기 (자살시도.도주 공격적 파괴적행동.싸움 등)는 노여움이 원인이 되는데 심한 불안. 초초나 또는 규칙등을 위반하였을 때에. 고지식한 병원직원들의 마구 다툼에 의해서 자신의 권리나 존엄성을 모욕 받았다고 생각될 때 그것에 대한 반응으로 일어나게 된다. 이러한 환자들의 흥분및 공격적 파괴적 행동들에 대해서 우리 간호원들은 과연 겁내야 하며 곧 진정제를 투여하거나 강박의를 입혀야 하는가 하는 것이 이 연구의 촛점이다. 본인은 이러한 환자들의 위기상황에 성급한 행동들이 주어지기에 앞서 과학적이고 체계적인 간호적 이해가 따른다면 환자들의 태도는 휠씬 달라질 수 있을 것이라는 가정하에 국립정신 병원에서 1973년 6월 1일부터 9월30일까지 실험군 10명. 통제군 10명의 환자에게 관찰기 (5일). 간호기(5일). 후반기 (5일)로 나누어 실험군에는 간호기에 유효적절한 과학적 체계적 간호를 실시하고. 통제군에는 실시하지 않음으로써 그 효과도를 검증하였다. 환자의 치료에는 간호적 치료이외에도 약물요법, 정신치료. 충격요법 등 관계 요인이 많으므로. 이러한 기간동안의 환자의 행동변화가 간호적 치료 (Nursing Therapy)에 의해 변화된 것인가를 확인하기 위해 검증하였다. 그 결과는 다음과 같다. (P<.01) 표6. 7에서 관찰기. 간호기. 후반기 동안의 정신과 응급 행동의 빈도는, 실험군에서는 15.4. 7.0. 2.9 로 감소되어 p <.01의 수준에서 의미 있는 변화임이 밝혀졌고, 통제군에서는 10.6. 6.9. 6.6으로 행동빈도가 감소되었으나 p >.05의 수준에서 의미 있는 변화가 아님을 보이고 있다. 위의 결과들로 미루어 본 연구는 다음과 같은 결론을 내릴 수 있을 것이라고 생각한다. \circled1환자의 위기 행동에 관한 사전의 이해없이 무조건의 안정제 투여와 강박의 사용은 금해야 할 것이다. \circled2유효 적절한 자학적 체계적 간호치료 (Scientific & Systematic Nursing Therapy 로서 정신과적 위기는 해 결될 수 있을 것이다. \circled3간호원은 치료적 요원의 역할을 담당할 수 있을 것이다. 본 논문을 시종 지도하여 주신 이부영선생님과 조언을 주신 이은옥 선생님. 이귀향 선생님. 그리고 국립정신병원의 김종해선생님, 보건대학원의 이영환 선생님께 진심으로 감사를 드리며. 아울러, 실험에 협력하여 주신 모든 분들께도 감사를 드립니다.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.215-225
• /
• 2011

This paper suggests several methods of improving information securities of universities through the investigations of the current status of information securities in universities, which is becoming a hot topic in knowledge and information societies. In this paper, universities were randomly selected according to their size, and surveyed through email questionnaire to the persons in charge of security in each university, and 27 universities and 18 colleges were replied. From the survey results we confirmed that the pre-prevention is the most important thing in securing information assets, also in universities, and, in this paper, systematic support must be strengthened to establish a comprehensive security management policy and guidelines for the universities, and the importance of information assets and the necessity of security needs to be shared with the members in the universities. Moreover there must be full administrative and financial support, including recruitment and training of information security professionals and the establishing a separate security division.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.129-142
• /
• 2011

Traditionally research in Service Oriented Architecture(SOA) security has focused primarily on exploiting standards and solutions separately. There exists no unified methodology for SOA security to manage risks at the enterprise level. It needs to analyze preliminarily security threats and to manage enterprise risks by identifying vulnerabilities of SOA. In this paper, we propose a metric-based vulnerability assessment method using dynamic properties of services in SOA. The method is to assess vulnerability at the architecture level as well as the service level by measuring run-time dependency between services. The run-time dependency between services is an important characteristic to understand which services are affected by a vulnerable service. All services which directly or indirectly depend on the vulnerable service are exposed to the risk. Thus run-time dependency is a good indicator of vulnerability of SOA.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.25-34
• /
• 2016

This paper shall suggest the improvement model for invigorating cyber threat information sharing from the national level, which includes, inter alia, a comprehensive solutions such as the legislation of a guideline for information sharing, the establishment of so-called National Center for Information Sharing, the construction and management of a integrated information system, the development of techniques for automatizing all the processes for gathering, analyzing and delivering cyber threat information, and the constitution of a private and public joint committee for sharing information, so much so that it intends to prevent cyber security threat to occur in advance or to refrain damage from being proliferated even after the occurrence of incidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.587-601
• /
• 2016

In this paper we suggest method for scalar recoding which is both secure against SPA and DPA. Suggested method is countermeasure to power analysis attack through scalar recoding using negative expression. Suggested method ensures safety of SPA by recoding the operation to apply same pattern to each digit. Also, by generating the random recoding output according to random number, safety of DPA is ensured. We also implement precomputation table and modified scalar addition algorithm for addition to protect against SPA that targets digit's sign. Since suggested method itself can ensure safety to both SPA and DPA, it is more effective and efficient. Through suggested method, compared to previous scalar recoding that ensures safety to SPA and DPA, operation efficiency is increased by 11%.