• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.27-36
• /
• 2023

In recent years, ransomware attacks have become more organized and specialized, with the sophistication of attacks targeting specific individuals or organizations using tactics such as social engineering, spear phishing, and even machine learning, some operating as business models. In order to effectively respond to this, various researches and solutions are being developed and operated to detect and prevent attacks before they cause serious damage. In particular, honeypots can be used to minimize the risk of attack on IT systems and networks, as well as act as an early warning and advanced security monitoring tool, but in cases where ransomware does not have priority access to the decoy file, or bypasses it completely. has a disadvantage that effective ransomware response is limited. In this paper, this honeypot is optimized for the user environment to create a reliable real-time dynamic honeypot file, minimizing the possibility of an attacker bypassing the honeypot, and increasing the detection rate by preventing the attacker from recognizing that it is a honeypot file. To this end, four models, including a basic data collection model for dynamic honeypot generation, were designed (basic data collection model / user-defined model / sample statistical model / experience accumulation model), and their validity was verified.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.9-17
• /
• 2017

The opening of public data has been perceived as a critical factor in deciding a country's rise or fall. Since the global economic crisis, countries around the globe have expanded the supply of public data as a new growth engine to create significant economic effects. As a result, there has been a rising demand for a study on the influence of public data in the private sectors. This study attempted to achieve the following objectives. First, the effects of independent variables-system quality, information quality, information security, social influence, innovation and assistance by the public organization- on the intention to use the public data was examined. Second, the effects of the mediating variables - Perceived Ease of Use (PEU) and Perceived Usefulness (PU) - on the independent variables and intention to use (dependent variable) were investigated. Third, after selecting utilization type, frequency of public data usage and frequency of occupational & e-government service usage as moderating variables, their effects on the relationship between the independent variables and dependent variable (intention to use them in the private sector) were studied. It is expected that the study results would be useful in developing strategies aimed to utilize public data in the private sectors.

• The KIPS Transactions:PartD
• /
• v.18D no.6
• /
• pp.481-492
• /
• 2011

Recently, various mobile services are provided by the spread of wireless network infrastructures and smart devices. The improvement of cloud computing technologies increases the interests for enterprise mobile cloud services in various IT companies as well. By increasing the interests for enterprise mobile cloud services, it is necessary to evaluate the use of enterprise mobile cloud services. Therefore, the factors which affect the user acceptance of enterprise mobile cloud services are analyzed on the basis of Davis' technology acceptance model in this research. As analysis results, four external variables have significant effects on perceived ease of use of mobile cloud services. Also, these variables indirectly affect attitude toward using cloud services. The results show that the security is the most important factor for attitude toward using enterprise mobile cloud services. The service users also consider the interoperability as an important factor for the user acceptance of cloud services. The perceived ease of use has more contribution than the perceive usefulness on attitude toward using enterprise mobile cloud services. This research has both industrial and academic contributions because it provides the guideline to companies for introducing the enterprise mobile cloud services and apply the technology acceptance model on new IT services.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.71-77
• /
• 2012

Along with the development of Internet services such as Social Network Service (SNS) and blog Service, the privacy is very important in these services. But personal data is not safety from exposure to internet service. If personal data is leak out, the privacy is disclosed to hacker or illegal person and the personal information can be used in a cyber crime as phishing attacks. Therefore, the model and method that protects to disclose privacy is requested in SNS and blog services. The model must evaluate degree of exposure to protect privacy and the method protects personal information from Internet services. This paper proposes a model to evaluate risk for privacy with property of personal data and exposure level of internet service such as bulletin board. Also, we show a method using degree of risk to evaluate with a proposed model at bulletin board.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.313-317
• /
• 2014

Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.369-375
• /
• 2016

Most companies are willing to spend money on security systems such as DRM, Mail filtering, DLP, USB blocking, etc., for data leakage prevention. However, in many cases, it is difficult that legal team take action for data case because usually the company recognized that after the employee had left. Therefore perceiving one's resignation before the action and building up adequate response process are very important. Throughout analyzing DRM log which records every single file's changes related with user's behavior, the company can predict one's resignation and prevent data leakage before those happen. This study suggests how to prevent for the damage from leaked confidential information throughout building the DRM monitoring process which can predict employee's resignation.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.17-22
• /
• 2019

Network attack analysis and visualization methods using network traffic session data detect network anomalies by visualizing the sender's and receiver's IP addresses and the relationship between them. The traffic flow is a critical feature in detecting anomalies, but simply visualizing the source and destination IP addresses symmetrically from up-down or left-right would become a problematic factor for the analysis. Also, there is a risk of losing timely security situation when designing a visualization interface without considering the temporal characteristics of time-series traffic sessions. In this paper, we propose a visualization interface and analysis method that visualizes time-series traffic data by using the radial axis, divide IP addresses into network and host portions which then projects on the cylindrical coordinate system that could effectively monitor network attacks. The proposed method has the advantage of intuitively recognizing network attacks and identifying attack activity over time.

• The KIPS Transactions:PartD
• /
• v.17D no.2
• /
• pp.167-174
• /
• 2010

When entering the PIN(personal identification number), the greatest security threat is shoulder surfing attack. Shoulder surfing attack is watching the PIN being entered from over the shoulder to obtain the number, and it is the most common and at the same time the most powerful security threat of stealing the PIN. In this paper, a psychology based PINpad technology referred to as DAS(Dynamic Authentication System) that safeguards from shoulder surfing attack was proposed. Also, safety of the proposed DAS from shoulder surfing attack was tested and verified through intuitive viewpoint, shoulder surfing test, and theoretical analysis. Then, a PINpad with an internal DAS that was certified for its safety from shoulder surfing attack was designed and produced. Because the designed PINpad significantly decreases the chances for shoulder surfing attackers being able to steal the PIN when compared to the ordinary PINpad, it was determined to be suitable for use at ATM(automated teller machine)s operated by banks and therefore has been introduced and is being used by many financial institutions.

• Journal of Digital Convergence
• /
• v.19 no.7
• /
• pp.209-215
• /
• 2021

This study is a system development for voice information protection equipment in major meetings and places requiring security. Security performance and stability were secured with information leakage prevention technology through generation of false noise and ultrasonic waves. The cutoff frequency band for blocking the leakage of voice information, which has strong straightness due to the nature of the radio wave to the recording prevention module, blocks the wideband frequency of 20~20,000Hz, and the deception jamming technology is applied to block the leakage of voice information, greatly improving the security. To solve this problem, we developed a system that blocks the recording of a portable smartphone using a battery, and made the installation of a separate device smaller and lighter so that customers do not recognize it. In addition, it is necessary to continuously study measures and countermeasures for efficiently using the output of the anti-recording speaker for long-distance recording prevention.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.4
• /
• pp.863-867
• /
• 2021

In this paper, in order to hide the watermark in the LSB of the color image, a color image watermarking technique with high security is proposed by using the adjacent pixels of the image and the spatial encryption technique. According to the technique proposed in this paper, the quality of the stego-image generated by hiding the watermark in the LSB of the color image is so excellent that the difference from the original image cannot be recognized, and the original watermark can be extracted from the stego-image without loss. If the watermark is hidden in the image using the proposed technique, the security of the watermark is maintained very high because the watermark hidden in the stego-image is multi-encrypted. The proposed watermarking technique can be used in applications such as military and intellectual property protection that require high security.