• Title/Summary/Keyword: 접속 로그

Search Result 102, Processing Time 0.026 seconds

A Study on Online Fraud and Abusing Detection Technology Using Web-Based Device Fingerprinting (웹 기반 디바이스 핑거프린팅을 이용한 온라인사기 및 어뷰징 탐지기술에 관한 연구)

  • Jang, Seok-eun;Park, Soon-tai;Lee, Sang-joon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1179-1195
    • /
    • 2018
  • Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

A Study on Distributed Processing of Big Data and User Authentication for Human-friendly Robot Service on Smartphone (인간 친화적 로봇 서비스를 위한 대용량 분산 처리 기술 및 사용자 인증에 관한 연구)

  • Choi, Okkyung;Jung, Wooyeol;Lee, Bong Gyou;Moon, Seungbin
    • Journal of Internet Computing and Services
    • /
    • v.15 no.1
    • /
    • pp.55-61
    • /
    • 2014
  • Various human-friendly robot services have been developed and mobile cloud computing is a real time computing service that allows users to rent IT resources what they want over the internet and has become the new-generation computing paradigm of information society. The enterprises and nations are actively underway of the business process using mobile cloud computing and they are aware of need for implementing mobile cloud computing to their business practice, but it has some week points such as authentication services and distributed processing technologies of big data. Sometimes it is difficult to clarify the objective of cloud computing service. In this study, the vulnerability of authentication services on mobile cloud computing is analyzed and mobile cloud computing model is constructed for efficient and safe business process. We will also be able to study how to process and analyze unstructured data in parallel to this model, so that in the future, providing customized information for individuals may be possible using unstructured data.

A Study of Object Pooling Scheme for Efficient Online Gaming Server (효율적인 온라인 게임 서버를 위한 객체풀링 기법에 관한 연구)

  • Kim, Hye-Young;Ham, Dae-Hyeon;Kim, Moon-Seong
    • Journal of Korea Game Society
    • /
    • v.9 no.6
    • /
    • pp.163-170
    • /
    • 2009
  • There is a request from the client, we almost apply dynamic memory allocating method using Accept() of looping method; thus, there could be process of connecting synchronously lots of client in most of On-line gaming server engine. However, this kind of method causes on-line gaming server which need to support and process the clients, longer loading and bottle necking. Therefore we propose the object pooling scheme to minimize the memory fragmentation and the load of the initialization to the client using an AcceptEx() and static allocating method for an efficient gaming server of the On-line in this paper. We design and implement the gaming server applying to our proposed scheme. Also, we show efficiency of our proposed scheme by performance analysis in this paper.

  • PDF

Design and Implementation of National Supercomputing Service Framework (국가 슈퍼컴퓨팅 서비스 프레임워크의 설계 및 구현)

  • Yu, Jung-Lok;Byun, Hee-Jung;Kim, Han-Gi
    • KIISE Transactions on Computing Practices
    • /
    • v.22 no.12
    • /
    • pp.663-674
    • /
    • 2016
  • Traditional supercomputing services suffer from limited accessibility and low utilization in that users(researchers) may perform computational executions only using terminal-based command line interfaces. To address this problem, in this paper, we provide the design and implementation details of National supercomputing service framework. The proposed framework supports all the fundamental primitive functions such as user management/authentication, heterogeneous computing resource management, HPC (High Performance Computing) job management, etc. so that it enables various 3rd-party applications to be newly built on top of the proposed framework. Our framework also provides Web-based RESTful OpenAPIs and the abstraction interfaces of job schedulers (as well as bundle scheduler plug-ins, for example, LoadLeveler, Open Grid Scheduler, TORQUE) in order to easily integrate the broad spectrum of heterogeneous computing clusters. To show and validate the effectiveness of the proposed framework, we describe the best practice scenario of high energy physics Lattice-QCD as an example application.

Asymptotic Performance of MIMO-MC-CDMA Systems in Multi-cell Environments (다중셀 환경에서 MIMO-MC-CDMA시스템의 점근적 성능)

  • Kim, Kyeong-Yeon;Ham, Jae-Sang;Lee, Chung-Yong
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.44 no.7 s.361
    • /
    • pp.47-52
    • /
    • 2007
  • This paper analyzes the output signal-to-interference-plus-noise ratio (SINR) for a multiple-input-multiple-output (MIMO) multicarrier code division multiple access (MC-CDMA) system with minium mean square error receivers in multi-cell environments. A previous work in single cell environments is extended into analysis in multi-cell environments. The use of Haar unitary code matrix for asymptotic analysis causes other cell interferences expressed with a diagonal matrix haying different diagonal values. This paper shows that other cell interferences converge to an identity matrix whose gain is expressed by only other cell interference power in mean square sense and finds asymptotic deterministic SINRs for a given other cell interference. Under the assumption that the sum of lognormal fading components is distributed by other lognormal function, we show the comparison between theoretical performances and simulations from the view point of bit error rate and present average throughput performance according to the cell radius.

A Study on Hacking Attack of Wire and Wireless Voice over Internet Protocol Terminals (유무선 인터넷전화 단말에 대한 해킹 공격 연구)

  • Kwon, Se-Hwan;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.10a
    • /
    • pp.299-302
    • /
    • 2011
  • Recently, Voice over Internet protocol(VoIP) in IP-based wired and wireless voice, as well as by providing multimedia information transfer. Wired and wireless VoIP is easy on illegal eavesdropping of phone calls and VoIP call control signals on the network. In addition, service misuse attacks, denial of service attacks can be targeted as compared to traditional landline phones, there are several security vulnerabilities. In this paper, VoIP equipment in order to obtain information on the IP Phone is scanning. And check the password of IP Phone, and log in successful from the administrator's page. Then after reaching the page VoIP IP Phone Administrator Settings screen, phone number, port number, certification number, is changed. In addition, IP Phones that are registered in the administrator page of the call records check and personal information is the study of hacking.

  • PDF

Detecting Abnormalities in Fraud Detection System through the Analysis of Insider Security Threats (내부자 보안위협 분석을 통한 전자금융 이상거래 탐지 및 대응방안 연구)

  • Lee, Jae-Yong;Kim, In-Seok
    • The Journal of Society for e-Business Studies
    • /
    • v.23 no.4
    • /
    • pp.153-169
    • /
    • 2018
  • Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.

A Method to Acquire Bigdata for Predicting Accidents on Power Switchboards (배전반 안전사고 예측을 위한 빅데이터 자료 획득 방안)

  • Lee, Hyeon Sup;Kim, Jin-Deog
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.351-353
    • /
    • 2021
  • In recent years, while the demand for electricity is rapidly increasing, fire accidents due to negligence in management of switchboards. In particular, switchboards for industrial and electrical resource control can cause serious problems. Thus, for the safety management of power switchboard, a secondary response is conducted to control firing when a specific condition value is satisfied, but in this case, it is highly likely that a considerable amount of time has elapsed after firing. In this paper, we propose a method to acquire big data for the development of a switchboard temperature and power control system that can actively respond to the current situation by monitoring and learning the temperature of the switchboard's busbar connection in real time. Specifically, a method for periodically acquiring and managing data such as temperature and power from various scattered sensors is proposed.

  • PDF

HTTP Request - SQL Query Mapping Scheme for Malicious SQL Query Detection in Multitier Web Applications (Multitier 웹 어플리케이션 환경에서 악의적인 SQL Query 탐지를 위한 HTTP Request - SQL Query 매핑 기법)

  • Seo, Yeongung;Park, Seungyoung
    • Journal of KIISE
    • /
    • v.44 no.1
    • /
    • pp.1-12
    • /
    • 2017
  • The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

A Study on the protection of personal information using a Virtual IDs in an anonymous bulletin board (익명 게시판 환경에서 가상 아이디를 이용한 개인정보보호에 관한 연구)

  • Min, So-Yeon;Jang, Seung-Jae
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.13 no.9
    • /
    • pp.4214-4223
    • /
    • 2012
  • The argument related to the use of real and anonymous names on the Internet bulletin board has recently become a main issue. When using real names, it is possible to violate free discussion and privacy. Also, when using anonymous names, it is possible to have the reverse function of the Internet in regard to the use of malicious replies or the distribution of false ideas. Therefore, this paper has made it possible to prevent the spread of the user's personal information and execute the single log-in process by using the XML-token method which is one of the SSO technologies. Also, by issuing virtual IDs and forming the path when establishing tokens, the anonymous bulletin board which provides anonymity with a conditional tracing process has been suggested. After analyzing the performance of visitor numbers at authentication time, the anonymous bulletin board based on the group signature method showed the average response rate of 0.72 seconds, 0.18 seconds, which was suggested scheme. In the authentication time 4-5 times faster response speed, respectively. Also, since the suggested system does not have to provide a single authentication process or make the user provide his or her signature, the level of user's convenience seems to be much higher. Such a result shows that the system suggested on the anonymous bulletin board has a more appropriate level of user's convenience.