• The Journal of Bigdata
• /
• v.5 no.2
• /
• pp.43-52
• /
• 2020

With the development of data technology, storing and sharing of data has increased, resulting in privacy invasion. Although de-identification technology has been introduced to solve this problem, it has been proved many times that identifying individuals using de-identified data is possible. Even if it cannot be completely safe, sufficient de-identification is necessary. But current laws and regulations do not quantitatively specify the degree of how much de-identification should be performed. In this paper, we propose an appropriate de-identification criterion considering the time required for re-identification. We focused on the case of using the k-anonymity model among various privacy models. We analyzed the time taken to re-identify data according to the change in the k value. We used a re-identification method based on linkability. As a result of the analysis, we determined which k value is appropriate. If the generalized model can be developed by results of this paper, the model can be used to define the appropriate level of de-identification in various laws and regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.295-310
• /
• 2014

DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.

• Journal of Intelligence and Information Systems
• /
• v.23 no.1
• /
• pp.143-159
• /
• 2017

Due to the rapid development of IT in recent years, not only personal information but also the key technologies and information leakage that companies have are becoming important issues. For the enterprise, the core technology that the company possesses is a very important part for the survival of the enterprise and for the continuous competitive advantage. Recently, there have been many cases of technical infringement. Technology leaks not only cause tremendous financial losses such as falling stock prices for companies, but they also have a negative impact on corporate reputation and delays in corporate development. In the case of SMEs, where core technology is an important part of the enterprise, compared to large corporations, the preparation for technological leakage can be seen as an indispensable factor in the existence of the enterprise. As the necessity and importance of Information Security Management (ISM) is emerging, it is necessary to check and prepare for the threat of technology infringement early in the enterprise. Nevertheless, previous studies have shown that the majority of policy alternatives are represented by about 90%. As a research method, literature analysis accounted for 76% and empirical and statistical analysis accounted for a relatively low rate of 16%. For this reason, it is necessary to study the management model and prediction model to prevent leakage of technology to meet the characteristics of SMEs. In this study, before analyzing the empirical analysis, we divided the technical characteristics from the technology value perspective and the organizational factor from the technology control point based on many previous researches related to the factors affecting the technology leakage. A total of 12 related variables were selected for the two factors, and the analysis was performed with these variables. In this study, we use three - year data of "Small and Medium Enterprise Technical Statistics Survey" conducted by the Small and Medium Business Administration. Analysis data includes 30 industries based on KSIC-based 2-digit classification, and the number of companies affected by technology leakage is 415 over 3 years. Through this data, we conducted a randomized sampling in the same industry based on the KSIC in the same year, and compared with the companies (n = 415) and the unaffected firms (n = 415) 1:1 Corresponding samples were prepared and analyzed. In this research, we will conduct an empirical analysis to search for factors influencing technology leakage, and propose an early warning system through data mining. Specifically, in this study, based on the questionnaire survey of SMEs conducted by the Small and Medium Business Administration (SME), we classified the factors that affect the technology leakage of SMEs into two factors(Technology Characteristics, Organization Characteristics). And we propose a model that informs the possibility of technical infringement by using Support Vector Machine(SVM) which is one of the various techniques of data mining based on the proven factors through statistical analysis. Unlike previous studies, this study focused on the cases of various industries in many years, and it can be pointed out that the artificial intelligence model was developed through this study. In addition, since the factors are derived empirically according to the actual leakage of SME technology leakage, it will be possible to suggest to policy makers which companies should be managed from the viewpoint of technology protection. Finally, it is expected that the early warning model on the possibility of technology leakage proposed in this study will provide an opportunity to prevent technology Leakage from the viewpoint of enterprise and government in advance.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.11
• /
• pp.449-456
• /
• 2021

An intrusion detection system is a technology that detects abnormal behaviors that violate security, and detects abnormal operations and prevents system attacks. Existing intrusion detection systems have been designed using statistical analysis or anomaly detection techniques for traffic patterns, but modern systems generate a variety of traffic different from existing systems due to rapidly growing technologies, so the existing methods have limitations. In order to overcome this limitation, study on intrusion detection methods applying various machine learning techniques is being actively conducted. In this study, a comparative study was conducted on data preprocessing techniques that can improve the accuracy of anomaly detection using NGIDS-DS (Next Generation IDS Database) generated by simulation equipment for traffic in various network environments. Padding and sliding window were used as data preprocessing, and an oversampling technique with Adversarial Auto-Encoder (AAE) was applied to solve the problem of imbalance between the normal data rate and the abnormal data rate. In addition, the performance improvement of detection accuracy was confirmed by using Skip-gram among the Word2Vec techniques that can extract feature vectors of preprocessed sequence data. PCA-SVM and GRU were used as models for comparative experiments, and the experimental results showed better performance when sliding window, skip-gram, AAE, and GRU were applied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.721-728
• /
• 2013

Big data is one of the most spotlighted technological trends in these days, enabling new methods to handle huge volume of complicated data for a broad range of applications. Real-time network traffic analysis essentially deals with big data, which is comprised of different types of log data from various sensors. To tackle this problem, in this paper, we devise a big data based platform, RENTAP, to detect and analyse malicious network traffic. Focused on military network environment such as closed network for C4I systems, leading big data based solutions are evaluated to verify which combination of the solutions is the best design for network traffic analysis platform. Based on the selected solutions, we provide detailed functional design of the suggested platform.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.369-383
• /
• 2018

User authentication using PIN input or lock pattern is widely used as a user authentication method of smartphones. However, it is vulnerable to shoulder surfing attacks and because of low complexity of PIN and lock pattern, it has low security. To complement these problems, keystroke dynamics have been used as an authentication method for complex authentication and researches on this have been in progress. However, many studies have used imposter data in classifier training and validation. When keystroke dynamics authentications are actually applied in reality, it is realistic to use only legitimate user data for training, and using other people's data as imposter training data may result in problems such as leakage of authentication data and invasion of privacy. In response, in this paper, we experiment and obtain the optimal ratio of the thresholds for distance based classification. By suggesting the optimal ratio, we try to contribute to the real applications of keystroke authentications.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.296-301
• /
• 2010

Radio frequency identification(RFID) system can identify an object using wireless transmission. RFID applications are numerous and far reaching. The most interesting and widely used applications are supply chain management for companies. Currently, RFID tags must be detached or killed for security and privacy reasons when tagged objects are purchased. In this paper, we present a new architecture that transfers information about products from the electronic product code information services (EPCIS) server of a company to an individual's personal purchases management (PPM) server when products with RFID codes are sold. It solves the security and privacy issues without detaching the tag. Moreover, the PPM server described in this paper allows customers to handle the expiration dates, updates, location management, and group management of products.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2015

As the number of smartphone users is increasing with the development of mobile devices, the range of monetary transaction from the individual use is increasing. Therefore, hacking methods are diversified and the information forgery of mobile devices has been a current issue. The forgery via apps in mobile devices is a hacking method that creates an app similar to well-known apps to deceive the users. The forgery attack corresponds to the violation of integrity, one of three elements of security. Due to the forgery, the value and credibility of an app decreases with the risk increased. With the forgery in app, private information and data can be stolen and the financial losses can occur. This paper examined the forgery, and suggested a way to detect it, and sought the countermeasure to the forgery.

• Journal of KIISE:Software and Applications
• /
• v.35 no.2
• /
• pp.59-69
• /
• 2008

Automatic obfuscation is known to be the most viable method for preventing reverse engineering intentional1y making code more difficult to understand for security purposes. In this paper, we study and implement an obfuscation method for protecting MS Visual C++ programs against attack on the intellectual property in software like reverse engineering attack. That is, the paper describes the implementation of a code obfuscator, a tool which converts a Visual C++ source program into an equivalent one that is much harder to understand. We have used ANTLR parser generator for handling Visual C++ sources, and implemented some obfuscating transformations such as 'Remove comments', 'Scramble identifiers', 'Split variables', 'Fold array', 'Insert class', 'Extend loop condition', 'Add redundant operands', and 'Insert dead code'. We have also evaluated the performance and effectiveness of the obfuscator in terms of potency, resilience, and cost. When the obfuscated source code has been compared with the original source code, it has enough effectiveness for software protection though it incurs some run-time overheads.

• The KIPS Transactions:PartA
• /
• v.14A no.1 s.105
• /
• pp.1-14
• /
• 2007

MPICH-G2 is an MPI implementation to solve complex computational problems by utilizing geographically dispersed computing resources in grid environments. However, the computation nodes in MPICH-G2 are exposed to the external network due to the lack of supporting the private IP clusters, which raises the possibility of malicious security attacks. In order to address this problem, we propose MPICH-GP with a new relay scheme combining NAT(Network Address Translation) service and an user-level proxy. The proxy running on the front-end system of private IP clusters forwards the incoming connection requests to the systems inside the clusters. The outgoing connection requests out of the cluster are forwarded through the NAT service on the front-end system. Through the connection path between the pair of processes, the requested MPI jobs can be successfully executed in grid environments with various clusters including private IP clusters. By simulations, we show that the performance of MPICH-GP reaches over 80% of the performance of MPICH-G2, and over 95% in ease of using RANK management method.