• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.127-130
• /
• 2007

Skin detection research is important role in the 3G of mobile phone for video telephony and security system by using face recognition. We propose skin detection algorithm as preprocessing to the face recognition, and use YCbCr color space. In existing skin detection algorithm using CbCr, skin colors that is brightened by camera flash or sunlight at outdoor in images doesn't acknowledged the skin region. In order to detect skin region accuracy into any circumstance, this paper proposes 3-channel skin detection algorithm.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.13-20
• /
• 2020

Recently, the need of researches and developments about WSN(Wireless Sensor Network) technologies, which can be applied to services that require continuous monitoring or services to specific areas where accesses are limited, has gradually increased due to their expansion of application areas and the improvement of the efficiency. Especially, in the defense field, researches on the latest IT technologies including sensor network areas are actively conducted as an alternative to avoid the risk factors that can be occurred when personnel are put in, such as boundary and surveillance reconnaissance and to utilize personnel efficiently. In this paper, we analyze the conditions for increasing the life span of sensing nodes that make up sensor network by applying clustering and location-based techniques and derived the factors for extending the life span of them. The derived factors include CH(Cluster Head) election scheme and optimal path selection from CH to BS(Base Station). We proposed final scheme using derived factors and verified it through simulation experiments.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.87-93
• /
• 2007

We propose a mobile point-of-sale system, which consists of only mobile information terminals and personal computers. The proposed system provides most of functionalities related with resource planning, adminstration and management, provided by medium-scale or large-scale POS systems, with additional functionalities, such as automatic information gathering and management through mobile interconnection, while eliminating the necessity of additional special-purpose devices, such as bar-code systems. The proposed system transmits order information through wireless and wired communication lines, thus allowing real-time sharing of order information among diverse information devices, such as mobile order receiving terminals, main server within stores, monitors and printers located in production lines. Also, the system is able to transfer such detail information produced within stores in real-time to the enterprise-level accounting, sales, logistics, personnel management system, which facilitate enterprise-wide management and administrative decision-making. No additional programs are required for mobile terminals. Order information received by such terminals are entered into databases through web server of main server and that information is again transferred to main server and production line printers. The proposed system can handle all the point-of-sale information and can provide almost of the POS functionalities by simply utilizing wireless internet, personal computers, and mobile terminals without installing specific-purpose peripheral devices. The proposed system can be widely applied to the small-scale stores and will contribute in reducing construction and maintenance cost required for point-of-sale management.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.83-89
• /
• 2024

After the end of the service of Internet Explorer, the use of ActiveX ended, and the Non-ActiveX policy spread. HTML5 is used as a standard protocol for web pages established based on the Non-ActiveX policy. HTML5, developed in the W3C(World Wide Web Consortium), provides a better web application experience through API, with various elements and properties added to the browser without plug-in. However, new security vulnerabilities have been discovered from newly added technologies, and these vulnerabilities have widened the scope of attacks. There is a lack of research to find possible security vulnerabilities in HTML5-applied websites. This paper proposes a model for detecting tags and attributes with web vulnerabilities by detecting and analyzing security vulnerabilities in web pages of public institutions where plug-ins have been removed within the last five years. If the proposed model is applied to the web page, it can analyze the compliance and vulnerabilities of the web page to date even after the plug-in is removed, providing reliable web services. And it is expected to help prevent financial and physical problems caused by hacking damage.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.37 no.3
• /
• pp.79-94
• /
• 2012

According to the higher dependence of contemporary firms on data digitalization and the information technology, the role and importance of Information Security Management (ISM) is getting higher. Thus, there is a need to arrange proper procedure and a series of device within the organization in order to reduce diverse security risks, which take place from the inside and the outside of firm. In other words, prior examination for reinforcing recognition of ISM, and of a systematic performance method in the refined form is important. This study investigate the key variables influencing the ISM. Thus, this study suggests firm environmental factors that include four exogenous variables, market volatility, task interdependence, perceived benefits, and coordination mechanism affecting awareness of ISM. In addition, it proposes a concept of the ISM process with awareness, development, and performance, and examines the moderating effects of regulatory influence. The research model was tested by using Structural Equation Modeling, via SmartPLS 2.0 analysis on a sample collected from 186 employees in various industries. The research results provide the evidence that supports the tested hypotheses except significance of coordination mechanism. The implications of the findings suggest a new theoretical framework of the ISM and offers important solutions for the practical application guidelines.

• Journal of Service Research and Studies
• /
• v.6 no.3
• /
• pp.79-90
• /
• 2016

Wireless internet service is an important factor to support all industries. In order to connect and use the smart phones or the laptop via a wireless Internet connection, it has been increasing the hacking risks associated with it. As information spills through the DNS address modulation of the Internet router, hacking threats through a wireless router is present. In this paper, we are dealing with the hacking technique utilizing the overall vulnerability of a wireless LAN. We analyzed the need for the wireless LAN security through WEP encryption algorithm and the improved encryption algorithm. In addition, we presented a countermeasure against these hacking technologies which is WEP Crack using wireless vulnerability hacking technology, DDoS attacks, DNS Spoofing.

• Journal of Digital Contents Society
• /
• v.15 no.1
• /
• pp.121-128
• /
• 2014

SSE-CMM for security engineering, engineering, assurance, risk is divided into three elements of the process maturity assessment model and the level of information security presented. Maturity measurement of privacy, vulnerability diagnosis and risk analysis methodologies is used in practical field for present a comprehensive conclusion. The common cyber services are internet banking, mobile banking, telephone banking and the like. Transaction structure, a kind of cyber-banking system, information security maturity of the existing measurement methodologies for research purposes, vulnerability diagnosis and risk analysis methodologies to be used in practical field present a comprehensive conclusion. To ensure safety and convenience for the user, convenient to deal with cyber environment is the key to the activation of cyber trading. Particularly by measuring the maturity of cyber banking system to ensure the safety of the practice field much effects are expected as a result.

• Management & Information Systems Review
• /
• v.33 no.2
• /
• pp.63-79
• /
• 2014

This study is based on the previous studies on m-commerce features, found factors that affects reliability and user's intention. After that, it examined how these factors influence the relationship between reliability and user's intention. In addition, this study showed that some factors have different influence on Korean and Chinese users in terms of reliability and user's intention. The main results of this study are as follows: (1) Personal innovation attributed to reliability in both Korea and China. Personal innovation also attributed to user's intention in Korea. (2) Localization, reach ability, security, and convenience had different influence on use and reliability in the two countries. (3) And the influences between reliability and user's intention are all positive both in Korea and China. Based on the result of this empirical study, this study reveal some implications for the firms that running with mobile business in both Korea and China.