• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.709-722
• /
• 2022

The recent "Log4j Security Vulnerability Incident" has occurred, and the information system that uses the open source "Log4J" has been exposed to vulnerabilities. The incident brought great vulnerabilities in the information systems of South Korea's major government agencies or companies and global information systems, causing problems with open source vulnerabilities. Despite the advantages of many advantages, the current development paradigm, which is developed using open source, can easily spread software security vulnerabilities, ensuring open source safety and reliability. You need to check the open source. However, open source vulnerability scan tools have various languages and functions. Therefore, the existing software evaluation criteria are ambiguous and it is difficult to evaluate advantages and weaknesses, so this paper has developed a new evaluation criteria for the vulnerability analysis tools of open source

• Journal of Information Management
• /
• v.40 no.1
• /
• pp.69-86
• /
• 2009

The biggest paradigm of the latest telecommunications is ubiquitous computing. It is a technology basis to realize ubiquitous society that would affect social, economical and cultural industries with positive influence. However, there is a simultaneous concern that the approach to ubiquitous society may violate one's privacy. Therefore, the existence of legal and technological regulation would be the biggest obstacle in further RFID technology and industry dissemination. Also, in business side, they must invest with enormous expense and technology if technological method is only approached for the solution. As in the research, 8 RFID applications, application process and inspection items and 85 appraisal list of "An impact assessment for the privacy protection in RFID applications" developed by P. K. Han(2006), will be used as an indicator to measure RFID privacy impact assessment. In addition, it is to develop RFID privacy impact assessment index by applying objective data with survey of applied specialists. This would provide a data with feasibility and reliability to RFID related companies and able to utilize policy making on RFID private data. In addition, it is expected to contribute as an efficiency tool for individual data to build basis of ubiquitous society.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.55-62
• /
• 2004

The computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion detection system has been an active research area to reduce the risk from intruders. A number of advantages of using mobile agent computing paradigms have been Proposed. These advantages include : overcoming network latency, reducing network load, executing asynchronously and autonomously, adapting dynamically, and operating in heterogeneous environments. Many information security models have been proposed to mitigate agent-to-agent. agent-to-platform, and platform-to-agent element risks . In these paper, We have an object which is that through intrusion detection system development, the mobile agent is managed and through the analysis of performance data. the best environment is served.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.01a
• /
• pp.317-319
• /
• 2021

최근 코로나 19가 장기화하면서, 비대면서비스로 대체되고 있는 한편, 의료분야에도 서비스 패러다임이 변화되고 있다. 특히, 국내의 법 제도적으로 묶여 있는 원격 의료서비스의 적용이 가능하고 상급종합병원에서는 비대면 진료서비스를 도입하고 있다. 본 논문에서 제안하는 비대면 원격판독시스템은 모바일 의료영상진단기기를 기반으로 의료사각지대에 있는 환자들의 영상촬영과 이에 대한 판독 서비스를 제공하기 위한 시스템이다. 제안한 시스템은 의료환경에 적용하기 위해 환자의 개인정보를 보호하고, 원격으로 환자의 영상 데이터를 판독하기 위한 시스템과 그 처리 과정을 보인다. 그리고 끝으로 구축된 시스템의 수행 결과를 보인다.

• Journal of Wetlands Research
• /
• v.18 no.1
• /
• pp.100-112
• /
• 2016

In recent, the direction of water resources policy is changing from the typical plan for water use and flood control to the sustainable water resources management to improve the quality of life. This change makes the information related to water resources such as data collection, management, and supply is becoming an important concern for decision making of water resources policy. We had analyzed the structured data according to the purpose of providing information on water resources. However, the recent trend is big data and cloud computing which can create new values by linking unstructured data with structured data. Therefore, the trend for the management of water resources information is also changing. According to the paradigm change of information management, this study tried to suggest an application of big data and cloud computing in water resources field for efficient management and use of water. We examined the current state and direction of policy related to water resources information in Korea and an other country. Then we connected volume, velocity and variety which are the three basic components of big data with veracity and value which are additionally mentioned recently. And we discussed the rapid and flexible countermeasures about changes of consumer and increasing big data related to water resources via cloud computing. In the future, the management of water resources information should go to the direction which can enhance the value(Value) of water resources information by big data and cloud computing based on the amount of data(Volume), the speed of data processing(Velocity), the number of types of data(Variety). Also it should enhance the value(Value) of water resources information by the fusion of water and other areas and by the production of accurate information(Veracity) required for water management and prevention of disaster and for protection of life and property.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.201-211
• /
• 2022

According to the recent change in the cybersecurity paradigm, research on anomaly detection methods using machine learning and deep learning techniques, which are AI implementation technologies, is increasing. In this study, a comparative study on data preprocessing techniques that can improve the anomaly detection performance of a GRU (Gated Recurrent Unit) neural network-based intrusion detection model using NGIDS-DS (Next Generation IDS Dataset), an open dataset, was conducted. In addition, in order to solve the class imbalance problem according to the ratio of normal data and attack data, the detection performance according to the oversampling ratio was compared and analyzed using the oversampling technique applied with DCGAN (Deep Convolutional Generative Adversarial Networks). As a result of the experiment, the method preprocessed using the Doc2Vec algorithm for system call feature and process execution path feature showed good performance, and in the case of oversampling performance, when DCGAN was used, improved detection performance was shown.

• The Journal of the Korea Contents Association
• /
• v.19 no.10
• /
• pp.179-189
• /
• 2019

Korea's transportation paradigm is shifting from a vehicle-centered to a pedestrian-oriented society. Therefore, the interest in pedestrian safety and the improvement of pedestrian environment is also increasing. However, the level of traffic safety in Korea is still severe. It is needed to improve pedestrian safety and pedestrian environment. This study studied pedestrian-vehicle accident data provided by the Traffic Accident Analysis System(TAAS) for 2013-2015 to build a safe walking environment around school zones, and the relation between the school zones and pedestrian-vehicle traffic accidents were identified through the geographic information system(GIS) and spatial regression model. The main results are as follows. First, both road and public transportation factors are likely to increase pedestrian traffic accidents in school zones. Second, regarding land-use factors, residential, commercial, and industrial areas are found to increase pedestrian traffic crashes. On the other hand, mixed use is likely to play a role on the reduction of pedestrian traffic accidents. Finally, it has been shown that high development density also has a positive effect on pedestrian traffic accidents in school zones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1399-1410
• /
• 2015

Gartner is requiring companies to considerably change their survival paradigms insisting that companies need to understand and provide again the upcoming era of data competition. With the revealing of successful business cases through statistic algorithm-based predictive analytics, also, the conversion into preemptive countermeasure through predictive analysis from follow-up action through data analysis in the past is becoming a necessity of leading enterprises. This trend is influencing security analysis and log analysis and in reality, the cases regarding the application of the big data analysis framework to large-scale log analysis and intelligent and long-term security analysis are being reported file by file. But all the functions and techniques required for a big data log analysis system cannot be accommodated in a Hadoop-based big data platform, so independent platform-based big data log analysis products are still being provided to the market. This paper aims to suggest a framework, which is equipped with a real-time and non-real-time predictive analysis engine for these independent big data log analysis systems and can cope with cyber attack preemptively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.667-678
• /
• 2016

Due to a development of the cable/wireless network infra, the traffic as big as unable to compare with the past is being served through the internet, the traffic is increasing every year following the change of the network paradigm such as the object internet, especially the traffic of about 1.6 zettabyte is expected to be distributed through the network in 2018. As the network traffic increases, the performance of the security infra is developing together to deal with the bulk terabyte traffic in the security equipment, and is generating hundreds of thousands of security events every day such as hacking attempt and the malignant code. Efficiently analyzing and responding to an event on the attack attempt detected by various kinds of security equipment of company is one of very important assignments for providing a stable internet service. This study attempts to overcome the limit of study such as the detection of Tor network traffic using the existing low-latency by classifying the anonymous network by means of the suggested algorithm about the event detected in the security infra.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.