• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.12 no.1
• /
• pp.59-68
• /
• 2014

The public's access to the disposal facilities should be restricted during the institutional control period. Even after the institutional control period, disposal facilities should be designed to protect radiologically against inadvertent human intruders. This study is to assess the effective dose equivalent to the inadvertent intruder after the institutional control period thorough the GENII. The disposal unit was allocated with different kind of radioactive waste and the effects of the radiation dose to inadvertent intruder were evaluated in accordance with the institutional control period. As a result, even though there is no institutional control period, all were satisfied with the regulatory guide, except for the disposal unit with only spent filter. However, the disposal unit with only spent filter was satisfied with the regulatory guide after the institutional control period of 300 years. But the disposal unit with spent filter mixed with dry active waste could shorten the institutional control period. So the institutional control period can be reduced through the mixing the other waste with spent filter in disposal unit. Therefore, establishing an appropriate plan for the disposal unit with spent filter and other radioactive waste will be effective for radiological safety and reduction of the institutional control period, rather than increasing the institutional control period and spending costs for the maintenance and conservation for the disposal unit with only spent filter.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.1
• /
• pp.459-466
• /
• 2011

In this paper, we proposed a data mining framework for the management of alerts in order to improve the performance of the intrusion detection systems. The proposed alert data mining framework performs alert correlation analysis by using mining tasks such as axis-based association rule, axis-based frequent episodes and order-based clustering. It also provides the capability of classify false alarms in order to reduce false alarms. We also analyzed the characteristics of the proposed system through the implementation and evaluation of the proposed system. The proposed alert data mining framework performs not only the alert correlation analysis but also the false alarm classification. The alert data mining framework can find out the unknown patterns of the alerts. It also can be applied to predict attacks in progress and to understand logical steps and strategies behind series of attacks using sequences of clusters and to classify false alerts from intrusion detection system. The final rules that were generated by alert data mining framework can be used to the real time response of the intrusion detection system.

• Proceedings of KOSOMES biannual meeting
• /
• 2007.11a
• /
• pp.87-89
• /
• 2007

선행 연구개발한 집단감시 디지털 시스템(Group Digital Surveillance System for Fishery Safety and Security, GDSS- F2S)은 대단위 양식장에 침입하는 도적을 방어하기 위하여 레이더 추적정보와 적아식별 정보를 제공하는 시스템이다. 그러나 GDSS-F2S에서 제공하는 두 가지 정보만으로는 도적행위를 입증할 수 있는 법적 증거자료로 미흡하다. 본 논문에서는 이러한 문제점 해결방안의 하나로 CCD 카메라를 이용한 영상획득 장치를 개발하여 GDSS-F2S에 부가한 연구내용을 기술한다. 영상획득 장치 개발에 앞서, 실험지역의 지리적인 특성을 고려한 도적침입 예상경로 분석과 도적행위 시나리오를 기반으로 유효한 대응수단을 검토한 결과, 영상획득 장치가 유효한 대응수단임을 확인하였다. 영상획득 장치는 저가이변서 성능이 우수한 0.0001 룩스의 초저조도 CCD 카메라와 부가장치를 이용하여 개발하였다. 6개월 이상의 장기 현장실험을 통하여 본 연구에서 개발한 시스템을 평가한 결과, 주간은 물론 1 미터 앞도 식별할 수 없는 야간에도 차량의 행동과 번호판 및 사람의 행동과 인상착의 등의 영상정보를 확보할 수 있었다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.847-849
• /
• 2002

인공면역시스템에서 중요한 특징중의 하나는 지속적으로 변화하는 환경에서 자기(self)의 유동적인 패턴을 동적으로 학습하고 비자기(non-self)에 대한 새로운 패턴을 예측하는데 있다. 본 논문은 자기적 용(self-adaptation)의 인공면역체계 특성을 기반으로하여 설계된 dynamics(동적 클론선택 알고리즘, dynamic clonal selection algorithm)의 역할을 논한다. 시스템의 세가지 중요한 변수인 자기내성 기간(Tolerisation Period). 연역 반응 임계값(activation threshold). 수명(life span)에 따라 변화하는 dynamics의 성능을 네트워크 침입에서 흔히 발견되는 시나리오를 모의실험하여 평가한다

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.353-355
• /
• 2012

본 논문에서는 지능형 감시 시스템을 위한 3가지 이상행위 검출 방법을 제안한다. 단순히 직접 감시나 센서에 의존한 문제점 검출이 아닌 비전 기반 기술을 적용하여 특정지역 및 모든 감시구역에 대하여 객체의 이상 행동을 감지하는 방법들을 소개한다. 제안하는 이상행위의 분류는 배회, 도주, 특정 감시 지역 침입 3가지로 정의한다. 휘도 기반의 평균 배경 모델링 방법을 통하여 움직임 물체를 검출하고, 검출된 객체를 분석(위치, 크기, 방향, 속도) 및 정의한다. 이때 이상행위의 판단에 따라 정의된 시나리오 환경으로 구성하고 분석하였다. 제안하는 방법은 실험에 사용된 3가지 이상행위에 대해 1초 안에 검출되는 것을 보였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.530-533
• /
• 2014

IT 산업의 발전과 함께 Big-Data 와 보안은 빠른 속도로 발전하고 정보보호를 위해 다양한 시스템을 구축하는 것보다는 이를 연계하고 활용하는 것이 중요한 시대가 도래하였다. 한 기업이 가지고 있는 기업정보유출사고 등 다양한 해킹공격 또한 꾸준하게 증가되고 있다. 더불어 경제적 사회적인 손실이 증가되면서 국가 및 기업 상위 감사 기관은 정보보호 관련 법 제도를 제정하고 이를 강화하여 개정 하고 있다. 하지만, 물리적, 관리적, 기술적으로 연계된 통합 보안 관리 체계가 제대로 구현되지 않는다면 다양한 취약점을 통하여 기업 정보는 언제든 유출 될 수 있다. 본 논문에서는 기업에서 기 운영중인 정보보안 솔루션과 물리보안 솔루션이 효과적으로 통합 보안 관제가 가능한 IMP 플랫폼 구성설계 방안과 불법 침입 및 보안 사고 탐지를 위한 복합시나리오 설계 방안을 제시하여 실 적용 효과를 알아보고 향후 연구 방향을 제시하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.101-108
• /
• 2022

We propose an intrusion detection model that detects denial-of-service(DoS) and distributed reflection denial-of-service(DRDoS) attacks, based on the empirical data of each internet of things(IoT) device by training system and network metrics that can be commonly collected from various IoT devices. First, we collect 37 system and network metrics from each IoT device considering IoT attack scenarios; further, we train them using six types of machine learning models to identify the most effective machine learning models as well as important metrics in detecting and distinguishing IoT attacks. Our experimental results show that the Random Forest model has the best performance with accuracy of over 96%, followed by the K-Nearest Neighbor model and Decision Tree model. Of the 37 metrics, we identified five types of CPU, memory, and network metrics that best imply the characteristics of the attacks in all the experimental scenarios. Furthermore, we found out that packets with higher transmission speeds than larger size packets represent the characteristics of DoS and DRDoS attacks more clearly in IoT networks.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.6 no.4
• /
• pp.329-346
• /
• 2008

Post-closure safety assessment for the Wolsong Low- and Intermediate-level radioactive waste Disposal Center is described. Based on assessment context, closure concept and ground water flow characteristics of the disposal site, brief descriptions are included on the assessment scenarios, models, input parameters and tools. Radionuclide transport modeling in the near-field and far-field, gas generation and transport modeling, human intrusion and biosphere transport are also described briefly. Assessment results for each scenarios are shown to meet the performance criteria of regulatory body. Further and continuous efforts to improve the safety of disposal facility will be made during the construction and operational period.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.9
• /
• pp.1313-1318
• /
• 2013

In order to actively respond to cyber attacks, not only the security systems such as IDS, IPS, and Firewalls, but also ESM, a system that detects cyber attacks by analyzing various log data, are preferably deployed. However, as the attacks be come more elaborate and advanced, existing signature-based detection methods start to face their limitations. In response to that, researches upon symptom detection technology based on attack modeling by employing big-data analysis technology are actively on-going. This symptom detection technology is effective when it can accurately extract features of attacks and manipulate them to successfully execute the attack modeling. We propose the ways to extract attack features which can play a role as the basis of the modeling and detect intelligent threats by carrying out scenario-based modeling.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.149-162
• /
• 2004

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.