• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1217-1224
• /
• 2015

Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.541-547
• /
• 2019

Recent developments in hacking technology are continuing to increase the number of new security vulnerabilities. Approximately 80,000 new vulnerabilities have been registered in the Common Vulnerability Enumeration (CVE) database, which is a representative vulnerability database, from 2010 to 2015, and the trend is gradually increasing in recent years. While security vulnerabilities are growing at a rapid pace, responses to security vulnerabilities are slow to respond because they rely on manual analysis. To solve this problem, there is a need for a technology that can automatically detect and patch security vulnerabilities and respond to security vulnerabilities in advance. In this paper, we propose the technology to extract the features of the vulnerability-discovery target binary through complexity analysis, and select a vulnerability-discovery strategy suitable for the feature and automatically explore the vulnerability. The proposed technology was compared to the AFL, ANGR, and Driller tools, with about 6% improvement in code coverage, about 2.4 times increase in crash count, and about 11% improvement in crash incidence.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.246-250
• /
• 2008

This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Journal of Forest and Environmental Science
• /
• v.28 no.2
• /
• pp.106-117
• /
• 2012

In an effort to analyze the impact of climate change, Gangwon provincial forest was divided into three sectors; forest ecology, forest disaster, and forest productivity and analysis of their current status from 2000 to 2009 and vulnerability assessment by climate change has been carried in this study. In case of vulnerability assessment, except for the forest ecology, forest disaster (forest fires and forest pests) and forest productivity sectors were analyzed in current status, the year of 2020, and 2050. It turned out that vulnerability of forest fires in the field of disaster would become worse and forest pests also would make more impact even though there is some variation in different areas. In case of the vulnerability of forest productivity there would be not a big difference in the future compared with current vulnerability. Systematic research on the sensitivity index used for vulnerability assessment is necessary since vulnerability assessment result greatly depends on the use of climate exposure index and adaptive capacity index.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.57 no.1
• /
• pp.59-67
• /
• 2015

Because reservoirs that supply irrigation water play an important role in water resource management, it is necessary to evaluate the vulnerability of this particular water supply resource. The purpose of this study is to provide water supply risk maps of agricultural reservoirs in South Korea using irrigation vulnerability model and cluster analysis. To quantify water supply risk, irrigation vulnerability indices are estimated to evaluate the performance of the water supply on the agricultural reservoir system using a probability theory and reliability analysis. First, the irrigation vulnerability probabilities of 1,346 reservoirs managed by Korea Rural Community Corporation (KRC) were analyzed using meteorological data on 54 meteorological stations over the past 30 years (1981-2010). Second, using the K-mean method of non-hierarchical cluster analysis and pre-simulation approach, cluster analysis was applied to classify into three groups for characterizing irrigation vulnerability in reservoirs. The morphology index, watershed area, irrigated area, and ratio between watershed and irrigated area are selected as the clustering analysis parameters. It is suggested that the water supply risk map be utilized as a basis for the establishment of risk management measures, and could provide effective information for a reasonable decision making on drought risk mitigation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.277-280
• /
• 2010

Network based on the OSI 7 Layer communication protocol is implemented, and the Internet TCP / IP Layer Based on the vulnerability is discovered and attacked. In this paper, using the programs on the network Layer Scanning conducted by the Layer-by each subsequent vulnerability analysis. Layer by Scanning each vulnerability analysis program to analyze the differences will be studied. Scanning for the studies in the program reflects the characteristics of the Scanning Features of way, and security countermeasures by each Layer is presented. The results of this study was to analyze its vulnerability to hackers and security for defense policy as the data is utilized to enhance the security of the network will contribute.

• Journal of Korea Planning Association
• /
• v.53 no.7
• /
• pp.87-107
• /
• 2018

With more than 10 million inhabitants, in particular, Seoul, the capital of Korea, has already experienced a number of severe heat wave. To alleviate the potential impacts of heat wave and the vulnerability to heat wave, policy-makers have generally considered the option of heat wave strategies containing adaptation elements. From the perspective of sustainable planning for adaptation to heat wave, the objective of this study is to identify the elements of vulnerability and assess heat wave-vulnerability at the dong level. This study also performs an exploratory investigation of the spatial pattern of vulnerable areas in Seoul to heat wave by applying exploratory spatial data analysis. Then this study attempts to select areas with the relatively highest and lowest level of adaptive capacity to heat wave based on an framework of climate change vulnerability assessment. In our analysis, the adaptive capacity is the relatively highest for Seongsan-2-dong in Mapo and the relatively lowest for Changsin-3-dong in Jongno. This study sheds additional light on the spatial patterns of heat wave-vulnerability and the relationship between adaptive capacity and heat wave.

• Journal of Environmental Impact Assessment
• /
• v.26 no.3
• /
• pp.171-180
• /
• 2017

The vulnerability analysis of climate change driven disaster has been used as institutional framework for the urban policies of disaster prevention since 2012. However, some problems have occurred due to the structure of vulnerability analysis, such as overweighted variables and duplicated application of variables of similar meaning. The goal of this study is to examine the differences of results between the method of current guideline and the method of weight equalization. For this, we examines the current structural framework of the vulnerability analysis, and performs empirical analysis. As a result, the extent and magnitude of vulnerability showed different spatial patterns depending on the weighting methods. Standardized weighting method relatively represented wider vulnerable areas compared to the pre-existing method which follows the current instruction manual. To apply the results of vulnerability analysis to urban planning process for disaster prevention, this study suggests that the reliability of the results should be ensured by improving analytical framework and detailed review of the results.

• Journal of Korean Society of Water and Wastewater
• /
• v.33 no.5
• /
• pp.341-351
• /
• 2019

The purpose of this study was to evaluate vulnerability of drought in small island areas. Vulnerability assessment factors of drought were selected by applying the factor analysis. Ninety Eup/Myon areas in small island were evaluated to vulnerability of drought by entropy method adapting objective weights. Vulnerability consisted of climate exposure, sensitivity, and adaptive capacity. A total of 22 indicators were used to evaluate and analyze vulnerability of drought in small island areas. The results of entropy method showed that winter rainfall, no rainfall days, agricultural population rate, cultivation area rate, water supply rate and groundwater capacity have a significant impact on drought assessment. The overall assessment of vulnerability indicated that Seodo-myeon Ganghwa-gun, Seolcheon-myeon Namhae-gun and Samsan-myeon Ganghwa-gun were the most vulnerable to drought. Especially Ganghwa-gun should be considered policy priority to establish drought measures in the future, because it has a high vulnerability of drought.