• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• The Journal of the Korea Contents Association
• /
• v.22 no.1
• /
• pp.571-580
• /
• 2022

This study was a descriptive research to investigate clinical violence experience, response to violence experience, resilience and academic burnout and to identify the factors affecting the academic burnout among nursing students. The participants were 318 nursing students. who were recruited from the 2 Department of Nursing in B Metropolitan and 2 Department of Nursing in Gyeongsangnam-do. The structured questionnaire was self-administered from November 1 to 30, 2019. Data were analyzed through the SPSS/WIN 24.0 program using descriptive statistics, Independent t-test와 one-way ANOVA, Scheffe test, Pearson's correlation coefficient, and stepwise multiple regression. According to the results of this study, Mean score for academic burnout in nursing student was 2.58 out of 4 point. The factors of satisfaction with clinical practice(β=-.393, p<.001), satisfaction with nursing major(β=-.188, p<.001), responses to violence experience(β=.176, p<.001), perceived health status(β=-.156, p<.001) attacker(β=.135, p=.002), resilience(β=-.118, p=.016)were impact on the academic burnout level of nursing students. The total explanatory power accounted for 45.9%. In conclusion, since clinical practice satisfaction and major satisfaction are the factors that have the greatest influence on academic burnout, it is necessary to develop various educational strategies and a student counseling program to reduce negative reactions after experiencing violence and improve resilience. In addition, a qualitative study on the clinical violence experience, response to violence experience and academic burnout of nursing students is needed.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.25-36
• /
• 2023

Today, as AI (Artificial Intelligence) technology is introduced in various fields, including security, the development of technology is accelerating. However, with the development of AI technology, attack techniques that cleverly bypass malicious behavior detection are also developing. In the classification process of AI models, an Adversarial attack has emerged that induces misclassification and a decrease in reliability through fine adjustment of input values. The attacks that will appear in the future are not new attacks created by an attacker but rather a method of avoiding the detection system by slightly modifying existing attacks, such as Adversarial attacks. Developing a robust model that can respond to these malware variants is necessary. In this paper, we propose two methods of generating Adversarial attacks as efficient Adversarial attack generation techniques for improving Robustness in AI models. The proposed technique is the XAI-based attack technique using the XAI technique and the Reference based attack through the model's decision boundary search. After that, a classification model was constructed through a malicious code dataset to compare performance with the PGD attack, one of the existing Adversarial attacks. In terms of generation speed, XAI-based attack, and reference-based attack take 0.35 seconds and 0.47 seconds, respectively, compared to the existing PGD attack, which takes 20 minutes, showing a very high speed, especially in the case of reference-based attack, 97.7%, which is higher than the existing PGD attack's generation rate of 75.5%. Therefore, the proposed technique enables more efficient Adversarial attacks and is expected to contribute to research to build a robust AI model in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.787-799
• /
• 2023

As IoT devices are widely used at home, IoT automation system that is integrate IoT devices for users' demand are gaining populrity. There is automation rule in IoT automation system that is collecting event and command action. But attacker delay the packet and make time that real state is inconsistent with state recongnized by the system. During the time, the system does not work correctly by predefined automation rule. There is proposed some detection method for delay attack, they have limitations for application to IoT systems that are sensitive to traffic volume and battery consumption. This paper proposes a practical packet delay attack detection technique that can be applied to IoT systems. The proposal scheme in this paper can recognize that, for example, when a sensor transmits an message, an broadcast packet notifying the transmission of a message is sent to the Server recognized that event has occurred. For evaluation purposes, an IoT system implemented using Raspberry Pi was configured, and it was demonstrated that the system can detect packet delay attacks within an average of 2.2 sec. The experimental results showed a power consumption Overhead of an average of 2.5 mA per second and a traffic Overhead of 15%. We demonstrate that our method can detect delay attack efficiently compared to preciously proposed method.

• Korean Journal of Applied Biomechanics
• /
• v.17 no.2
• /
• pp.207-216
• /
• 2007

The purpose of this study was to biomechanical analysis Judo's Kuzushi throwing motion in order to increase the effectiveness of Nage-waja(throwing technique). The Tori was a Judo player with 18 years experience(4th degree) while the Uke was a player with 2 years experience(1st degree). The kinematic data was captured using the Vicon motion system (7 cameras) and the kinetics were recorded by force plates(2 AMTI). The following were the results; While leaning to the front the subject's trunk's angle was $14.5^{\circ}$, the lower limbs angle was $23.8^{\circ}$, knee angle was $179.6^{\circ}$ and the vertical reaction of the left leg was 325.42N(BW 0.34) and the right leg was 233.7N(BW 0.47). While leaning back the subject's trunk's angle was $11.3^{\circ}$, the lower limbs angle was $4.1^{\circ}$, knee angle was $1761^{\circ}$ and the vertical reaction of the left leg was 299.53N(BW 0.43) and the right leg was 441.7N(BW 0.64). While leaning to the left the subject's trunk's angle was $30.8^{\circ}$, the lower limbs angle was $2.7^{\circ}$, knee angle was $175.2^{\circ}$ and the vertical reaction of the left leg was 711N(BW 1.03) and the right leg was 9.2N(BW 0.01). While leaning to the right the subject's trunk's angle was $36.5^{\circ}$, the lower limbs angle was $10.4^{\circ}$, knee angle was $175.2^{\circ}$ and the vertical reaction of the left leg was 13.2N(BW 0.02) and the right leg was 694.7N(BW 1.01). While leaning to the left front corner the subject's trunk's angle was $19.8^{\circ}$ (front) and $15.1^{\circ}$ (left), the lower limbs angle was $17.8^{\circ}$ (front) and $2.4^{\circ}$ (left), knee angle was $177.8^{\circ}$ (front) and $173.9^{\circ}$(left), and the vertical reaction of the left leg was 547.4N(BW 0.8) and the right leg was 117.8N(BW 0.17). While leaning to the right front corner the subject's trunk's angle was $15.4^{\circ}$ (front) and $17.7^{\circ}$ (right), the lower limbs angle was $21.1^{\circ}$, (front) and $5.7^{\circ}$ (right), knee angle was $175.5^{\circ}$ (front) and $178.9^{\circ}$(right), and the vertical reaction of the left leg was 53N(BW 0.08) and the right leg was 622.4N(BW 09). While leaning to the left rear corner the subject's trunk's angle was $9.2^{\circ}$ (back) and $13.8^{\circ}$ (left), the lower limbs angle was $2^{\circ}$, (back) and $5.7^{\circ}$ (left), knee angle was $175.5^{\circ}$ (back) and $172.8^{\circ}$(left), and the vertical reaction of the left leg was 698.2N(BW 1.02) and the right leg was 49.6N(BW 0.07). While leaning to the right rear corner the subject's trunk's angle was $8.9^{\circ}$ (back) and $19.6^{\circ}$ (right), the lower limbs angle was ${0.6^{\circ}}_"$ (back) and $3.1^{\circ}$ (right), knee angle was $174.6^{\circ}$ (back) and $175.6^{\circ}$(right), and the vertical reaction of the left leg was 7.2N(BW 0.01) and the right leg was 749.4N(BW 1.09). It was observed that during the Judo motion Kuzushii the range of the COM varied from $26.5{\sim}39.9cm$. It was concluded that the upper body leaned further than the lower body as there was knee extension. There was high left leg reaction forces while leaning to the left and likewise for the right side. It was therefore deduced that the Kuzushi was a more effective throwing technique for the left side.

• Journal of Intelligence and Information Systems
• /
• v.26 no.3
• /
• pp.37-50
• /
• 2020

Information security has become an important issue in the world. Various information and communication technologies, such as the Internet of Things, big data, cloud, and artificial intelligence, are developing, and the need for information security is increasing. Although the necessity of information security is expanding according to the development of information and communication technology, interest in information security investment is insufficient. In general, measuring the effect of information security investment is difficult, so appropriate investment is not being practice, and organizations are decreasing their information security investment. In addition, since the types and specification of information security measures are diverse, it is difficult to compare and evaluate the information security countermeasures objectively, and there is a lack of decision-making methods about information security investment. To develop the organization, policies and decisions related to information security are essential, and measuring the effect of information security investment is necessary. Therefore, this study proposes a method of constructing an investment portfolio for information security measures using game theory and derives an optimal defence probability. Using the two-person game model, the information security manager and the attacker are assumed to be the game players, and the information security countermeasures and information security threats are assumed as the strategy of the players, respectively. A zero-sum game that the sum of the players' payoffs is zero is assumed, and we derive a solution of a mixed strategy game in which a strategy is selected according to probability distribution among strategies. In the real world, there are various types of information security threats exist, so multiple information security measures should be considered to maintain the appropriate information security level of information systems. We assume that the defence ratio of the information security countermeasures is known, and we derive the optimal solution of the mixed strategy game using linear programming. The contributions of this study are as follows. First, we conduct analysis using real performance data of information security measures. Information security managers of organizations can use the methodology suggested in this study to make practical decisions when establishing investment portfolio for information security countermeasures. Second, the investment weight of information security countermeasures is derived. Since we derive the weight of each information security measure, not just whether or not information security measures have been invested, it is easy to construct an information security investment portfolio in a situation where investment decisions need to be made in consideration of a number of information security countermeasures. Finally, it is possible to find the optimal defence probability after constructing an investment portfolio of information security countermeasures. The information security managers of organizations can measure the specific investment effect by drawing out information security countermeasures that fit the organization's information security investment budget. Also, numerical examples are presented and computational results are analyzed. Based on the performance of various information security countermeasures: Firewall, IPS, and Antivirus, data related to information security measures are collected to construct a portfolio of information security countermeasures. The defence ratio of the information security countermeasures is created using a uniform distribution, and a coverage of performance is derived based on the report of each information security countermeasure. According to numerical examples that considered Firewall, IPS, and Antivirus as information security countermeasures, the investment weights of Firewall, IPS, and Antivirus are optimized to 60.74%, 39.26%, and 0%, respectively. The result shows that the defence probability of the organization is maximized to 83.87%. When the methodology and examples of this study are used in practice, information security managers can consider various types of information security measures, and the appropriate investment level of each measure can be reflected in the organization's budget.

• Korean Security Journal
• /
• no.29
• /
• pp.163-191
• /
• 2011

Recently, the problems in school violence did not stop on the crime between the members at the school and which developed into the invasion crime of the school caused by outsiders. The school is no more the safety zone from the crime. Particularly, in the case of the elementary school, because there are nearly no people who oppose to the outside attacker and can control this, it is the place where it is vulnerable to the invasion crime. The Metropolis of Seoul implements the School Sheriff system within the jurisdiction bureau, in the public elementary school. However, actually the School Sheriff business is being managed, never applying a rule in the Security Industry Law with the main content, that is the Security Industry Law application is excluded. Because the jurisdiction on the contract of Seoul City and operating company are run, the various issues is caused. First, since it is not being considered as a security business, the commercial liability insurance for security company has no chance to applicate when the operation company and the School Sheriff have related damage generation. So the security for the indemnification of loss of the victim is weak. Second, The task of the School Sheriff is ruled just by in the individual contracts. But it is insufficient with this thing. The related duties are required some supplement like a general rule application including the obligation of the guard in the security industry law. Third, the education of the School Sheriff needs to connect with the educational programme in the security industry law. The related professional education specially needed for the prevention of school violence ought to be reserved compensation. Forth, the citizens still demand the strengthening of police patrol for the surroundings of a school in spite of the result of Seoul City's public survey. Therefore, the active relation of cooperation with the police needs to be supported legally and institutionally with the Security Industry Law application. Fifthly, the success of the School Sheriff business can be more guaranteed with the supervision of the legal and institutional device like a the Security Industry Law application or police and all sorts of administrative execution's and etc.