• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Structural Engineering and Mechanics
• /
• v.41 no.4
• /
• pp.527-538
• /
• 2012

In seismic analyses of structures, additional eccentricity is introduced to take account for oscillations of random and unknown origins. In many codes of practice, the torsion about the vertical axis is considered through empirical accidental eccentricity formulation. Due to the random nature of structural systems, it is very difficult to evaluate the accidental eccentricity in a deterministic way and to specify its effect on the overall seismic response of structures. The aim of this study is to develop a procedure for the evaluation of the accidental eccentricity induced by uncertainties in stiffness and mass of structural members, using the neural network techniques coupled with Monte Carlo simulations. This method gives very interesting results for single story structures. For real structures, this method can be used as a tool to determine the accidental eccentricity in the seismic vulnerability studies of buildings.

• Journal of Research and Publication Ethics
• /
• v.4 no.1
• /
• pp.15-21
• /
• 2023

Purpose: Psychological and clinical studies targeting children and adolescents have become increasingly important in recent years as researchers strive to understand better the psychological and physiological development of children and teens. The purpose of the study is to explore significant research ethics on the psychological and clinical study targeting children and adolescents. In addition to these ethical considerations, international and national codes of ethics and regulatory bodies guide ethical research practices with children and adolescents. Research design, data, and methodology: The present study used the qualitative textual collection through investigating the past and current literature review. Numerous prior studies have conducted this research design to obtain the right prior studies. Results: Previous Research has indicated there are four research ethics on the psychological and clinical study targeting children and adolescents. (1) Respect for autonomy, (2) Respect for privacy and confidentiality, (3) Respect for vulnerability, (4). Respect for beneficence. Conclusions: In conclusion, research ethics are essential for protecting children and adolescents when conducting psychological and clinical studies. In the future, research should focus on developing innovative methods to ensure the safety of children and adolescents while still allowing them to participate in research.

• Journal of Navigation and Port Research
• /
• v.41 no.3
• /
• pp.165-172
• /
• 2017

Current scenarios for marine spill accidents were developed based on probable maximum spill accidents. However,, accidents of similar scale to maximum spill accidents are virtually non-existent, and training or deployment of response equipment based on these scenarios can be cost prohibitive. Current scenarios require realism for practical use and need to be designed for purpose of use. In this study we developed scenarios that may replace current scenarios by using the HNS accident standard codes based on past accident cases. Scenarios were developed by modularizing the HNS accident standard code, that is classified into three scenarios: Maximum Frequency Scenario, Maximum Damage Scenario, and Maximum Vulnerability Scenario. The situation of an accident presented in each scenario developed in this process is much like a real accident, and therefore, it is has practical application.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5642-5670
• /
• 2017

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.

• The Journal of the Korea Contents Association
• /
• v.10 no.1
• /
• pp.46-58
• /
• 2010

The user valence of VoIP services with SIP protocol is increasing rapidly because of cheap communication cost and its conveniency. But attacker can easily modify the packet contents of SIP protocol as SIP header is transmitted by using UDP methods in text form. The reason is that SIP protocols does not provide an authentication function on the transmission session. Therefore, existing SIP protocol is very weak on SIP Packet Flooding attack etc. In order to solve like this kinds of SIP vulnerabilities, we used SIP status codes under the monitoring module for detecting SIP Flooding attacks and additionally proposed an advanced protocol where the authentication and security function is strengthened about SIP packet. We managed SIP session spontaneously in order to strengthen security with SIP authentication function and to solve the vulnerability of SIP protocol. The proposed mechanism can securely send SIP packet to solves the security vulnerability with minimum traffic transmission. Also service delay in SIP proxy servers will be minimized to solve the overload problem on SIP proxy server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.3-12
• /
• 2005

To provide visitors with the various services, Many web sites distribute many ActiveX controls to them because ActiveX controls can overcome limits of HTML documents and script languages. However, PC can become dangerous if it has unsecure ActiveX controls, because they can be executed in HTML documents. Nevertheless, many web sites provide visitors with ActiveX controls whose security are not verified. Therefore, the verification is needed by third party to remove vulnerabilities in ActiveX controls. In this paper, we introduce the process and the technique to fad vulnerabilities. The existing proof codes are not valid because ActiveX controls are different from normal application and domestic environments are different from foreign environments. In this paper, we introduce the technique to prove vulnerabilities in ActiveX control.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.4
• /
• pp.226-238
• /
• 2010

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

• Computers and Concrete
• /
• v.19 no.3
• /
• pp.283-291
• /
• 2017

A large number of residential buildings in regions subjected to severe earthquakes do not have enough load carrying capacity. The most of them have been constructed without receiving any structural engineering attention. It is practically almost impossible to perform detailed experimental evaluation and analytical analysis for each building to determine their seismic vulnerability, because of time and cost constraints. This fact points to a need for a simple evaluation method that focuses on selection of buildings which do not have the life safety performance level by adopting the main requirements given in the seismic codes. This paper deals with seismic assessment of existing reinforced concrete residential buildings and contains an alternative simplified procedure for seismic evaluation of buildings. Accuracy of the proposed procedure is examined by taking into account existing 250 buildings. When the results of the proposed procedure are compared with those of the detailed analyses, it can be seen that the results are quite compatible. It is seen that the accuracy of the proposed procedure is about 80% according to the detailed analysis results of existing buildings. This accuracy percentage indicates that the proposed procedure in this paper can be easily applied to existing buildings to predict their seismic performance level as a first approach before implementing the detailed and complex analyses.

• Earthquakes and Structures
• /
• v.4 no.3
• /
• pp.241-264
• /
• 2013

Since the beginning of the twentieth century, the progressive and rapid spread of reinforced concrete (RC) has led to the adoption of mixed masonry-RC solutions, such as the confined masonry. However, together with structures conceived with a definite role for earthquake behaviour, the spreading of RC technology has caused the birth of mixed solutions inspired more by functional aspects than by structural ones, such as: internal masonry walls replaced by RC frames, RC walls inserted to build staircases or raising made from RC frames. Usually, since these interventions rise from a spontaneous build-up, any capacity design or ductility concepts are neglected being designed only to bear vertical loads: thus, the vulnerability assessment of this class becomes crucial. To investigate the non-linear seismic response of these structures, suitable models and effective numerical tools are needed. Among the various modelling approaches proposed in the literature and codes, the authors focus their attention on the equivalent frame model. After a brief description of the adopted model and its numerical validation, the authors aim to point out some specific peculiarities of the seismic response of mixed masonry-RC structures and their repercussions on safety verification procedures (referring in particular way to the non-linear static ones). In particular, the results of non-linear static analyses performed parametrically to various configurations representative of different interventions are discussed.