• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1462-1464
• /
• 2008

본 논문에서는 정보시스템 운영시 발생하는 사용자 취약성(Human Vulnerability) 문제의 심각성에 대해 알아보고 이를 개선하기 위한 교육 및 훈련 프로그램을 다루고 있는 기존 관련 연구들을 조사 분석 한다. 아울러 기존 연구에서 보완되어야 할 개선 요구사항 들을 도출하여 향후 효과적인 취약성 개선 프로그램 제공을 위한 가상머신에 기반한 보안 훈련장 시스템 아키텍쳐를 제안한다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.170-178
• /
• 2024

Through the growth of the fifth-generation networks and artificial intelligence technologies, new threats and challenges have appeared to wireless communication system, especially in cybersecurity. And IoT networks are gradually attractive stages for introduction of DDoS attacks due to integral frailer security and resource-constrained nature of IoT devices. This paper emphases on detecting DDoS attack in wireless networks by categorizing inward network packets on the transport layer as either "abnormal" or "normal" using the integration of machine learning algorithms knowledge-based system. In this paper, deep learning algorithms and CNN were autonomously trained for mitigating DDoS attacks. This paper lays importance on misuse based DDOS attacks which comprise TCP SYN-Flood and ICMP flood. The researcher uses CICIDS2017 and NSL-KDD dataset in training and testing the algorithms (model) while the experimentation phase. accuracy score is used to measure the classification performance of the four algorithms. the results display that the 99.93 performance is recorded.

• Journal of Information Technology Applications and Management
• /
• v.26 no.3
• /
• pp.1-18
• /
• 2019

As technology rapidly develops, the demand for manpower by new industries is increasing. In order to respond to the changing demands of the workforce, universities are actively introducing interdisciplinary majors, which is a program formed by two or more departments cooperating to develop new majors. Although the importance of the interdisciplinary major is increasing, universities have difficulties managing them due to non-flexible educational systems. The purpose of this study is to present an effective management direction for interdisciplinary majors based on the results of a survey on student satisfaction with interdisciplinary majors. Also, we analyzed the required level and possessed level of the IS practitioners' competencies, and developed specific educational directions for training IS talents. The results showed that there was a significant difference in satisfaction with the curriculum development and curriculum evaluation of existing subjects provided by existing departments and new subjects established of interdisciplinary majors, specifically the satisfaction of new subjects is higher than existing subjects. In the IS field, there was a high demand for education in the following areas, in order: information security, information technology strategy planning, information technology operation, information technology development, information technology management, information technology sales, and core competencies. Based on the results of the analysis, the satisfaction of students and the cultivation of the talents that the interdisciplinary major aims to develop can be improved.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.89-96
• /
• 2023

Intrusion detection has been widely studied in both industry and academia, but cybersecurity analysts always want more accuracy and global threat analysis to secure their systems in cyberspace. Big data represent the great challenge of intrusion detection systems, making it hard to monitor and analyze this large volume of data using traditional techniques. Recently, deep learning has been emerged as a new approach which enables the use of Big Data with a low training time and high accuracy rate. In this paper, we propose an approach of an IDS based on cloud computing and the integration of big data and deep learning techniques to detect different attacks as early as possible. To demonstrate the efficacy of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities, using a convolutional neural network (CNN-IDS) with the distributed computing environment Apache Spark, integrated with Keras Deep Learning Library. We study the performance of the model in two categories of classification (binary and multiclass) using CSE-CIC-IDS2018 dataset. Our system showed a great performance due to the integration of deep learning technique and Apache Spark engine.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.71-82
• /
• 2024

With the advancement of information and communication technology (ICT), the use of electronic document types such as PDF, MS Office, and HWP files has increased. Such trend has led the cyber attackers increasingly try to spread malicious documents through e-mails and messengers. To counter such attacks, AI-based methodologies have been actively employed in order to detect malicious document files. The main challenge in detecting malicious HWP(Hangul Word Processor) files is the lack of quality dataset due to its usage is limited in Korea, compared to PDF and MS-Office files that are highly being utilized worldwide. To address this limitation, data augmentation have been proposed to diversify training data by transforming existing dataset, but as the usefulness of the augmented data is not evaluated, augmented data could end up harming model's performance. In this paper, we propose an effective semi-supervised learning technique in detecting malicious HWP document files, which improves overall AI model performance via quantifying the utility of augmented data and filtering out useless training data.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.179-197
• /
• 2023

As a sufficient workforce supports the industry's growth, workforce training has also been carried out as part of the industry promotion policy. However, the market still has a shortage of skilled mid-level workers. The information security disclosure requires organizations to secure personnel responsible for information security work. Still, the division between information technology work and job areas is unclear, and the pay is not high for responsibility. This paper compares job keywords in advertisements for the information security workforce for 2014, 2019, and 2022. There is no difference in the keywords describing the job duties of information security personnel in the three years, such as implementation, operation, technical support, network, and security solution. To identify the actual needs of companies, we also analyzed and compared the contents of job advertisements posted on online recruitment sites with information security sector knowledge and skills defined by the National Competence Standards used for comprehensive vocational training. It was found that technical skills such as technology development, network, and operating system are preferred in the actual workplace. In contrast, managerial skills such as the legal system and certification systems are prioritized in vocational training.