• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권4호
• /
• pp.1887-1898
• /
• 2018

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.

• 융합보안논문지
• /
• 제15권5호
• /
• pp.77-86
• /
• 2015

조직은 고객 정보 유출과 관련된 비즈니스 위험을 최소화하고, 자발적인 사전 검사를 통해 정보 보안 활동을 강화하고 부주의 방치 사고에 의한 개인 정보의 누출을 검출하는 방법을 발견해야 한다. 최근 많은 기업들이 정보유출방지솔루션을 도입하였으나, 업무산 필요에 의한 허용된 권한을 가진 내부 사용자에 의한 유출가능성이 존재한다. 이에 정보취급행위 및 활동에 대한 정보를 수집하여 분석할 수 있는 환경이 필요하다. 본 연구에서는 내부자의 활동 수준을 평가하기 위해서 RFM 모델을 응용한 SFI 분석기법을 활용, 실제 기업에 적용하여 사례 연구를 수행하였다.

• 융합보안논문지
• /
• 제15권6_2호
• /
• pp.3-10
• /
• 2015

최근 발생한 대규모 정보유출사고나 주요 보안사고 사례를 살펴보면, 내부자에 의한 보안위협이 급증하고 있음을 알 수 있다. 특히 권한 있는 내부자에 의해 발생한 보안사고는 외부에서의 침입행위보다 훨씬 치명적인 결과를 초래하고 있어, 내부자 위협을 실시간으로 모니터링하면서 정보유출이나 보안사고를 조기에 차단할 수 있는 체계 도입의 필요성이 증가하고 있다. 이에 본 논문에서는 내부자위협통합관리체계(EITMS : Enterprise Insider-Threats Management System)를 제안한다. EITMS는 직무와 역할 및 개인 활동에 근거한 정상패턴을 추출하여 특정한 권한을 가진 내부자에 의해 발생 가능한 위협을 실시간으로 탐지하고 관리한다. 또한, 위협행위를 가시화하여 관리함으로써 조기에 정보유출과 보안사고를 차단하기 위한 스코어링 시스템도 포함한다.

• 재무관리논총
• /
• 제2권2호
• /
• pp.315-344
• /
• 1995

The relationship of information flow and market price formation are central to the basic tenets of financial economics. Whereas information is usually treated as being either public or private(monopolistic), most empirical studies focus on the price effects of public announcements. More recent research has centered more on the role of private information, such as insider trading, in efficient pricing and whether such trading increases investor welfare. Typically, 'insider trading' refers to an officer that trades in his/her company's shares. Insider trading, however, also refers to anyone who generates private, albeit costly, information concerning a stock's fundamental value. Normally, such insider activity is more difficult to ascertain. One way in which negative information is revealed is through short-selling activity, especially the monthly short-interest positions reported by the national stock exchanges. Diamond and Verrecchia(1987) provide a theoretical paradigm that predicts a negative price adjustment upon announcement of n company's monthly short interest, if the short interest displays an unusual increase and is correlated with negative information that is not yet public. Empirical studies of the short-run, negative price effect predicted by Diamond and Verrecchia find mixed results. One explanation is that the time period studied is too short for the market to absorb the informational content of these announcements. One reason is that these announcements are an ambiguous signal that requires more individuals and time to collect and act on the same information before full revelation occurs or before the implicit information becomes publicly known. This 'long delayed reaction' also serves as a motivation for related research on the wealth effect of mergers, share repurchases, and initial equity offerings in which long-run performance differs from the initial, short-run reaction to such announcements or offerings.

• 수완나부미
• /
• 제8권1호
• /
• pp.17-53
• /
• 2016

Debates continue to multiply on the definition and rationale of Southeast Asia as a region and on the utility of the multidisciplinary field of area studies. However, we have now entered a post-colonialist, post-Orientalist, post-structuralist stage of reflection and re-orientation in the era of globalization, and a strong tendency on the part of insiders to pose these issues in terms of an insider-outsider dichotomy. On the one hand, the study of Southeast Asia for researchers from outside the region has become fragmented. This is for very obvious reasons: the strengthening and re-energizing of academic disciplines, the increasing popularity of other non-regional multidisciplinary studies, and the entry of globalization studies into our field of vision. On the other hand, how has the local Southeast Asian academy addressed these major issues of change in conceptualizing the region from an insider perspective? In filling in and giving substance to an outsider, primarily Euro-American-Australian-centric definition and vision of Southeast Asia, some local academics have recently been inclined to construct Southeast Asia in terms of the Association of Southeast Asian Nations (ASEAN): a nation-state-based, institutional definition of what a region comprises. Others continue to operate at a localized level exploring small-scale communities and territories, while a modest number focus on sub-regional issues (the Malay-Indonesian world or the Mekong sub-region are examples). However, further reflections suggest that the Euro-American-Australian hegemony is a thing of the past and the ground has shifted to a much greater emphasis on academic activity within the region. Southeast Asia-based academics are also finding it much more important to network within the region and to capture, understand, and analyze what Chinese, Japanese, and Korean scholars are saying about Southeast Asia, its present circumstances and trajectories, and their increasingly close involvement with the region within a greater Asia-Pacific rim. The paper argues that the insider-outsider dichotomy requires considerable qualification. It is a neat way of dramatizing the aftermath of colonialism and Orientalism and of reasserting local priorities, agendas, and interests. But there might be a way forward in resolving at least some of these apparently opposed positions with recourse to the concepts of culture and identity in order to address Southeast Asian diversities, movements, encounters, hybridization, and hierarchies.

• 재무관리논총
• /
• 제3권1호
• /
• pp.233-265
• /
• 1996

We examine the impact of public and private information on price movements using the thirty DJIA stocks and twenty-one NASDAQ stocks. We find that the standard deviation of daily returns on information days (dividend announcement, earnings announcement, insider purchase, or insider sale) is much higher than on no-information days. Both public information matters at the NYSE, probably due to masked identification of insiders. Earnings announcement has the greatest impact for both DJIA and NASDAQ stocks, and there is some evidence of positive impact of insider asle on return volatility of NASDAQ stocks. There has been considerable debate, e.g., French and Roll (1986), over whether market volatility is due to public information or private information-the latter gathered through costly search and only revealed through trading. Public information is composed of (1) marketwide public information such as regularly scheduled federal economic announcements (e.g., employment, GNP, leading indicators) and (2) company-specific public information such as dividend and earnings announcements. Policy makers and corporate insiders have a better access to marketwide private information (e.g., a new monetary policy decision made in the Federal Reserve Board meeting) and company-specific private information, respectively, compated to the general public. Ederington and Lee (1993) show that marketwide public information accounts for most of the observed volatility patterns in interest rate and foreign exchange futures markets. Company-specific public information is explored by Patell and Wolfson (1984) and Jennings and Starks (1985). They show that dividend and earnings announcements induce higher than normal volatility in equity prices. Kyle (1985), Admati and Pfleiderer (1988), Barclay, Litzenberger and Warner (1990), Foster and Viswanathan (1990), Back (1992), and Barclay and Warner (1993) show that the private information help by informed traders and revealed through trading influences market volatility. Cornell and Sirri (1992)' and Meulbroek (1992) investigate the actual insider trading activities in a tender offer case and the prosecuted illegal trading cased, respectively. This paper examines the aggregate and individual impact of marketwide information, company-specific public information, and company-specific private information on equity prices. Specifically, we use the thirty common stocks in the Dow Jones Industrial Average (DJIA) and twenty one National Association of Securities Dealers Automated Quotations (NASDAQ) common stocks to examine how their prices react to information. Marketwide information (public and private) is estimated by the movement in the Standard and Poors (S & P) 500 Index price for the DJIA stocks and the movement in the NASDAQ Composite Index price for the NASDAQ stocks. Divedend and earnings announcements are used as a subset of company-specific public information. The trading activity of corporate insiders (major corporate officers, members of the board of directors, and owners of at least 10 percent of any equity class) with an access to private information can be cannot legally trade on private information. Therefore, most insider transactions are not necessarily based on private information. Nevertheless, we hypothesize that market participants observe how insiders trade in order to infer any information that they cannot possess because insiders tend to buy (sell) when they have good (bad) information about their company. For example, Damodaran and Liu (1993) show that insiders of real estate investment trusts buy (sell) after they receive favorable (unfavorable) appraisal news before the information in these appraisals is released to the public. Price discovery in a competitive multiple-dealership market (NASDAQ) would be different from that in a monopolistic specialist system (NYSE). Consequently, we hypothesize that NASDAQ stocks are affected more by private information (or more precisely, insider trading) than the DJIA stocks. In the next section, we describe our choices of the fifty-one stocks and the public and private information set. We also discuss institutional differences between the NYSE and the NASDAQ market. In Section II, we examine the implications of public and private information for the volatility of daily returns of each stock. In Section III, we turn to the question of the relative importance of individual elements of our information set. Further analysis of the five DJIA stocks and the four NASDAQ stocks that are most sensitive to earnings announcements is given in Section IV, and our results are summarized in Section V.

• 건축역사연구
• /
• 제11권1호
• /
• pp.65-84
• /
• 2002

This study has main purpose to understand and interpret the house Nok-U-dang, an upper class built in Chosun dynasty, not by outsider researcher's view but insider dweller's view. To interpret correctly, dweller's everyday life in the space and form is examined on a microscale beyond the physical space and form of the house, main object of architectural history To understand the present form exactly, the study restore traditional life in past era, 1940s. Main method of restoration is the ethnographic interview, based on cultural anthropology. Like any other upper-class house, the house has been influenced under ruling Confucian ideology in Chosun dynasty: separation of man's and woman's quarters and hierachical arrangement by generation, and worshipping ceremony for ancestor. However, it is by practical management for agricultural production that every court and building of the Noku-Dang can be explained correctly; preparing seed for sowing, tool storing, preparing and serving meal for laborers, making manure, harvesting, threshing grain, storing grain and so on. Precedent studies interpreted the house by the Confucian principle too much and made conclusion of dignity and austerity of ritual: woman's quarter, is closed and serene space. However this study shows that the space is semi-opened and composite space by agricultural works. And the Sarangchae, master's quarter, is located properly at visual center to control every agricultural activity.

• 정보보호학회논문지
• /
• 제33권6호
• /
• pp.893-906
• /
• 2023

스마트폰이 범행 도구로 사용될 수 있다는 인식은 많은 기관에서 만연하지만, 기능적으로 스마트폰과 유사한 스마트워치의 범행 도구로의 잠재력은 간과되고 있다. 본 논문은 이러한 상황을 고려하여, 보안 규정과 기술 등에 의하여 스마트폰은 통제되고 있지만, 스마트워치는 통제되지 않는 상황에서, 내부자의 스마트워치를 통한 정보유출 가능성을 입증한다. 입증 과정에 의해 스마트워치에서 발생한 애플리케이션 사용 관련 정보, Wi-Fi 연결 관련 정보를 분석함으로써, 포렌식 가능한 정보와 한계를 파악한다. 마지막으로, 스마트워치 관련 잠재적 범죄에 대비하기 위한 예방 방법을 제안하고, 스마트워치의 범행 도구로의 사용 가능성에 대한 경각심을 재고한다.

• 건축역사연구
• /
• 제12권3호
• /
• pp.131-148
• /
• 2003

This study has main purpose to understand the traditional house, not by outside researcher's but by inside dweller's view. The house in Geochang, is descendent house of Jeong-On who was faithful scholar at Chosen Dynasty. In order to understand, I restore firstly the house form and space at traditional era, 60 years ago, and every dwellers not only family members but also servants and guests, by interviewing old matriarch. One of the main rules of the house disposition is Ancester worshipping life. Worshipping floor of Anchae, main building, is located unusually in front of Shrine for Jeong-On, in order to connect all activities directly. Sarangchae, men's building, opened to the funeral mourners, is separated by a wall because women have to serve foods and wail at the backside. Space for everyday life is separated by man/woman, insider/outsider, master/subordinate. Agricultural production is also key factor of the space allocation: big storage buildings for rice crop needed to tenant farming. Both activities of ancestor worship ceremony and guest greeting need large kitchen annex area for food preparation and serving space of rear veranda floor. A number of guests visit the house: guest-greeting activity is taken place from the family pavilion, Neungheo-Jeong and Saranchae by the social position. This study show that architectural space and form of the house reflects exactly dwellers life.

• 융합보안논문지
• /
• 제19권2호
• /
• pp.3-9
• /
• 2019

지속적으로 발생하는 기술 유출 사고에 대응하기 위하여 다양한 보안대책이 시행되고 있으나, 대부분의 보안 대책은 내 외부 사이의 경계선을 보안하는데 초점이 맞추어져 있다. 이는 외부로부터 발생하는 공격을 탐지하고 대응하기에 효과적이지만, 내부에서 발생하는 보안 사고에 취약한 실정이다. 본 연구에서는 효과적인 내부유출방지를 위해 사용자 행위정보 중 기술유출 행위에 해당하는 행위를 식별하고 기술유출 행위 탐지 항목을 설계하였다. 설계 방법으로는 선행연구 기반의 기존 기술유출 탐지 방법들을 분석하고, 기술유출 사고 사례를 기술유출 행위 관점에서 분석하여 기술유출 행위로 식별 가능한 탐지 항목들을 도출하였다. 도출한 기술유출 행위 탐지 항목은 통계적 검증을 통해 적합 타당성, 신뢰성을 모두 확보하였으며, 항목 간 상관분석을 통해 항목 간 연관 정도를 확인하였다. 본 연구의 결과물을 통하여 향후 선행연구와 유출경험 사고 사례 기반의 기술유출 시나리오 설계에 기반이 될 수 있을 것으로 기대된다.