• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.957-966
• /
• 2020

According to the recent statistics of the National Industrial Security Center, about 80% of the confidential leak are caused by former and current employees in the case of domestic confidential leak accidents. Most of the information leak incidents by these insiders are due to poor security management system and information leak detection technology. Blocking confidential leak of insiders is a very important issue in the corporate security sector, but many previous researches have focused on responding to intrusions by external threats rather than by insider threats. Therefore, in this research, we design an internal information leak scenario to effectively and efficiently detect various abnormalities occurring in the enterprise, analyze the key indicators of the leak symptoms derived from the scenarios by using data analytics and propose a model that accurately detects leak activities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.143-152
• /
• 2008

The incredible progress of information and communication technology has allowed various information and communication services to emerge in the Web environment. Such a service is initiated when the user provides his/her personal information to the service provider and is then given an identifier and authentication data. A series of the processes is inconvenient as it requires authentication by the service provider each time that the user requests the service. Furthermore, as the user subscribes to more services, the volume of ID and authentication information increases. This compels the users to use an ID that is easy to remember or to register the same ID over and over, increasing the risk of ID hacking. It is clear that such threats will become more serious as our lives become more dependent upon the Internet and as the Internet service environment advances. With the introduction of different services, the need to efficiently manage ID has been raised. In this paper, a Internet Identity Management Service that enables the control of the flow of the user’s personal information, which is used and stored for the Internet service, is proposed from the user's perspective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.101-115
• /
• 2011

A botnet is a huge network of hacked zombie PCs. Recognizing the fact that the majority of email spam is sent out by botnets, a system that is capable of detecting botnets and zombie PCS will be designed in this study by analyzing email spam. In this study, spam data collected in "an email spam trail system", Korea's national spam collection system, were used for analysis. In this study, we classified the spam groups by the URLs or attached files, and we measured how much the group has the characteristics of botnet and how much the IPs have the characteristics of zombie PC. Through the simulation result in this study, we could extract 16,030 zombie suspected PCs for one hours and it was verified that email spam can provide considerably useful information in tracing zombie PCs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.117-129
• /
• 2010

To support the establishment of Information Security Management System, the private sector and the public sector have taken some measures. In the private sector, KISA(Korea Internet & Security Agency) has certified ISMS system based on "The Act on Communication Network Use Promotion and Information Security etc.". In the public sector, No authentication system has been established. Instead, NIS(National Intelligence Service) has enforced 'Information Security Management Condition Evaluation' based on "Electronic Government Act". This article compared ISMS control parts of the private sector with that of the public sector and analyzed the non-enforcement parts of ISMS implementing two sectors for years. Based on this, I would like to consider the method of establishment for efficient ISMS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.221-235
• /
• 2010

Internet service providers provide various security services, such as firewall, intrusion detection, intrusion prevention, anti-virus, along with their main Internet services. Those security service users have no idea what kind of quality services they are guaranteed. And therefore, Internet users interest in Security Service Level Agreement(SLA) increases as their interest in secure Internet service increases. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in IPS services and categorize them into common and independent security functions. Finally to improve quality of security services, this paper proposes S-SLA indexes depending on the different security levels. This will be subdivide into agreement on security service.

• Journal of the Korean Society of Safety
• /
• v.36 no.1
• /
• pp.44-49
• /
• 2021

Domestic industrial accidents continue to increase, with 2,142 deaths in 2018, up by 185 (9.5%) from 1,957 deaths in 2017. Industrial accidents that cause loss of human lives pose a serious risk to businesses because of the strengthening of safety regulations and the changing public perception of social responsibility. Accordingly, to prevent industrial accidents, companies regularly conduct onsite safety activities and conduct education and training to raise awareness among employees. However, many such corporate activities are not conducted voluntarily and practically by employees but mostly by formal implementation. To discontinue this customary and passive behavior of employees and establish a mature safety culture, strengthening the execution power of safety management at the site is of paramount importance, and to this end, we aim to utilize the safety practice index (SPI). In this study, the SPI calculated on the basis of the results of the 2018 and 2019 risk management and safety activities of a site was compared with the reported safety accidents. The results confirmed that the SPI index can be used as a valid indicator for safety activities for accident prevention, such as strengthening leadership and safety policies to grade and manage safety management levels for a certain period of time or by a department or to convert weaknesses into strengths.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1225-1236
• /
• 2020

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

• The Korean Journal of Pain
• /
• v.34 no.1
• /
• pp.82-93
• /
• 2021

Background: This study used bibliometric analysis of articles published about the topic of regional anesthesia from 1980-2019 with the aim of determining which countries, organizations, and authors were effective, engaged in international cooperation, and had the most cited articles and journals. Methods: All articles published from 1980-2019 included in the Web of Science database and found using the keywords regional anesthesia/anaesthesia, spinal anesthesia/anaesthesia, epidural anesthesia/anaesthesia, neuraxial anesthesia/anaesthesia, combined spinal-epidural, and peripheral nerve block in the title section had bibliometric analysis performed. Correlations between the number of publications from a country with gross domestic product (GDP), gross domestic product (at purchasing power parity) per capita (GDP PPP), and human development index (HDI) values were investigated with the Spearman correlation coefficient. The number of articles that will be published in the future was estimated with linear regression analysis. Results: Literature screening found 11,156 publications. Of these publications, 6,452 were articles. The top 4 countries producing articles were United States of America (n = 1,583), Germany (585), United Kingdom (510), and Turkey (386). There was a significant positive correlation found between the GDP, GDP PPP, and HDI markers for global countries with publication productivity (r = 0.644, P < 0.001; r = 0.623, P < 0.001, r = 0.542, P < 0.001). The most productive organizations were Harvard University and the University of Toronto. Conclusions: This comprehensive study presenting a holistic summary and evaluation of 6,452 articles about this topic may direct anesthesiologists, doctors, academics, and students interested in this topic.

• Asia-Pacific Journal of Business
• /
• v.13 no.3
• /
• pp.293-309
• /
• 2022

Purpose - The purpose of this study is to explore the possibility of predicting the degree of smartphone overdependence based on mobile phone usage patterns. Design/methodology/approach - In this study, a survey conducted by Korea Internet and Security Agency(KISA) called "problematic smartphone use survey" was analyzed. The survey consists of 180 questions, and data were collected from 29,712 participants. Based on the data on the smartphone usage pattern obtained through the questionnaire, the smartphone addiction level was predicted using machine learning techniques. k-NN, gradient boosting, XGBoost, CatBoost, AdaBoost and random forest algorithms were employed. Findings - First, while various factors together influence the smartphone overdependence level, the results show that all machine learning techniques perform well to predict the smartphone overdependence level. Especially, we focus on the features which can be obtained from the smartphone log data (without psychological factors). It means that our results can be a basis for diagnostic programs to detect problematic smartphone use. Second, the results show that information on users' age, marriage and smartphone usage patterns can be used as predictors to determine whether users are addicted to smartphones. Other demographic characteristics such as sex or region did not appear to significantly affect smartphone overdependence levels. Research implications or Originality - While there are some studies that predict smartphone overdependence level using machine learning techniques, but the studies only present algorithm performance based on survey data. In this study, based on the information gain measure, questions that have more influence on the smartphone overdependence level are presented, and the performance of algorithms according to the questions is compared. Through the results of this study, it is shown that smartphone overdependence level can be predicted with less information if questions about smartphone use are given appropriately.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.6
• /
• pp.299-312
• /
• 2023

Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.