• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.704-719
• /
• 2024

Botnet pandemics are becoming more prevalent with the growing use of mobile phone technologies. Mobile phone technologies provide a wide range of applications, including entertainment, commerce, education, and finance. In addition, botnet refers to the collection of compromised devices managed by a botmaster and engaging with each other via a command server to initiate an attack including phishing email, ad-click fraud, blockchain, and much more. As the number of botnet attacks rises, detecting harmful activities is becoming more challenging in handheld devices. Therefore, it is crucial to evaluate mobile botnet assaults to find the security vulnerabilities that occur through coordinated command servers causing major financial and ethical harm. For this purpose, we propose a hybrid analysis approach that integrates permissions and API and experiments on the machine-learning classifiers to detect mobile botnet applications. In this paper, the experiment employed benign, botnet, and malware applications for validation of the performance and accuracy of classifiers. The results conclude that a classifier model based on a simple decision tree obtained 99% accuracy with a low 0.003 false-positive rate than other machine learning classifiers for botnet applications detection. As an outcome of this paper, a hybrid approach enhances the accuracy of mobile botnet detection as compared to static and dynamic features when both are taken separately.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.817-827
• /
• 2015

In this modern society, people are having a close relationship with smartphone. This makes easier for hackers to gain the user's information by installing the malware in the user's smartphone without the user's authority. This kind of action are threats to the user's privacy. The malware characteristics are different to the general applications. It requires the user's authority. In this paper, we proposed a new classification method of user requirements method by each application using the Principle Component Analysis(PCA) and Probabilistic K-Nearest Neighbor(PKNN) methods. The combination of those method outputs the improved result to classify between malware and general applications. By using the K-fold Cross Validation, the measurement precision of PKNN is improved compare to the previous K-Nearest Neighbor(KNN). The classification which difficult to solve by KNN also can be solve by PKNN with optimizing the discovering the parameter k and ${\beta}$. Also the sample that has being use in this experiment is based on the Contagio.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.455-468
• /
• 2008

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

• Journal of Korean Society of Rural Planning
• /
• v.17 no.3
• /
• pp.81-90
• /
• 2011

The altitude criteria of 'Management of Mountains District Act' and 'National Land Planning and Utilization Act' are different because the adaptive reuse permissions on mountains district by two acts have been operated individually and each criteria has some problems for application. This study aims to suggest proposals for improvements of altitude criteria by two acts. The altitude criteria of the duel legal systems were researched by literature review and inherent issues were derived by interview with public officers and GIS tools applied to cases. The results are as follows : First, duel criteria systems need to be integrated based on the format by 'Management of Mountains District Act'. Second, the criteria index(50/100) by 'Management of Mountains District Act' need to be adjusted due to the preserved area ratio in mountains district and the each definition of 'the peak point of the mountain' and 'the tail of the mountain' can be changed as 'the highest point within the same slope(including ridge)' and as 'the average of the highest and the lowest point on boundary between the mountain district and the other land use district'. Third, the method of slope division may be determined by the conditions of local areas and the discrepancy between the two slopes in common boundaries must be adjusted. Finally, the maps containing preservation areas and development areas need to be notified.

• Journal of the Korean association of regional geographers
• /
• v.12 no.5
• /
• pp.595-613
• /
• 2006

In the debates of development gains, the general rule is that it results from actions other than those of the landowner, most notably of the public sector as in granting of permissions for the development of specific land uses and densities or through infrastructure investments, or of socio-economic forces due to a general capital accumulation in space. A huge academic literature has investigated the development gains capture that refers to the process by which a portion of or all land value increments attributed to the community effort are recouped by the public sector. Policy instruments for applying development gains capture are based on deepening land value taxation, financing infrastructure, controling land use. But one of the most basic for the efficient policy implementation is the accurate estimation of development gains. This paper estimates the development gains generated by the total 204 building land projects of Korea Land Corporation and Korea National Housing Corporation since 1995.

• Women's Health Nursing
• /
• v.5 no.3
• /
• pp.349-361
• /
• 1999

This study is designed to describe and analyze the experiences of hysterectomy. It also attempts to develop the practical theory of their experiences and thus suggest a fundamental frame that can help nurses broaden their clinical understanding of hysterectomy patients and take better care. The data was collected through interviewing the selected subjects. The subjects were five hysterectomy patients. They were interviewed at first hand by this researcher and recorded under their permissions. Each interview took one hour or two hours per interviewer. The data was collected through the interview. The method of "the Ground Theory" by Strauss & Corbin (1990) was used for data analysis. A total of 129 concepts were extracted from the data analysis. which were classified into 27 subcategories through reanalysis. The subcategories were grouped under 12 higher categories. During the process of the data analysis the following three propositions repeatedly appeared. (1) The higher importance of sexual life and pregnancy, the greater the patients' despair. The support system was not satisfied. The closed defense intensified their despair. They felt that the operation result was out of control. (2) The lower the importance of sexual life and pregnancy, the lesser the patients' despair. The support system proved to be highly satisfactory. As a result more favorably. (3) The lower physical change, the lesser importance of pregnancy. the lesser the patients' despair, the patients' thought turned out to be more positive, which, in turn, left the patients the less despaired. As a results the patients accept the operation result more favorably.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.81-87
• /
• 2012

This study is enabled our country to compare and analyze Korea's and Japan's marina development related fishing villages in the sea ports, sea port law's systematical research, approved permissions, and operation related ordinance enactments. Henceforth, the results of the research regarding the fisherina development model appropriate for domestic circumstances are as follows. First, the fisherina must be developed in a way to create a new source of income in the fishing villages. The initial steps must be taken in improving the fishing industry and revitalizing the marine leisure sports. Second, there must be a development of a system to reduce its development costs. Third, the existing sea port's unused equipments must be developed in a remodeled form.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.11-17
• /
• 2016

Recently, As the IT skills development, the different kinds of data (or information) generated by the company are becoming more frequent leaked to outside organizations and individuals. However, it is insufficient situation to reduce the dysfunctional corporate information at the enterprise level. In this paper, we propose a role-based enterprise information processing model to minimize the dysfunctions of corporate information. The proposed model is to allow you to set protect corporate information through the relevant departments for the management and supervision of enterprise information, and rapid and systematic recovery and operating strategy was to improve the efficiency of enterprise information services. The proposed model is caught blocking access to information access to information to establish a rapid and systematic recovery and operational continuity strategy after the administrator user permissions and roles that access to information is centrally managed by the user when the abnormality. In experimental results, virus damage was lower 48.8% than the previous model. In addition, information on the number of dysfunction distribution occurring within the company gained 17.9% lower results than the previous model.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.111-117
• /
• 2004

In distributed-computing environments, there is a strong demand for the authentication and the access control of distributed-shared resources. I have presented role-based access control (RBAC) concept that is in the spotlight recently. RBAC model shows the standardized access control of complicated organization's resources. In RBAC, senior role has junior role's permission by virtue of role hierarchy. But, junior role cannot perform the permission, which is granted to the senior or other role groups. Inheritances of permissions in role hierarchies are static. In order to tackle this problem, I propose a dynamic role assignment, which classified into passive role assignment and active role assignment, and design dynamic role assignment protocol and implement role assignment server.