• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.9-17
• /
• 2021

In this paper, we propose a reversely using the "Man In The Middle Attack" attack technique as a way to introduce network security without changing the physical structure and configuration of the existing network, a Virtual Network Overlay is formed with only a single Ethernet Interface. Implementing In-line mode to protect the network from external attacks, we propose an integrated control method through a micro network security sensor and cloud service. As a result of the experiment, it was possible to implement a logical In-line mode by forming a Virtual Network Overlay with only a single Ethernet Interface, and to implement Network IDS/IPS, Anti-Virus, Network Access Control, Firewall, etc.,. It was possible to perform integrated monitor and control in the service. The proposed system in this paper is helpful for small and medium-sized enterprises that expect high-performance network security at low cost, and can provide a network security environment with safety and reliability in the field of IoT and embedded systems.

• Journal of Pharmacopuncture
• /
• v.4 no.2
• /
• pp.35-47
• /
• 2001

Objectives : Through the literatures on the effets of Bufonis Venenum, we are finding out the clinical possibility and revealing the more effective to intractable diseases. Methods : We investigated the literatures of Oriental Medicine and experimental reports about Bufonis Venenum. Results : 1. Bufonis Venenum is made of bufonidae bufo bufo gargarizans cantor or bufo melanostictus schneider of white serum which secreted from parotid gland or dermato gland, and it is dried for using. 2. In oriental medicine, Bufonis Venenum has been mainly used on the tumors, cacanthrax and dermatic disease, and then it has been clinically used on infantile athrepsia, tetanus, sore throat, toothache, and so on. 3. The pharmacological effects of Bufonis Venenum are cardiotonic, respiration stimulation, depressor or vasopressor, topical anesthcsia, hallucination, striped muscle stimulation, antiasthmatic, antibacterial, antiinflammatory, anticancer, diuretic, immuno effects, etc. 4. Bufonis Venenum is largely divided in ether binding steroid compound, hydroxyl steroid compound, carboxyl or aldehyde steroid compound, indole compound, and adrenaline, cholesterole, etc. 5. Symptoms of Bufonis Venenum poisoning in digestive system are vommitig, abdominal pain, diarrhea, dehydration, in circulatory system are palpitation, shock, bradycardia, in nervous system are vertigo, somnolentia, muscle-tendon reflex weakness, and critical conditions to tissue necrosis and heart attack. 6. Ways to treat Bufonis Venenum poisoning include gastric irrigation with $0.2~0.5\%$ potassium permanganate fluid and atropine $0.5{\sim}1.0mg$ subcutaneous injection. From the chinese book of Bon Cho Gang Moke(本草綱目), if white serum of Bufonis Venenum enter the eyes, it happens the edema and pain. And then washed the eyes by juice of Lithospermi Radix(紫草) that the edema is removed. Conclusions and Discussion : The results from above literary studies show that prescriptions and Aqua-acupuncture of Bufonis Venenum could be clinically used to sedative, anticonvulsant, antibacterial, antiinflammatory, anticancer and topical ataralgesia. However it is expected that pharmacological and side effects of Bufonis Venenum are further studied.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.749-752
• /
• 2024

연합학습은 클라이언트가 중앙 서버에 원본 데이터를 주지 않고도 학습할 수 있도록 설계된 분산된 머신러닝 방법이다. 그러나 클라이언트와 중앙 서버 사이에 모델 업데이트 정보를 공유한다는 점에서 여전히 추론 공격(Inference Attack)과 오염 공격(Poisoning Attack)의 위험에 노출되어 있다. 이러한 공격을 방어하기 위해 연합학습에 차분프라이버시(Differential Privacy)를 적용하는 방안이 연구되고 있다. 차분 프라이버시는 데이터에 노이즈를 추가하여 민감한 정보를 보호하면서도 유의미한 통계적 정보 쿼리는 공유할 수 있도록 하는 기법으로, 노이즈를 추가하는 위치에 따라 전역적 차분프라이버시(Global Differential Privacy)와 국소적 차분 프라이버시(Local Differential Privacy)로 나뉜다. 이에 본 논문에서는 차분 프라이버시를 적용한 연합학습의 최신 연구 동향을 전역적 차분 프라이버시를 적용한 방향과 국소적 차분 프라이버시를 적용한 방향으로 나누어 검토한다. 또한 이를 세분화하여 차분 프라이버시를 발전시킨 방식인 적응형 차분 프라이버시(Adaptive Differential Privacy)와 개인화된 차분 프라이버시(Personalized Differential Privacy)를 응용하여 연합학습에 적용한 방식들에 대하여 특징과 장점 및 한계점을 분석하고 향후 연구방향을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3243-3257
• /
• 2021

Deep neural networks provide excellent performance in pattern recognition, audio classification, and image recognition. It is important that they accurately recognize input data, particularly when they are used in autonomous vehicles or for medical services. In this study, we propose a data correction method for increasing the accuracy of an unknown classifier by modifying the input data without changing the classifier. This method modifies the input data slightly so that the unknown classifier will correctly recognize the input data. It is an ensemble method that has the characteristic of transferability to an unknown classifier by generating corrected data that are correctly recognized by several classifiers that are known in advance. We tested our method using MNIST and CIFAR-10 as experimental data. The experimental results exhibit that the accuracy of the unknown classifier is a 100% correct recognition rate owing to the data correction generated by the proposed method, which minimizes data distortion to maintain the data's recognizability by humans.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.683-686
• /
• 2013

최근 인터넷을 이용한 금융거래가 활발해지면서 피싱이나 파밍과 같은 공격을 통한 개인정보 유출 사고가 빈번히 발생하고 있다. 특히 파밍의 경우, 공격자가 DNS 정보를 변조하여 사용자가 올바른 URL을 입력하더라도 악의적 사이트로 컴퓨터가 접속을 하기 때문에 위험성이 매우 높다. 이러한 공격들을 방지하기위하여 여러 연구가 진행되었지만, DNS 정보의 검증을 위한 추가적인 절차를 필요로 하거나 과도한 네트워크 트래픽을 유발할 수 있는 문제점을 가지고 있다. 따라서 본 논문에서는 이러한 문제점을 극복하고자 DNS 리소스 레코드(Resource Record)의 부분 암호화를 이용하여 DNS 변조 공격을 탐지 하는 프로토콜을 제안한다.

• KSCI Review
• /
• v.14 no.2
• /
• pp.205-214
• /
• 2006

Is need Remote Access through internet for business of Ubiquitous Computing age, and apply OTP for confidentiality about inputed ID and Password, network security of integrity. Current OTP must be possessing hardware or Token, and there is limitation in security. Install a Snooping tool to OTP network in this treatise, and because using Cain, enforce ARP Cache Poisoning attack and confirm limitation by Snooping about user password. Wish to propose new system that can apply Tokenless OTP by new security way, and secure confidentiality and integrity. Do test for access control inflecting Tokenless OTP at Remote Access from outside. and could worm and do interface control with certification system in hundred. Even if encounter hacking at certification process, thing that connection is impossible without pin number that only user knows confirmed. Because becoming defense about outward flow and misuse and hacking of password when apply this result Tokenless OTP, solidify security, and evaluated by security system that heighten safety.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.107-116
• /
• 2007

Is need Remote Access through internet for business of Ubiquitous Computing age, and apply OTP for confidentiality about inputed ID and Password, network security of integrity. Current OTP must be possessing hardware of Token, and there is limitation in security. Install a Snooping tool to OTP network in this treatise, and because using Cain, enforce ARP Cache poisoning attack and confirm limitation by Snooping about user password. Wish to propose new system that can apply Tokenless OTP by new security way, and secure confidentiality and integrity. Do test for access control inflecting Tokenless OTP at Remote Access from outside, and could worm and do interface control with certification system in hundred. Even if encounter hacking at certification process, thing that connection is impossible without pin number that only user knows confirmed. Because becoming defense about outward flow and misuse and hacking of password when apply this result Tokenless OTP, solidify security, and evaluated by security system that heighten safety.

• Journal of The Korean Society of Clinical Toxicology
• /
• v.2 no.2
• /
• pp.83-89
• /
• 2004

Acute poisoning is one of the diseases which need the most fastest emergency measures at the very beginning. However, at present, The Korea doesn't manage the toxication all over the country, and in particular, there is no guide to medical cure paying due regard to the traits of each area. This paper focused on the issue that the necessary data in preparing the facilities for the treatment of the poisoned patients and materials for medical treatment including antidote would have to be collected, after finding the special features of the symptoms by searching the present conditions of the poisoning in small towns next to farm villages in the North area of Youngseo, Kangwon province. This study was based on the questionnaires from 111 patients who were carried into the emergency room by the poisoning in two university hospitals of the North area of Youngseo, Kangwon, for one year, 2002. Upon investigation, the patients(111) visiting emergency room by the acute poisoning during the research period was found to be 0.37 percent of all patients(30,085) visiting emergency room. Among them, the most high percentage was given in their twenties and thirties at the rate of $39.6\%$, and the ratio($40.5\%$) of the poisoned patients after their fifties was much higher than a research($10\%$) of other areas. Many poisoned patients came to their rescue in an emergency room generally in spring and in winter, from 7 a.m. to 3 p.m. Agricultural chemical of the toxic materials had a majority at a ratio of $57.7\%$, and paraquat of the agricultural chemicals was found to have a lot of toxicity by $31.7\%$. As the trace of the toxication, the oral poisoning was common by $89.2\%$, and $55.9\%$ in the case of operating gastric lavage and nasogastric irrigation, but only $14.4\%$ for prescribing antidote. The mortality of the acute poisoned patients was $17.2\%$, and the toxication by paraquat held a majority. As a result, the acute poisoning of the North area in Youngseo, Kangwon had both of the characteristics of the rural and the city, and the patients over their fifties by the population aging had more attack of the disease than other regions. Also, with the high ratio of the toxication by the agricultural chemicals, especially, the lethal agricultural chemical was used frequently. Therefore, these dangerous situations need to find the ways to cope with.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.