• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.79-86
• /
• 2013

The objective of DDoS Attacks is to simply disturb the services. In recent years, the DDoS attacks have been evolved into Multi-Vector Attacks which use diversified and mixed attacking techniques. Multi-Vector Attacks start from DDoS Attack and Malware Infection, obtain inside information, and make zombie PC to reuse for the next DDoS attacks. These forms of Multi-Vector Attacks are unable to be prevented by the existing security strategies for DDoS Attacks and Malware Infection. This paper presents an approach to effectively defend against diversified Multi-Vector attacks by using Reverse Proxy Group and PMS(Patch Management Server).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.1-6
• /
• 2014

The IoT (Internet of Things) is considered as a core technology to realize interconnected world. At this, companies composing ICT industry and standard organizations make efforts to accelerate it. IETF CoRE(Constrained RESTful Environment) working group standardized CoAP (Constrained Application Protocol) for the constrained device. CoAP has RESTful architecture and CoAP option is provided to use forward-proxy. The forward-proxy is used to translate protocol and perform requests on behalf of the client. However, communication between Internet based client and LLN(Low-power and Lossy Network) based CoAP server architecture has limitations to deploy real IoT service. In this architecture, problems like response delay, URI assignment and DoS attack can be occurred. To solve these problems, we propose the reverse-proxy based system. We consider both of static IoT and mobility IoT environments. Finally, our proposed system is expected to provide efficient IoT service.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.101-106
• /
• 2012

As the existing strategy of preventing DDoS(Distributed Denial of Service) attacks has limitations, this study is intended to suggest the more effective method of preventing DDoS attacks which reduces attack power and distributes attack targets. Currently, DDoS attacks have a wide range of targets such as individuals, businesses, labs, universities, major portal sites and financial institutions. In addition, types of attacks change from exhausting layer 3, network band to primarily targeting layer 7. In response to DDoS attacks, this study suggests how to distribute and decrease DDoS threats effectively and efficiently using Proxy Server Group and Dynamic DNS.

• Journal of Information Processing Systems
• /
• v.19 no.5
• /
• pp.702-712
• /
• 2023

Load balancing plays a crucial role in ensuring the stable operation of information management systems during periods of high user access requests; therefore, load balancing approaches should be reasonably selected. Moreover, appropriate load balancing techniques could also result in an appropriate allocation of system resources, improved system service, and economic benefits. Nginx is one of the most widely used loadbalancing software packages, and its deployment is representative of load-balancing application research. This study introduces Nginx into an educational administration system, builds a server cluster, and compares and sets the optimal cluster working strategy based on the characteristics of the system, Furthermore, it increases the stability of the system when user access is highly concurrent and uses the Nginx reverse proxy service function to improve the cluster's ability to resist illegal attacks. Finally, through concurrent access verification, the system cluster construction becomes stable and reliable, which significantly improves the performance of the information system service. This research could inform the selection and application of load-balancing software in information system services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.132-135
• /
• 2021

최근 네트워크의 확장으로 인한 공격 벡터의 증가로 외부자뿐 아니라 내부자를 경계해야 할 필요성이 증가함에 따라, 이를 다룬 보안 모델인 제로트러스트 모델이 주목받고 있다. 이 논문에서는 reverse proxy 와 사용자 패턴 인식 AI 를 이용한 제로트러스트 아키텍처를 제시하며 제로트러스트의 구현 가능성을 보이고, 새롭고 효율적인 전처리 과정을 통해 효과적으로 사용자를 인증할 수 있음을 제시한다. 이를 위해 사용자별로 마우스 사용 패턴, 리소스 사용 패턴을 인식하는 딥러닝 모델을 설계하였다. 끝으로 제로트러스트 모델에서 사용자 패턴 인식의 활용 가능성과 확장성을 보인다.

• The KIPS Transactions:PartC
• /
• v.9C no.2
• /
• pp.181-188
• /
• 2002

There are recently a lot of inconvenience because every client should be set to the proxy server on the browser in order to control the access by means of the client authentication in the proxy server. The client authentication technology using the transparency cache in this paper will be transparently used for every user in the internet which option of the authentication function is simply set in the cache server. In addition, the administrator will get the benefit since he can control the traffic of each client and strengthen the security. And also, this system is expected to use in the eCRM deeply rotated to the tendency of the client in the field of the e-commerce like shopping mall in the internet since the administrator can monitor the pattern of the client using the internet. This technique can be applied to the company affiliated research center, the EC website, and the military where it is essential for the tight security even though there are no additional security devices.

• Journal of Korean Clinical Nursing Research
• /
• v.17 no.3
• /
• pp.363-374
• /
• 2011

Purpose: The purpose of this study was to identify the types and causes of non-value-added (NVA) activities in nursing practice, and to determine the frequency of each NVA type and causes of NVA in clinical area. Methods: This study was conducted using Delphi technique. First, in order to identify NVA and their causes, 24 nurses with 7 years or more of clinical experience were recruited from medical/surgical units in six general hospitals in Korea. Then the NVA types and causes were tested using a larger sample of 130 nurses with more than 3 years of clinical experience at two general hospitals in Korea. Results: NVA was categorized into 6 different types, which are repeating, duplicating, waiting, reverse-proxy working, reworking, and searching. The most prevalent NVAs were repeating and duplicating works. Reworking and searching were less frequent types than others. The causes of NVA were classified into personnel-related, supporting departments, records, regulations, information, materials or instruments, and others. Among them, personnel-related and supporting departments were reported with the highest scores. Conclusion: NVA leads to waste cost and time. These results demonstrated the situations and causes of NVA occurred in nursing practice. Further studies on the typology and moderation of NVA activities are warranted to improve the efficiency and quality of nursing care in day-to-day practice.

• The Journal of Asian Finance, Economics and Business
• /
• v.8 no.10
• /
• pp.1-10
• /
• 2021

This paper attempts to investigate the determinants of capital structure of Vietnamese firms and also shed light on some of the factors of the modern theory of capital structure which is relevant for explaining the capital structure in advanced countries which are also relevant in the context of Vietnam. Using panel data from more than 1000 Vietnamese listed enterprises census 2017-2020, the paper finds that leverage ratio of Vietnamese firms is significantly related to probability. The firms have high level of fixed assets which they use as collateral, resulting in higher debt ratio, which is in line with the pecking order theory. The result also confirm that highly targeted debt ratio is positively correlated with the industry characteristics (using real estate firms as a benchmark), in which firm operates. Furthermore, consistent with the trade-off hypothesis, the leverage ratio is positively affected by non - debt tax shield. The result confirms that a large number of companies are state - owned, will have an insignificant impact of firm's size (as reverse proxy for bankruptcy cost) on leverage ratio. We also find that there is no distinction between state-owned enterprises and private enterprises due to strict adherence to the rules set by the Vietnamese government. Distinct from other countries, corporate income tax has slight impact on capital structure in Vietnamese firms.

• The Journal of Information Systems
• /
• v.27 no.1
• /
• pp.193-224
• /
• 2018

Purpose Targeting Korean companies listed on Korean securities markets (i.e., KOSPI and KOSDAQ markets), this study aims to shed lights the effects of personal information security breaches on stock prices of information security companies. Interestingly, this study is, to the best of our knowledge, the first to examine the information transfer effect on personal information security breaches of companies. Design / Methodology /Approach To examine the information transfer effect of personal information security breaches, our study employs the event study commonly used in financial studies. To this end, we investigate a variety of events of personal information security breaches of companies listed on the KOPSI stock market and the KOSDAQ market. We collect the total samples of one hundred and twelve with forty seven of events of personal information security breaches by thirty companies and sixty five of information security companies. Findings The principal findings from the empirical study are as follows. First, for companies of personal information security breaches, our event study presents the significantly negative AAR (averaged abnormal return) value on the event day at the 5 % level and the highly significant negative CAAR(cumulative averaged abnormal return) value on the event day and the day after the event day at the 1 % level. The results suggest that personal information breaches significantly contribute to an decrease in value of the information breached companies. The cross sectional regressions in this study estimate the significantly negative coefficient for the ME/BE variable, the proxy for a growth opportunity at the 5 % level. This suggests a reverse relation between the growth opportunity of companies and their value. As for the various samples of the information security companies categorized by physical security, network and system security, security application software, code authentication, system integration, we find the significantly positive AAR on the day after the event day at the 5% level, only for the network and system security-companies. This addresses that the information transfer effect followed by personal information breaches is uniquely observable for companies categorized into network and system companies. The regressions for the network and system companies estimate the significantly positive coefficient for the NS dummy variable (i.e., the dummy of the network and system security companies) at the standard level. This allows us to identify appropriate times needed to make the information transfer effect realized from personal information breached companies to information security companies.