• Journal of KIISE
• /
• v.44 no.1
• /
• pp.1-12
• /
• 2017

The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server's end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker's SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system's source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.

• Journal of Korea Multimedia Society
• /
• v.7 no.3
• /
• pp.293-307
• /
• 2004

The SMIL(Synchronized Multimedia Integration Language) documents are represented as logical structure information, spatial layout structure information, temporal synchronization structure information and hyperlink structure information, according as the structural characteristics of SMIL documents based on XML. This paper proposes the effective modeling and query method for the multi -structure information of inherent SMIL documents. In particular, we present the object-oriented modeling by using UML class diagram in order to represent the objects classes for the structured information of SMIL documents, and the hierarchical structure and the relationships for the objects classes. In addition, the objects classes definition is specified in compliance with SQL3 for database standard language. We also propose the access method and the query representation for hierarchical structure in order to retrieve efficiently the structural objects of SMIL documents.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.259-265
• /
• 2005

The purpose of this study is for designing a illegal query detection system using Winpcap library for unauthorized access by internal person. The illegal query detection can be possible detecting the data in out of access control or searching illegal data by plagiarizing other user ID. The system used in this paper collects packets and analyzes the data related to SQL phrase among them, and selects the user's basic information by comparing the dispatch of MAC address and user's hardware information constructed previously. If the extracted information and user's one are different, it is considered as an illegal query. It is expected that the results of this study can be applied to reducing the snaking off unprotected data, and also contributed to leaving the audit records using user's access log which can be applied to the pattern analysis.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2000.05a
• /
• pp.79-84
• /
• 2000

우리가 일상적으로 사용하는 말속에는 모호한 표현들이 많이 들어있다. 예를 들어, '젊다', '크다', '어느 정도' 등의 표현들은 정해진 값을 갖는 말들이 아니다. 가장 보편화된 RDBMS에서의 질의어인 SQL(Structured Query Language, 이하 SQL)은 데이터베이스에서 허용된 값, 즉 정량적인 값들에 대해서만 질의할 수 있도록 되어 있다. '젊은 여자' 혹은 '20세 정도의 여자'라는 질의는 할 수 없으며, '25세의 여자' 라는 식으로 정확한 질의만이 허용된다. 그러나 정보량이 급증하고 있고, 정보가 곧 힘이 되는 지금, 일반 사용자들도 데이터베이스에서 자신이 원하는 정보를 얻어 낼 수 있어야만 하게 되었다. 따라서 본 논문에서는 일반 사용자들도 데이터베이스에서 일상적으로 사용하는 단어(이하 자연어)로 질의를 할 수 있도록 하는 FSQL에 대해 논의하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.265-268
• /
• 2010

Current Traceback is difficult due to the development of bypass technique Proxy and IP-driven to trace the real IP Source IP is the IP traceback after the actual verification is difficult. In this paper, an intelligent about SQL Query field, column, table elements such as analysis of the value and the matching key values and Data used here to analyze source user hit point values for the user to trace the Application Layer IP for the analysis of forensic evidence guided by In this study, including forensic DB security will contribute to the development of electronic trading.

• Journal of Practical Engineering Education
• /
• v.12 no.2
• /
• pp.265-273
• /
• 2020

In this paper, to design a basic data science practice curriculum as a liberal arts subject for non-majors, we proposed an educational method using an Excel(spreadsheet) data analysis tool. Tools for data collection, data processing, and data analysis include Excel, R, Python, and Structured Query Language (SQL). When it comes to practicing data science, R, Python and SQL need to understand programming languages and data structures together. On the other hand, the Excel tool is a data analysis tool familiar to the general public, and it does not have the burden of learning a programming language. And if you practice basic data science practice with Excel, you have the advantage of being able to concentrate on acquiring data science content. In this paper, a basic data science practice curriculum for one semester and weekly Excel practice contents were proposed. And, to demonstrate the substance of the educational content, examples of Linear Regression Analysis were presented using Excel data analysis tools.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06c
• /
• pp.138-143
• /
• 2010

현대의 데이터베이스 서버는 거대하고 복잡한 소프트 시스템의 구조이다. 복잡한 SQL(Structured query language) 언어는 점점 늘어가고 ANSI 표준을 바탕으로 새로운 형태로 발달하고 있다. 데이터베이스 서버를 테스트하는 작업은 꾸준히 진행되어 왔으며 앞으로도 계속 도전하고 있는 과제중 하나이다. 그 과제에 적합한 새로운 테스트 기법의 개발을 위해서는 보편적으로 막대한 인력과 비용이 요구된다. 본 논문에서는 수동적인 테스트에서의 막대한 인력과 비용의 문제로부터의 해결책을 제공하기 위해서 자동화된 SQL 쿼리 테스트 프레임워크를 제시한다. 본 프레임워크는 SQL의 기본이 되는 SQL BNF(Backus-Naur Format) 문법을 기본으로 하여 문법적, 의미적으로 정확한 "지능적인" SQL 쿼리를 랜덤하게 자동적으로 생성 한다. 생성된 "지능적인" 쿼리는 논리적 모델에서 얻어지고, 통계적인 정보를 통해 사용자에게 유용한 체크리스트를 제공한다. 각각의 데이터베이스 개발업체는 그들의 데이터베이스와 새롭게 개발되는 데이터베이스를 통합적으로 테스트 환경을 제공함에 따라 테스트 과정에서의 인력과 비용의 문제를 해결하고, 데이터베이스의 장단점을 파악하는 기준을 제공하여 품질 향상에 도움이 될 것이다.

• Journal of the Korean Society of Surveying, Geodesy, Photogrammetry and Cartography
• /
• v.14 no.2
• /
• pp.219-228
• /
• 1996

The list of the titles of surveying-related papers and books is updated by adding newly polished paper/book titles to the existing one. A special title-search program is developed for managing and searching the surveying-re-lated paper/book titles, and the database is established from the list of the papers. The total number of papers/books in surveying-related field published in Korea upto now is 971. The number of papers/books published in the specific fields are 206 in the conventional surveying field, 218 in Photogrammetry, 183 in Remote Sensing, 127 in Geodesy and GPS, and 237 in Digital Mapping and GIS. The special title-search program is developed using the Visual Basic 3.0 for Windows 3.1 to be operated in the Window environment. The SQL(Structured Query Language) is used for the searching commands.

• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.689-702
• /
• 2017

The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

• Journal of The Korean Astronomical Society
• /
• v.47 no.3
• /
• pp.115-122
• /
• 2014

The New Vacuum Solar Telescope (NVST) is a 1-meter vacuum solar telescope that aims to observe the fine structures of active regions on the Sun. The main tasks of the NVST are high resolution imaging and spectral observations, including the measurements of the solar magnetic field. The NVST has been collecting more than 20 million FITS files since it began routine observations in 2012 and produces maximum observational records of 120 thousand files in a day. Given the large amount of files, the effective archiving and retrieval of files becomes a critical and urgent problem. In this study, we implement a new data archiving system for the NVST based on the Fastbit Not Only Structured Query Language (NoSQL) database. Comparing to the relational database (i.e., MySQL; My Structured Query Language), the Fastbit database manifests distinctive advantages on indexing and querying performance. In a large scale database of 40 million records, the multi-field combined query response time of Fastbit database is about 15 times faster and fully meets the requirements of the NVST. Our slestudy brings a new idea for massive astronomical data archiving and would contribute to the design of data management systems for other astronomical telescopes.