• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.181-192
• /
• 2013

There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.305-325
• /
• 2014

In cloud computing infrastructure, current virtual machine trust measurement methods have many shortcomings in dynamism, security and concurrency. In this paper, we present a new method to measure the trust of virtual machine. Firstly, we propose "behavior trace" to describe the state of virtual machine. Behavior trace is a sequence of behaviors. The measurement of behavior trace is conducted on the basis of anticipated trusted behavior, which not only ensures security of the virtual machine during runtime stage but also reduces complexity of the trust measurement. Based on the behavior trace, we present a Dynamic Tree Style Trust Measurement Model (DTSTM). In this model, the measurement of system domain and user domain is separated, which enhances the extensibility, security and concurrency of the measurement. Finally, based on System Call Interceptor (SCI) and Virtual Machine Introspection (VMI) technology, we implement a DTSTM prototype system for virtual machine trust measurement. Experimental results demonstrate that the system can effectively verify the trust of virtual machine and requires a relatively low performance overhead.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1035-1049
• /
• 2014

This paper presents a new method to detect attack patterns in security-critical systems, based on a new notion of Behavior Ontology. Generally security-critical systems are large and complex, and they are subject to be attacked in every possible way. Therefore it is very complicated to detect various attacks through a semantic structure designed to detect such attacks. This paper handles the complication with Behavior Ontology, where patterns of attacks in the systems are defined as a sequences of actions on the class ontology of the systems. We define the patterns of attacks as sequences of actions, and the attack patterns can then be abstracted in a hierarchical order, forming a lattice, based on the inclusion relations. Once the behavior ontology for the attack patterns is defined, the attacks in the target systems can be detected both semantically and hierarchically in the ontology structure. When compared to other attack models, the behavior ontology analysis proposed in this paper is found to be very effective and efficient in terms of time and space.

• Journal of the Korea Society for Simulation
• /
• v.22 no.2
• /
• pp.33-40
• /
• 2013

This paper explores a border security system based on agent-based modeling and simulation (ABMS). The ABMS software platform, map aware non-uniform automata, is used to model various scenarios and evaluate the border security system given a set of infiltrators who have evolutionary behavior governed by genetic algorithm (GA). we formulated an optimization model and approximately solved it using a GA in order to capture near optimal behavior of an infiltrating force. The results presented give two significant insights for our border security system in that optimizing the infiltrator's behavior can make a significant difference and the quantitative results regarding the infiltrator's avoidance of each asset can be viewed as capturing their relative importance.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.109-115
• /
• 2013

Security threats through e-mail service, a representative tool to convey information on the internet, are on the sharp rise. The security threats are made in the path where malicious codes are inserted into documents files attached and infect users' systems by taking advantage of the weak points of relevant application programs. Therefore, to block infection of camouflaged malicious codes in the course of file transfer, this work proposed an integrity-checking and behavior-based detection system using File Transfer System (FTS), logical network partition, and conducted a comparison analysis with the conventional security techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1117-1127
• /
• 2017

With the advent of Internet of Things (IoT), the number of devices connected to Internet has rapidly increased, but the security for IoT is still vulnerable. It is difficult to integrate existing security technologies due to generating a large amount of traffic by using different protocols to use various IoT devices according to purposes and to operate in a low power environment. Therefore, in this paper, we propose a normal network behavior profiling method based on big data analysis techniques. The proposed method utilizes a Hadoop/Hive for Big Data analytics and an R for statistical computing. Also we verify the effectiveness of the proposed method through a simulation.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.3-8
• /
• 2022

Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

• Management & Information Systems Review
• /
• v.35 no.1
• /
• pp.207-233
• /
• 2016

Currently mobile messenger industry, based on mobile application, is growing. And it has aroused innovative change, offering services in various forms beyond the form simply sharing messengers. Also because messenger securities are becoming personalized and intelligent, the importance of more diverse mobile applications' securities is increasing. This study carries out the empirical study of the causal relationship that the factors of using application services influence on security recognition and security Intention of mobile securities, and consequentially impact upon protection of personal information of users. In order that, we present the research model which prime variables of SDT, which emphasized on natural immanent motivation of human, applied to. To verify the research model of this study empirically, we conducted a survey targeting the public and university students which have ever used mobile messenger applications. With this, we desire to contribute to emphasizing the significance of individual messenger security and playing a positive role to develop security guide for consumers. The path analysis results are as follows. First, perceived autonomy has a positive effect on both security awareness and security intention. Second, perceived competence has a positive effect on security intention. Third, perceived relatedness has a positive effect on both security awareness and security intention. Last, security awareness and security intention. have a positive effect on privacy protection behavior. Through emphasizing the importance of the security of the messenger of individuals and contribute to a positive role for development of the necessary security guidelines to consumers.

• Journal of Digital Contents Society
• /
• v.19 no.1
• /
• pp.93-102
• /
• 2018

This study aims to present policy implications by analyzing information security behavior factors of internet users. The research model, based on PMT and UTAUT2, consists of perceived threat, severity, social influence, self-efficacy, experience and habits, PC and privacy behaviors, security behaviors on new services and set demographic characteristics, use places of internet, use of paid products, and experiences of accident as moderate variables to analyze the effect on security behavior. The results showed that perceived severity, self-efficacy significantly influenced on experience and habits, and experience and habits and self-efficacy had a high influence on PC and privacy behavior. Also, PC and privacy behaviors have a high impact on security behavior of new services. Age, income, use of paid products, and experience of accidents have a moderating effects on security behaviors. The results of this study are expected to help policy decision making to improve the level of information security of internet users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.187-198
• /
• 2018

Recently, financial transactions and electronic commerce in cyberspace are being performed more quickly and conveniently, with the development in diverse types of fintech and biometric authentication. But user authentication using passwords still occupies a big proportion even in these new services. therefore, safe creation and management of passwords is fundamental and indispensable to protect personal information and asset. This study examined the patterns of password usage by conducting a survey and analyzed factors influencing password security behavior intentions using the heath belief model. As a result, perceived susceptibility, perceived severity, perceived benefits, and perceived barriers significantly affected security behavior intentions, and especially, perceived severity had a moderating effect in other factors.