• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.615-625
• /
• 2015

This paper proposes new methods and examples for improving fraud detection rules based on banking customer's transaction behaviors focused on anomaly detection method. This study investigates real example that FDS(Fraud Detection System) regards fraudulent transaction as legitimate transaction and figures out fraudulent types and transaction patterns. To understanding the cases that FDS regard legitimate transaction as fraudulent transaction, it investigates all transactions that requied additional authentications or outbound call. We infered additional facts to refine detection rules in progress of outbound calling and applied to existing detection rules to improve. The main results of this study is the following: (a) Type I error is decreased (b) Type II errors are also decreased. The major contribution of this paper is the improvement of effectiveness in detecting fraudulent transaction using transaction behaviors and providing a continuous method that elevate fraud detection rules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1179-1189
• /
• 2012

We propose an improvement on the Guideline of Secure Software Development for Korea e-Government that is under revision by the Ministry of Public Administration and Security in 2012. We adopted a rule-oriented organization instead shifting from the current weakness-oriented one. The correspondence between the weakness and coding rules is identified. Also, added is the coverage of diagnostic tools over the rules to facilitate the usage by programmers during coding period When the proposed guideline is applied to secure software development, the weakness would be controlled indirectly by enforcing coding rules. Programmers responsibility would be limited to the compliance of the rules, while the current version implies that it is programmers responsibility to guarantee being free from the weakness, which is hard to achieve at reasonable cost.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.10
• /
• pp.831-840
• /
• 2013

Recently, to enhance the security of software, static analysis tools for removing weaknesses, the cause of vulnerability, have been used a lot in the software development stage. Therefore, the tools need to have the rules being able to diagnose various weaknesses. Top 5 weaknesses found in the software developed by major domestic information projects from 2011 to 2012 is 76% of top 10 weaknesses per year. Software security can be improved a lot if top 5 weaknesses just are removed properly in software development. In this paper, we propose the PMD's rules for diagnosing the major weaknesses and present the results of its performance test.

• Journal of Families and Better Life
• /
• v.31 no.6
• /
• pp.39-51
• /
• 2013

Because of the increasing demand for day care centers, The Korean government has enforced childcare accreditation. The government has created the evaluation certification system for child care facilities. But the system includes variable items, and the physical rules are not sufficient for ensuring security and quality amenities. So this study, through literature search, examined the rules of Child Care Centers in the U.S. and compared them with those in Korea focusing on the provision of security and amenities. The standards found in 4 U.S. states were investigated, and the results are as follows. The rule pertaining to the size of indoor activity spaces in C.C.C. allows the spaces to be smaller in Korea than in the U.S. There is no specific criterion for infants and toddlers in our standard. When comparing the standards of Korea with those of the United States, Korea's standards do not state specific rules about child care facilities such as indoor furniture, finishes and space planning. Additionally, the binding force ensuring compliance with the standards of physical facilities is weak. Thus, the ratings of child care standards for the physical environment should be presented in detail. And if a center does not comply with the criteria, stronger penalties will have to be imposed.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.9-19
• /
• 2019

Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.101-110
• /
• 2011

Recently, an attack to an application incapacitates the intrusion detection rule, the defense policy for a network and database and induces intrusion incidents. Thus, it is necessary to study integration security to ensure the security of an internal network and database from that attack. This article is about building an integration security system to prevent an attack to an application set with intrusion detection rules. It responds to network-based attack through detection, disperses attack with the internal integration security system through virtual clustering and load balancing, and sets up defense policy for attacking destination packets, analyzes and records attack packets, and updates rules through monitoring and analysis. Moreover, this study establishes defense policy according to attacking types to settle access traffic through virtual machine partition policy and suggests an integration security system applied to prevent attack and tests its defense. The result of this study is expected to provide practical data for integration security defense for hacking attack from outside.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.91-105
• /
• 2010

With the release Apple's iPhone, smartphone is enjoying a tremendous popularity. Security experts pointed the smartphone security risks and KCC(Korea Communications Commission) published safety rules for smartphone users. In this paper we surveyed market and product trends of smartphone and analyzed the security technology of smartphoen OS including Symbian, iPhone OS, Windows Mobile and Android.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.655-659
• /
• 2003

시스템의 안전성을 평가하기 위해 안전성 문제 해결 도구인 SPR［1］을 이용하여 보안 모델을 프롤로그 기반의 명세 언어인 SPSL로 기술하여 안전성을 검증한다. 보안 모델은 시스템의 3가지 컴포넌트, 시스템 보안 상태(system security states), 접근 통제 규칙(access control rules), 그리고 보안 기준(security criteria)으로 구성된다. 본 논문에서는 보안 모델의 보안 기준에 NTFS의 다중 사용 권한을 적용하여 명세하고 안전성 문제 해결방법을 제시하고자 한다.

• Proceedings of the KIEE Conference
• /
• 2005.11b
• /
• pp.362-364
• /
• 2005

In abroad, thousands of generator testing were accomplished because of importance about generator stability parameters. But it was introduced TWBP and processing in Korea. In addition to, related rules of generator testing had been weaken. Without guidelines, practical uses are much limited. So, it studied compliance life cycle about generator facility parameters for stability analysis. This paper presents security scheme and working rules using generator testing and disturbance recordings, considering domestic circumstance.

• Electronics and Telecommunications Trends
• /
• v.37 no.5
• /
• pp.1-10
• /
• 2022

Digital trade rules are crucial in supporting the digital economy as the rules effectively reduce unnecessary trade barriers. This study introduces various approaches that major countries take regarding digital trade policies and rules. Comprehensive and Progressive Agreement for Trans-Pacific Partnership has introduced comprehensive rules on e-commerce, including binding articles on the free flow of information, location of computing facilities, and source code. More recent e-commerce provisions or digital trade agreements cover wider range of issues, from cyber security, artificial intelligence, and data innovation to electronic invoicing and payments. Multilateral negotiations on digital trade rules, including the World Trade Organization E-commerce Joint Statement Initiatives and Indo-Pacific Economic Framework, are in progress. Thus, countries involved are expected to respond to new digital trade issues with long-term strategies considering domestic policy objectives.