• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제21권11호
• /
• pp.721-726
• /
• 2015

이 논문은 PHP 프로그램의 시큐어 코딩 규칙을 보이고 있다. 이 코딩 규칙들은 PHP와 관련된 28개 보안약점의 발생을 억제하기 위하여 프로그램 개발 단계에서 준수하도록 규정한 것이다. 28개 보안약점은 CVE에 보고된 실제 취약점 사례에서 분류된 22개 보안약점과 PHP 언어로 작성된 프로그램의 보안약점(CWE-661)의 하위 보안약점들, OWASP의 PHP Top5 보안약점들에서 선별하였다. 이를 기반으로 하여 14개 시큐어 코딩 규칙 범주에 걸쳐 28개 세부규칙을 개발하였다. 이 논문은 또한 적용 사례를 통해 규칙 적용이 보안약점 억제 효과가 있음을 보이고 있다. 개발된 규칙은 PHP 프로그램의 보안 목적의 분석 도구 개발의 기준으로 활용될 수 있다.

• 정보학연구
• /
• 제3권3호
• /
• pp.27-37
• /
• 2000

정보보호 제품의 신뢰성 보증에 대한 평가 기준은 통일을 가져왔지만 국가별 평가 방법 등의 객관성 확보는 모호한 부분이 있다. 즉, 정보보호 제품의 취약성 평가에는 평가의 범위, 깊이, 시험 등에 적용하는 도구와 시나리오, 그리고 평가자 등이 있으나 이러한 요소들에 따라 평가 결과가 달라질 수 있으므로 평가의 공정성, 객관성 확보에 어려움이 있다. 따라서 본 논문은 정보보호 제품 보안 취약성 평가의 공정성, 객관성, 그리고 효율성을 보증할 수 있는 정보보호 제품 보안 취약성 평가 방법을 제안하고, 평가 수행을 자동화 할 수 있는 시스템(TSVES)을 설계 구현하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권10호
• /
• pp.4204-4222
• /
• 2015

Cloud is the latest buzz word in the internet community among developers, consumers and security researchers. There have been many attacks on the cloud in the recent past where the services got interrupted and consumer privacy has been compromised. Denial of Service (DoS) attacks effect the service availability to the genuine user. Customers are paying to use the cloud, so enhancing the availability of services is a paramount task for the service provider. In the presence of DoS attacks, the availability is reduced drastically. Such attacks must be detected and prevented as early as possible and the power of computational approaches can be used to do so. In the literature, machine learning techniques have been used to detect the presence of attacks. In this paper, a novel approach is proposed, where intelligent rule based feature selection and classification are performed for DoS attack detection in the cloud. The performance of the proposed system has been evaluated on an experimental cloud set up with real time DoS tools. It was observed that the proposed system achieved an accuracy of 98.46% on the experimental data for 10,000 instances with 10 fold cross-validation. By using this methodology, the service providers will be able to provide a more secure cloud environment to the customers.

• 한국멀티미디어학회논문지
• /
• 제19권8호
• /
• pp.1377-1385
• /
• 2016

Conventional X-band marine radar has been used as one of the effective tools for collecting and retrieving ocean surface information parameters for three decades. Several wave information extracting algorithms have been designed in such a way that they can be utilized for efficiently estimating sea surface wave parameters such as current velocities, wave direction, significant wave heights in VTS (Vessel Traffic Service). However, their performances are still restricted. For the purpose of overcoming the performance limits, in this paper, first the conventional algorithms are analyzed and their performances are compared, and then a new control algorithm is proposed. Furthermore, we try to improve the estimation performances of typical wave parameters including wave directions and significant wave heights by introducing linear regression model in the process of computing wave information extraction. Through several simulations with the X-band radar images, it is shown that the proposed method is very effective in estimating the wave information compared to the real measured buoy data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권7호
• /
• pp.3756-3777
• /
• 2019

Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.

• 스마트미디어저널
• /
• 제8권2호
• /
• pp.94-98
• /
• 2019

본 논문에서는 관리자가 자신이 소유하고 있는 IoT 시스템을 관리할 수 있도록 하는 도구를 개발한다. 장비 에이전트는 오픈소스 블록체인 프레임워크 기반으로 구성해 데이터의 불변성을 보장하고, 장비에 연결된 AP에 대한 추적성을 확보하여 자산에 대한 위치를 파악할 수 있다. 관리자는 블록체인 장부에서 장비의 연결 내역을 추적할 수 있다. 추가로 네트워크 형성 과정 중 발생하는 ARP 프로토콜의 ARP 추가 요청에 대한 신뢰를 없애 ARP poisoning 공격을 방지할 수 있는 가능성에 대해 연구한다.

• 인터넷정보학회논문지
• /
• 제20권2호
• /
• pp.69-76
• /
• 2019

Recent Enterprise System has component driven real-time distributed architecture (RDA) and this kind of architecture should performed with satisfying strict constraints on life cycle of object and response time such as synchronization, transaction and so on. Microsoft's .NET platform supports RDA and is able to implement services including before mentioned time restriction and security service by only specifying attribute code and maximizing advantages of OMG's Model Driven Architecture (MDA). In this study, a method to automatically generate an extended model of essential elements in an enterprise-system-based RDA as well as the platform specific model (PSM) for Microsoft's .NET platform are proposed. To realize these ideas, the functionalities that should be considered in enterprise system development are specified and defined in a meta-model and an extended UML profile. In addition, after defining the UML profile for .NET specification, these are developed and applied as plug-ins of the open source MDA tool, and extended models are automatically generated using this tool. Accordingly, by using the proposed specification technology, the profile and tools can easily and quickly generate a reusable extended model even without detailed coding-level information about the functionalities considered in the .NET platform and RDA.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제11권4호
• /
• pp.119-126
• /
• 2022

본 연구는 폐쇄망에서 효율적이고 안전하게 패키지 관리 시스템을 사용하기 위해서 고려해야 할 할 중요 요소들과 그 방법론 들을 제시하는 것을 목적으로 한다. 관련 선행 연구의 분석을 통해 기존 패키지 관리에서 보안성을 위해 고려해야 할 사항들을 살펴보고, 이를 바탕으로 폐쇄망이라는 특수한 상황에서 고려해야 할 세부 방법들을 제안한다. 구체적으로, 새로운 패키지 관리 도구의 개발, 물리적 저장매체 활용, 로컬 백업 저장소 활용, 패키지 업데이트 및 다운그레이드 일괄 처리의 방법을 제안한다.

• 한국인공지능학회지
• /
• 제11권1호
• /
• pp.9-15
• /
• 2023

As mobile devices such as smartphones, tablets, and kiosks become increasingly prevalent, there is growing interest in developing alternative input systems in addition to traditional tools such as keyboards and mouses. Many people use their own bodies as a pointer to enter simple information on a mobile device. However, methods using the body have limitations due to psychological factors that make the contact method unstable, especially during a pandemic, and the risk of shoulder surfing attacks. To overcome these limitations, we propose a simple information input system that utilizes gaze-tracking technology to input passwords and control web surfing using only non-contact gaze. Our proposed system is designed to recognize information input when the user stares at a specific location on the screen in real-time, using intelligent gaze-tracking technology. We present an analysis of the relationship between the gaze input box, gaze time, and average input time, and report experimental results on the effects of varying the size of the gaze input box and gaze time required to achieve 100% accuracy in inputting information. Through this paper, we demonstrate the effectiveness of our system in mitigating the challenges of contact-based input methods, and providing a non-contact alternative that is both secure and convenient.

• Coupled systems mechanics
• /
• 제12권2호
• /
• pp.167-181
• /
• 2023

The determination of the blast protection level and the corresponding minimum load-bearing capacity for a laminated glass (LG) window is of crucial importance for safety and security design purposes. In this paper, the focus is given to the window response under near-field blast loading, i.e., where relatively small explosives would be activated close to the target, representative of attack scenarios using small commercial drones. In general, the assessment of the load-bearing capacity of a window is based on complex and expensive experiments, which can be conducted for a small number of configurations. On the other hand, nowadays, validated numerical simulations tools based on the Finite Element Method (FEM) are available to partially substitute the physical tests for the assessment of the performance of various LG systems, especially for the far-field blast loading. However, very little literature is available on the LG window performance under near-field blast loads, which differs from far-field situations in two points: i) the duration of the load is very short, since the blast wavelength tends to increase with the distance and ii) the load distribution is not uniform over the window surface, as opposed to the almost plane wave configuration for far-field configurations. Therefore, the current study focuses on the performance assessment and structural behaviour of LG windows under near-field blasts. Typical behavioural trends are investigated, by taking into account possible relevant damage mechanisms in the LG window components, while size effects for target LG windows are also addressed under a multitude of blast loading configurations.