• The KIPS Transactions:PartA
• /
• v.18A no.5
• /
• pp.193-204
• /
• 2011

Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

• Journal of Intelligence and Information Systems
• /
• v.25 no.2
• /
• pp.77-97
• /
• 2019

The large amount of data that emerges from the initial connection environment of the Fourth Industrial Revolution is a major factor that distinguishes the Fourth Industrial Revolution from the existing production environment. This environment has two-sided features that allow it to produce data while using it. And the data produced so produces another value. Due to the massive scale of data, future information systems need to process more data in terms of quantities than existing information systems. In addition, in terms of quality, only a large amount of data, Ability is required. In a small-scale information system, it is possible for a person to accurately understand the system and obtain the necessary information, but in a variety of complex systems where it is difficult to understand the system accurately, it becomes increasingly difficult to acquire the desired information. In other words, more accurate processing of large amounts of data has become a basic condition for future information systems. This problem related to the efficient performance of the information system can be solved by building a semantic web which enables various information processing by expressing the collected data as an ontology that can be understood by not only people but also computers. For example, as in most other organizations, IT has been introduced in the military, and most of the work has been done through information systems. Currently, most of the work is done through information systems. As existing systems contain increasingly large amounts of data, efforts are needed to make the system easier to use through its data utilization. An ontology-based system has a large data semantic network through connection with other systems, and has a wide range of databases that can be utilized, and has the advantage of searching more precisely and quickly through relationships between predefined concepts. In this paper, we propose a defense ontology as a method for effective data management and decision support. In order to judge the applicability and effectiveness of the actual system, we reconstructed the existing air force munitions situation management system as an ontology based system. It is a system constructed to strengthen management and control of logistics situation of commanders and practitioners by providing real - time information on maintenance and distribution situation as it becomes difficult to use complicated logistics information system with large amount of data. Although it is a method to take pre-specified necessary information from the existing logistics system and display it as a web page, it is also difficult to confirm this system except for a few specified items in advance, and it is also time-consuming to extend the additional function if necessary And it is a system composed of category type without search function. Therefore, it has a disadvantage that it can be easily utilized only when the system is well known as in the existing system. The ontology-based logistics situation management system is designed to provide the intuitive visualization of the complex information of the existing logistics information system through the ontology. In order to construct the logistics situation management system through the ontology, And the useful functions such as performance - based logistics support contract management and component dictionary are further identified and included in the ontology. In order to confirm whether the constructed ontology can be used for decision support, it is necessary to implement a meaningful analysis function such as calculation of the utilization rate of the aircraft, inquiry about performance-based military contract. Especially, in contrast to building ontology database in ontology study in the past, in this study, time series data which change value according to time such as the state of aircraft by date are constructed by ontology, and through the constructed ontology, It is confirmed that it is possible to calculate the utilization rate based on various criteria as well as the computable utilization rate. In addition, the data related to performance-based logistics contracts introduced as a new maintenance method of aircraft and other munitions can be inquired into various contents, and it is easy to calculate performance indexes used in performance-based logistics contract through reasoning and functions. Of course, we propose a new performance index that complements the limitations of the currently applied performance indicators, and calculate it through the ontology, confirming the possibility of using the constructed ontology. Finally, it is possible to calculate the failure rate or reliability of each component, including MTBF data of the selected fault-tolerant item based on the actual part consumption performance. The reliability of the mission and the reliability of the system are calculated. In order to confirm the usability of the constructed ontology-based logistics situation management system, the proposed system through the Technology Acceptance Model (TAM), which is a representative model for measuring the acceptability of the technology, is more useful and convenient than the existing system.

• Journal of Technology Innovation
• /
• v.21 no.1
• /
• pp.279-301
• /
• 2013

This study demonstrates how social network analysis can be used for identifying potential buyers in technology marketing; in such, the methodology and empirical results are proposed. First of all, we derived the three most important 'seed' keywords from 'technology description' sections. The technologies are generated by various types of R&D activities organized by South Korea's public research institutes in the fundamental science fields. Second, some 3, 000 words were collected from websites related to the three 'seed' keywords. Next, three network matrices (i.e., one matrix per seed keyword) were constructed. To explore the technology network structure, each network is analyzed by degree centrality and Euclidean distance. The network analysis suggests 100 potentially demanding companies and identifies seven common companies after comparing results derived from each network. The usefulness of the result is verified by investigating the business area of the firm's homepages. Finally, five out of seven firms were proven to have strong relevance to the target technology. In terms of social network analysis, this study expands its application scope of methodology by combining semantic network analysis and the technology marketing method. From a practical perspective, the empirical study suggests the illustrative framework for exploiting prospective demanding companies on the web, raising possibilities of technology commercialization in the basic research fields. Future research is planned to examine how the efficiency of process and accuracy of result is increased.

• Journal of Software Engineering Society
• /
• v.23 no.4
• /
• pp.151-163
• /
• 2010

In the defense software domain where large-scale software products in various application areas need to be built, reusing software is regarded as one of the important practices to build software products efficiently and economically. There have been many efforts to apply various methods to support software reuse in the defense software domain. However, developers in the defense software domain still experience many difficulties and face obstacles in reusing software assets. In this paper, we analyze practical problems of software reuse in the defense software domain, and define core requirements to solve those problems. To meet these requirements, we are currently developing the Component Grid system, a reuse-support system that provides a developer-centric software reuse environment. We have designed an architecture of Component Grid, and defined essential elements of the architecture. We have also developed the core approaches for developing the Component Grid system: a semantic-tagging-based requirement tracing method, a reuse-knowledge representation model, a social-network-based asset search method, a web-based asset management environment, and a wiki-based collaborative and participative knowledge construction and refinement method. We expect that the Component Grid system will contribute to increase the reusability of software assets in the defense software domain by providing the environment that supports transparent and efficient sharing and reuse of software assets.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.6 s.38
• /
• pp.219-226
• /
• 2005

This paper describes the open API with integration of semantic web service with PARLAY X based open API in 4G mobile network. It can be expected that the intelligence such as the context-awareness, adaptation and personalization in 4G mobile network will be deployed. But the existing PARLAY based network lacks in considering context-awareness, adaptation and personalization. Therefore, the object of this paper is to support the architecture and the Application Programming Interface (API) of the network service for the context-awareness, adaptation and Personalization in 4G mobile network The open API is to provide users with the adaptive network service to the changing context constraints as well as detecting the changing context and user's Preference. For instance, the open API can Provide users with QoS in network according to the detected context and user's preference, after detecting the context such as location and speed and user's preference.

• Journal of Information Management
• /
• v.41 no.2
• /
• pp.31-46
• /
• 2010

Now named-entity recognition(NER) as a part of information extraction has been used in the fields of information retrieval as well as question-answering systems. Unlike words, named-entities(NEs) are generated and changed steadily in documents on the Web, newspapers, and so on. The NE generation causes an unknown word problem and makes many application systems with NER difficult. In order to alleviate this problem, this paper proposes a new feature generation method for machine learning-based NER. In general features in machine learning-based NER are related with words, but entities in named-entity dictionaries are related to phrases. So the entities are not able to be directly used as features of the NER systems. This paper proposes an encoding scheme as a feature generation method which converts phrase entities into features of word units. Futhermore, due to this scheme, entities with semantic information in WordNet can be converted into features of the NER systems. Through our experiments we have shown that the performance is increased by about 6% of F1 score and the errors is reduced by about 38%.

• Journal of KIISE:Databases
• /
• v.35 no.2
• /
• pp.112-124
• /
• 2008

RDF and OWL are the primary base technologies for implementing Semantic Web. Recently, many researches related with them, or applying them into the other application domains, have been introduced. However, relatively little work has been done for securing the RDF and OWL data. In this article, we briefly introduce an RDF triple based model for specifying RDF access authorization related with RDF security. Next, to efficiently find the authorization conflict by RDF inference, we introduce a method using prime number graph labeling in detail. The problem of authorization conflict by RDF inference is that although the lower concept is permitted to be accessed, it can be inaccessible due to the disapproval for the upper concept. Because by the RDF inference, the lower concept can be interpreted into the upper concept. Some experimental results show that the proposed method using the prime number graph labeling has better performance than the existing simple method for the detection of the authorization conflict.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.3
• /
• pp.282-291
• /
• 2004

There has been many researches in TopicMap and RDF which are approach to handle data efficiently with metadata. However, No researches has been performed to service and implement except for presentation and description. In this paper, We suggest the caching mechanism to support an efficient access of knowledgemap and practical knowledgemap service with implementation of TopicMap system. First, We propose a method to navigate Knowledgemap efficiently that includes advantage of former methods. Then, To transmit TopicMap efficiently, We suggest caching mechanism for knowledgemap. This method is that user will be able to navigate knowledgemap efficiently in the viewpoint of human, not application. Therefor the mechanism doesn't cash topics by logical or physical locality but clustering by information and characteristic value of TopicMap. Lastly, we suggest replace mechanism by using graph structure of TopicMap for efficiency of transmission.

• Annual Conference on Human and Language Technology
• /
• 2006.10e
• /
• pp.189-196
• /
• 2006

본 논문은 시맨틱 웹 응용 서비스를 구현함에 있어 필수적으로 요구되는 온톨로지 인스턴스 구축을 효율적으로 처리하는 데 있어 텍스트 처리 기술이 어떤 역할을 수행할 수 있는 가를 $OntoFrame-K^{(R)}$라는 시맨틱 웹 기반 정보 유통 체계에의 적용 사례를 통해 살펴본다. 본 논문에서 소개하는 텍스트 처리 기술은 개체 확인물 통한 개념 사례화, 주제 분야 할당을 통한 메타데이터 확장에, 그리고 인용 정보 추출 및 인용 관계 구축을 통한 객체 관계속성 구축에 적용된다. 개체 확인에서는 메타데이터 비교 잊 병합을 사용하였으며 이를 기반으로 한 수작업 구축을 통해 8,543명의 인력 URI를 확보하였다. 주제 및 분야 할당에서는 색인어와 분야분류명이 매핑된 시소러스 개념어의 매칭을 통해 색인어 별 TF (Term Frequency), 색인어와 매칭된 개념어 별 TF, 색인어와 매칭된 개념어 별 시소러스에서의 깊이, 색인어와 매칭된 개념어 별 개념 패싯, 색인어와 매칭된 각 개념어에 부착된 분야분류명 목록 등 할당을 위한 다양한 자질을 확보 적용하였다. 인용 정보 추출과 인용 관계 구축에서는 객체 URI와 인력 URI를 기반으로 하여 자동 추출된 인용 정보를 반영하는 방식으로 7,237개 문헌으로부터 총 135개의 인용 네트워크 그룹을 자동으로 확보하였다. 본 연구를 통해 제시된 텍스트 처리 기술의 활용 방안이 향후 시맨틱 웹 응용 서비스 및 인프라 구현에서 다각적으로 활용될 수 있기를 기대한다.

• Journal of KIISE:Databases
• /
• v.29 no.2
• /
• pp.110-118
• /
• 2002

This paper presents a 3-D graphic database system based on XML that supports content-based retrievals of 3-D images, Most of graphics application systems are currently centered around the processing of 2-D images and research works on 3-D graphics are mainly concerned about the visualization aspects of 3-D image. They do not support the semantic modeling of 3-D objects and their spatial relations. In our data model, 3-D images are represented as compositions of 3-D graphic objects with associated spatial relations. Complex 3-D objects are mode]ed using a set of primitive 3-D objects rather than the lines and polygons that are found in traditional graphic systems. This model supports content-based retrievals of scenes containing a particular object or those satisfying certain spatial relations among the objects contained in them. 3-D images are stored in the database as XML documents using 3DGML DTD that are developed for modeling 3-D graphic data. Finally, this paper describes some examples of query executed in our Web-based prototype database system.