• Proceedings of the Korean Society of Soil and Groundwater Environment Conference
• /
• 2005.04a
• /
• pp.304-307
• /
• 2005

A numerical modelling method using a backward-in-time advection dispersion equation is introduced in assessing the vulnerability of groundwater to contaminants as an alternative to classical vulnerability mapping methods. The flux and resident concentration measurements are normalized by the total contaminants mass released to the system to provide the travel time probability density function and the location probability function. With the results one can predict the expected travel time of a contaminant from up stream location to a well and also the relative concentration of the contaminant at a well. More specific groundwater vulnerability can be mapped by these predicted measurements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.557-564
• /
• 2019

As the number and type of software increases, those security vulnerabilities are also increasing. Various types of software may have multiple vulnerabilities and those vulnerabilities as they can cause irrecoverable significant damage must be detected and deleted quickly. Various studies have been carried out to detect the vulnerability of the current software, but it is slow, and prediction accuracy is low. Therefore, in this paper, we describe a method to efficiently predict software vulnerability by using neural network algorithm and compare prediction accuracy with conventional system using machine learning algorithm. As a result of the experiment, the prediction system proposed in this paper showed the highest prediction rate.

• Journal of the Society of Naval Architects of Korea
• /
• v.49 no.3
• /
• pp.254-263
• /
• 2012

The survivability of warship is assessed by susceptibility, vulnerability and recoverability. Essentially, a vulnerability assessment is a measure of the effectiveness of a warship to resist hostile weapon effects. Considering the shot line and its penetration effect on the warship, present study introduces the procedural aspects of vulnerability assessments of warship. Present study also considers the prediction of penetration damage to a target caused by the impact of projectiles. It reflects the interaction between the weapon and the target from a perspective of vulnerable area method and COVART model. The shotline and tracing calculation have been directly integrated into the vulnerability assessment method based on the penetration equation empirically obtained. A simplified geometric description of the desired target and specification of a threat type is incorporated with the penetration effect. This study describes how to expand the vulnerable area assessment method to the penetration effect. Finally, an example shows that the proposed method can provide the vulnerability parameters of the warship or its component under threat being hit through tracing the shotline path thereby enabling the vulnerability calculation. In addition, the proposed procedure enabling the calculation of the component's multi-hit vulnerability introduces a propulsion system in dealing with redundant Non-overlapping components.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.39-46
• /
• 2011

Smart environment of health information technology, u-Healthcare architecture, ad-hoc networking and wireless communications environment are major factors that increase vulnerability of u-healthcare information systems. Traffic domain is the concept of network route that identifies the u-Healthcare information systems area as the traffic passing and security technologies application. The criterion of division is an area requiring the application of security technology. u-Healthcare information system domains are derived from the intranet section. the public switched network infrastructure, and networking sectors. Domains of health information systems are separated by domain vulnerability reason. In this study, domain-specific security vulnerability assessment system based on the USN in u-Healthcare system is derived. The model used in this study suggests how to establish more effective measurement USN-based health information network security vulnerability which has been vague until now.

• Journal of Korean Society for Atmospheric Environment
• /
• v.28 no.1
• /
• pp.22-38
• /
• 2012

Adaptation of climate change is necessary to avoid unexpected impacts of climate change caused by human activities. Vulnerability refers to the degree to which system cannot cope with impacts of climate change, encompassing physical, social and economic aspects. Therefore the quantification of climate change impacts and its vulnerability is needed to identify vulnerable regions and to setup the proper strategies for adaptation. In this study, climate change vulnerability is defined as a function of climate exposure, sensitivity, and adaptive capacity. Also, we identified regions vulnerable to ozone due to climate change in Korea using developed proxy variables of vulnerability of regional level. 18 proxy variables are selected through delphi survey to assess vulnerability over human health sector for ozone concentration change due to climate change. Also, we estimate the weighting score of proxy variables from delphi survey. The results showed that the local regions with higher vulnerability index in the sector of human health are Seoul and Daegu, whereas regions with lower one are Jeollanam-do, Gyeonggi-do, Gwangju, Busan, Daejeon, and Gangwon-do. The regions of high level vulnerability are mainly caused by their high ozone exposure. We also assessed future vulnerability according to the Intergovernmental Panel on Climate Change (IPCC) Special Report on Emissions Scenarios (SRES) A2, A1FI, A1T, A1B, B2, and B1 scenarios in 2020s, 2050s and 2100s. The results showed that vulnerability increased in all scenarios due to increased ozone concentrations. Especially vulnerability index is increased by approximately 2 times in A1FI scenarios in the 2020s. This study could support regionally adjusted adaptation polices and the quantitative background of policy priority as providing the information on the regional vulnerability of ozone due to climate change in Korea.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.863-871
• /
• 2018

Existing vulnerability analysis tools are prone to missed detections, incorrect detections, and over-detection, which reduces accuracy. In this paper, cross-checking based on a vulnerability detection method using static and dynamic analysis is proposed, which develops and manages safe applications and can resolve and analyze these problems. Risks due to vulnerabilities are computed, and an intelligent vulnerability detection technique is used to improve accuracy and evaluate risks under the final version of the application. This helps the development and execution of safe applications. Through incorporation of tools that use static analysis and dynamic analysis techniques, our proposed technique overcomes weak points at each stage, and improves the accuracy of vulnerability detection. Existing vulnerability risk-evaluation systems only evaluate self-risks, whereas our proposed vulnerability risk-evaluation system reflects the vulnerability of self-risk and the detection accuracy in a complex fashion to evaluate relative. Our proposed technique compares and analyzes existing analysis tools, such as lists for detections and detection accuracy based on the top 10 items of SANS at CWE. Quantitative evaluation systems for existing vulnerability risks and the proposed application's vulnerability risks are compared and analyzed. We developed a prototype analysis tool using our technique to test the application's vulnerability detection ability, and to show that our proposed technique is superior to existing ones.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.61-67
• /
• 2012

Accordingly the number of smart-phone-based malicious codes is also increasing and their techniques for malicio us purpose are getting more clever and evolved. Among them, the malicious codes related to Android take the major portion and it can be estimated that they are based on open source so that the access to the system is easy. Intent is a technique to support the communication between application's components by transmitting message subjects in Android. Intent provides convenience to developers, but it can be utilized as security vulnerability that allows the developer with a malicious purpose to control the system as intended. The vulnerability of intent security is that personal information can be accessed using discretionally its proper function given to application and smart phone's functions can be maliciously controlled. This paper improves with the Intent security vulnerability caused by the smart phone users' discretional use of custom kernel. Lastly, it verifies the malicious behaviors in the process of installing an application and suggests a technique to watch the Intent security vulnerability in realtime after its installation.

• Journal of Information Technology Services
• /
• v.21 no.5
• /
• pp.65-79
• /
• 2022

The smart factory has spread to small and mid-size enterprises (SMEs) under the leadership of the government. Smart factory consists of a work area, an operation management area, and an industrial control system (ICS) area. However, each site is combined with the IT system for reasons such as the convenience of work. As a result, various breaches could occur due to the weakness of the IT system. This study seeks to discover the items and vulnerabilities that SMEs who have difficulties in information security due to technology limitations, human resources, and budget should first diagnose and check. First, to compare the existing domestic and foreign smart factory vulnerability classification systems and improve the current classification system, the latest smart factory vulnerability information is collected from NVD, CISA, and OWASP. Then, significant keywords are extracted from pre-processing, co-occurrence network analysis is performed, and the relationship between each keyword and vulnerability is discovered. Finally, the improvement points of the classification system are derived by mapping it to the existing classification system. Therefore, configuration and maintenance, communication and network, and software development were the items to be diagnosed and checked first, and vulnerabilities were denial of service (DoS), lack of integrity checking for communications, inadequate authentication, privileges, and access control in software in descending order of importance.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.15-27
• /
• 2019

In the past, the control system was a closed network that was not connected to the external network. However, in recent years, many cases have been opened to the outside for the convenience of management. Are connected to the Internet, and the number of operating control systems is increasing. As a result, it is obvious that hackers are able to make various attack attempts targeting the control system due to external open, and they are exposed to various security threats and are targeted for attack. Industrial control systems that are open to the outside have most of the remote management ports for web services or remote management, and the expansion of web services through web programs inherits the common web vulnerability as the control system is no exception. In this study, we classify and compare existing web vulnerability items in order to derive the most commonly tried web hacking attacks against control system from the attacker's point of view. I tried to confirm.

• Journal of the Korean Data and Information Science Society
• /
• v.26 no.3
• /
• pp.581-592
• /
• 2015

In the GORRAM, the estimation of resource requirements for wartime equipment is based on the ELCON of the USA. The number of vulnerability groups of ELCON are 22, but unfortunately it is hard to determine how the 22 groups are classified. Thus, in this research we collected 505 types of basic items used in wartime and classified those items into new vulnerability groups using AHP and cluster analysis methods. We selected 11 variables through AHP to classify those items with cluster analysis. Next, we decided the number of vulnerability groups through hierarchical clustering and then we classified 505 types of basic items into the new vulnerability groups through K-means clustering.This paper presents new vulnerability groups of 505 types of basic items fitted to Korean weapon systems. Furthermore, our approach can be applied to a new weapon system which needs to be classified into a vulnerability group. We believe that our approach will provide practitioners in the military with a reliable and rational method for classifying wartime equipment and thus consequentially predict the exact estimation of resource requirements in wartime.