• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.4
• /
• pp.169-176
• /
• 2015

Recently smartphone market is rapidly growing and application market has also grown significantly. Mobile applications have been provided in various forms, such as education, game, SNS, weather and news. And It is distributed through a variety of distribution channels. Malicious applications deployed with malicious objectives are growing as well as applications that can be useful in everyday life well. In this study, Events from a malicious application that is provided by the normal application deployment and Android MalGenome Project through the open market were extracted and analyzed. And using the results, We create a model to determine whether the application is malicious. Finally, model was evaluated using a variety of statistical method.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

• Progress in Medical Physics
• /
• v.27 no.3
• /
• pp.131-138
• /
• 2016

We analyzed the terminology and classification related to the risk management of radiation treatment overseas to establish the terminology and classification system for Korea. This study investigated the terminology and classification for radiotherapy risk management through overseas research materials from related organizations and associations, including the IAEA, WHO, British group, EC, and AAPM. Overseas risk management commonly uses the terms "near miss", "incident", and "adverse event", classified according to the degree of severity. However, several organizations have ambiguous terminologies. They use the term "near miss" for events such as a near event, close call, and good catch; the term "incident" for an event; and the term "adverse event" for the likes of an accident and an event. In addition, different organizations use different classifications: a "near miss" is generally classified as "incident" in most cases but not classified as such in BIR et al. Confusion might also be caused by the disunity of the terminology and classification, and by the ambiguity of definitions. Patient safety management of medical institutions in Korea uses the terms "near miss", "adverse event", and "sentinel event", which it classifies into eight levels according to the severity of risk to the patient. Therefore, the terminology and classification for radiotherapy risk management based on the patient safety management of medical institutions in Korea will help in improving the safety and quality of radiotherapy.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.637-647
• /
• 2010

Recent embedded systems are being more complicated due to their hierarchical software architecture including operating systems. The performance of such complicated software architecture could not be well analyzed through separate analysis of each software layer; the combined effect and the interactions among the whole software layers should be considered. In this paper, we show the design and implementation of a performance analysis framework that enables hierarchical analysis of performance of Linux-based embedded systems considering interactions among the software layers. By using the proposed framework, we can obtain useful run-time information about a hierarchical software structure which usually consists of user-defined function layer, library function layer, system call layer, and kernel events layer. Experimental results reveal that the proposed framework could accurately identify the performance bottlenecks with the corresponding software layers during executions of target applications through the accompanying sub-steps of the analysis: the actual execution paths, the execution time of each observed event in each software layer, and the control flows across the software layers.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• Korean Security Journal
• /
• no.51
• /
• pp.317-334
• /
• 2017

The burden of addressing the damage and financial losses caused by disaster events falls primarily on local governments. Given this reality, preparing for disasters and assessing the effects of disaster management would be more effective if both were carried out at the local level. However, disaster management in South Korea is realized at the national level, revolving around the central government. The Ministry of Public Safety and Security, which was newly established after the sinking of MV Sewol, was criticized for failing to carrying out its role as a "disaster control tower" in dealing with the earthquakes near the city of Gyeongju in 2016. The criticism, as well as deep anxiety concerning the ministry's ability to effectively respond to disasters, means that there is a need for a practical alternative plan to the current method of dealing with disasters. As such, there is an increasing call to re-examine the role of the police force, which played an integral part in past disaster response efforts, in future disaster events. Among the various activities the police force performs, this study focused on one particular role and function of the police, namely community policing. Specifically, this study examined community policing within the context of local governments. The primary purpose of community policing is crime prevention. But the police must respond to citizens' expectations and desires that the police expand the scope of its role. Thus, to maximize public safety and order, the police must be actively engaged in conducting disaster response activities. Hence, this study concentrated on the measures, including community policing, that need to be taken to enable the police to respond rapidly and effectively to disaster events, thereby minimizing losses, and to contribute meaningfully to disaster recovery efforts. Because community policing requires public cooperation, community-oriented disaster response and disaster management are closely examined. This study basically seeks to expand the scope of community policing to strengthen disaster safety. Furthermore, this study aims to assert that disaster safety can be promoted by establishing a cooperation system between the police and private security; changing how the role of community policing in disaster response activities is perceived; increasing professional manpower and establishing a comprehensive and independent department dedicated to disaster-related matters; and merging consultative organizations into one organization. Additionally, this study states that an integrated CCTV platform and police cars on disaster prevention patrol duties would enhance the capability of the police to respond to disasters and perform their community policing activities.