• Nuclear Engineering and Technology
• /
• v.41 no.5
• /
• pp.747-752
• /
• 2009

A vulnerability assessment is essential for the efficient operation of a physical protection system (PPS). Previous assessment codes have used a simple model called an adversary sequence diagram. In this study, the use of a two-dimensional (2D) map of a facility as a model for a PPS is suggested as an alternative approach. The analysis of a 2D model, however, consumes a lot of time. Accordingly, a generalized heuristic algorithm has been applied to address this issue. The proposed assessment method was implemented to a computer code; Systematic Analysis of physical Protection Effectiveness (SAPE). This code was applied to a variety of facilities and evaluated for feasibility by applying it to various facilities. To help upgrade a PPS, a sensitivity analysis of all protection elements along a chosen path is proposed. SAPE will help to accurately and intuitively assess a PPS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1021-1026
• /
• 2015

Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.

• Journal of The Korean Association of Information Education
• /
• v.20 no.3
• /
• pp.293-302
• /
• 2016

It is the latest fashion of interesting with software education in public school environment and also consider as high priority issue of curriculum for college freshman with programming 101 courses. The block-based programming tool is used widely for the beginner and provides several positive features compare than text-based programming language tools. To measure quality of programming code elaborately which is based script language, it is need to very tough manual process. As a result the previously research related with evaluation of block-based script code has been focused very simple methods in which normalize the number of blocks used which is related with programming concept. In such cases in this, it is difficult to measure structural vulnerability of script code and implicit programming concept which does not expose. In this research, the framework is proposed which enable to measure and evaluate quality of code script of block-based programming tools and also provides method to find of vulnerability of script code. In this framework, the quality metrics is constructed to structuralize implicit programming concept and then developed the quality measure and vulnerability model of script to improve level of programming. Consequently, the proposed methods enable to check of level of programming and predict the heuristic target level.

• Earthquakes and Structures
• /
• v.18 no.6
• /
• pp.709-718
• /
• 2020

Fragility curves are useful tools to estimate the damage probability of buildings owing to seismic actions. The purpose of this study is to investigate seismic vulnerability of reinforced concrete (RC) buildings, according to the 2007 and 2018 Turkish Seismic Codes, using fragility curves. For the numerical analyses, typical five- and seven-storey RC buildings were selected and incremental dynamic analyses (IDA) were performed. To complete the IDAs, eleven earthquake acceleration records multiplied by various scaling factors from 0.2g to 0.8g were used. To predict nonlinearity, a distributed hinge model that involves material and geometric nonlinearity of the structural members was used. Damages to confined concrete and reinforcement bar of structural members were obtained by considering the unit deformation demands of the 2007 Turkish Seismic Code (TSC-2007) and the 2018 Turkey Building Earthquake Code (TBEC-2018). Vulnerability evaluation of these buildings was performed using fragility curves based on the results of incremental dynamic analyses. Fragility curves were generated in terms of damage levels occurring in confined concrete and reinforcement bar of structural members with a lognormal distribution assumption. The fragility curves show that the probability of damage occurring is more according to TBEC-2018 than according to TSC-2007 for selected buildings.

• Earthquakes and Structures
• /
• v.22 no.4
• /
• pp.387-399
• /
• 2022

To study the seismic damage of masonry structures and understand the characteristics of the multi-intensity region, according to the Dujiang weir urbanization of China Wenchuan earthquake, the deterioration of 3991 masonry structures was summarized and statistically analysed. First, the seismic damage of multistory masonry structures in this area was investigated. The primary seismic damage of components was as follows: Damage of walls, openings, joints of longitudinal and transverse walls, windows (lower) walls, and tie columns. Many masonry structures with seismic designs were basically intact. Second, according to the main factors of construction, seismic intensity code levels survey, and influence on the seismic capacity, a vulnerability matrix calculation model was proposed to establish a vulnerability prediction matrix, and a comparative analysis was made based on the empirical seismic damage investigation matrix. The vulnerability prediction matrix was established using the proposed vulnerability matrix calculation model. The fitting relationship between the vulnerability prediction matrix and the actual seismic damage investigation matrix was compared and analysed. The relationship curves of the mean damage index for macrointensity and ground motion parameters were drawn through calculation and analysis, respectively. The numerical analysis was performed based on actual ground motion observation records, and fitting models of PGA, PGV, and MSDI were proposed.

• Earthquakes and Structures
• /
• v.5 no.5
• /
• pp.571-588
• /
• 2013

Many of the current buildings in Algeria were built in the past without any consideration to the requirements of the seismic code. Among these buildings, there are a large number of individual houses built in the 1980's by their owners. They are Reinforced Concrete (RC) frame structures with unreinforced hollow masonry infill walls. This buildings type experienced major damage in the 2003 (Algeria) earthquake, generated by deficiencies in the structural system. In the present study, special attention is placed upon examining the vulnerability of RC frame houses. Their situation and their general features are investigated. Observing their seismic behavior, structural deficiencies are identified. The seismic vulnerability of this type of buildings depends on several factors, such as; structural system, plan and vertical configuration, materials and workmanship. The results of the vulnerability assessment of a group of RC frame houses are presented. Using a method based on the European Macroseismic Scale EMS-98 definitions, presented in previous studies, distribution of damage is obtained.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.16 no.3
• /
• pp.161-166
• /
• 2023

In recent years, new and variant hacking of binary codes has increased, and the limitations of techniques for detecting malicious codes in source programs and defending against attacks are often exposed. Advanced software security vulnerability detection technology using machine learning and deep learning technology for binary code and defense and response capabilities against attacks are required. In this paper, we propose a malware clustering method that groups malware based on the characteristics of the taint information after entering dynamic taint information by tracing the execution path of binary code. Malware vulnerability detection was applied to a three-layered Few-shot learning model, and F1-scores were calculated for each layer's CPU and GPU. We obtained 97~98% performance in the learning process and 80~81% detection performance in the test process.

• Structural Engineering and Mechanics
• /
• v.26 no.6
• /
• pp.617-634
• /
• 2007

Algeria is a country with a high seismic activity. During the last decade, many destructive earthquakes occurred, particularly in the northern part, causing enormous losses in human lives, buildings and equipments. In order to reduce this risk in the capital and avoid serious damages to the strategic existing buildings, the government decided to invest into seismic upgrade, strengthening and retrofitting of these buildings. In doing so, seismic vulnerability study of this category of buildings has been considered. Structural analysis is performed on the basis of site investigation (inspection of the building, collecting data, materials, general conditions of the building, etc), and existing drawings (architectural plans, structural design, etc). The aim of these seismic vulnerability studies is to develop guidelines and a methodology for rehabilitation of existing buildings. This paper will provide insight to the vulnerability assessment and strengthening of the telecommunication centre, according to the new code RPA 99/version 2003. Both, static equivalent method and non linear dynamic analysis are performed in this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.757-759
• /
• 2024

Software vulnerabilities represent security weaknesses in software systems that attackers exploit for malicious purposes, resulting in potential system compromise and data breaches. Despite the increasing prevalence of these vulnerabilities, manual repair efforts by security analysts remain time-consuming. The emergence of deep learning technologies has provided promising opportunities for automating software vulnerability repairs, but existing AIbased approaches still face challenges in effectively handling complex vulnerabilities. This paper explores the potential of large language models (LLMs) in addressing these limitations, examining their performance in code vulnerability repair tasks. It introduces the latest research on utilizing LLMs to enhance the efficiency and accuracy of fixing security bugs.