• Korean Journal of Remote Sensing
• /
• v.31 no.1
• /
• pp.1-9
• /
• 2015

Mobility and cloud platform have become the dominant paradigm to develop web services dealing with huge and diverse digital contents for scientific solution or engineering application. These two trends are technically combined into mobile cloud computing environment taking beneficial points from each. The intention of this study is to design and implement a mobile cloud application for remotely sensed image fusion for the further practical geo-based mobile services. In this implementation, the system architecture consists of two parts: mobile web client and cloud application server. Mobile web client is for user interface regarding image fusion application processing and image visualization and for mobile web service of data listing and browsing. Cloud application server works on OpenStack, open source cloud platform. In this part, three server instances are generated as web server instance, tiling server instance, and fusion server instance. With metadata browsing of the processing data, image fusion by Bayesian approach is performed using functions within Orfeo Toolbox (OTB), open source remote sensing library. In addition, similarity of fused images with respect to input image set is estimated by histogram distance metrics. This result can be used as the reference criterion for user parameter choice on Bayesian image fusion. It is thought that the implementation strategy for mobile cloud application based on full open sources provides good points for a mobile service supporting specific remote sensing functions, besides image fusion schemes, by user demands to expand remote sensing application fields.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.85-92
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• Journal of Radiation Industry
• /
• v.8 no.3
• /
• pp.169-176
• /
• 2014

For designing the model of the web program, the demand survey for the technology and information has been performed for the students of the related departments, industrialists and researchers. And, the survey, such as advantages and disadvantages, for the current situations has been examined through comparison and analysis by the establishment type and operational process for the present operating web programs having the similar functions in Korea. The contents and web program for the technology and information system have been also developed by the question investigation and the expert opinions. This system for RI-Biomics has been developed by focusing the convenience for the information provision and the information search as the first constructing direction. Information has been collected by the operator in our institute and making contract with Global Trend Briefing of KISTI in Korea. The information collection in the web program has been designed as the direction regularly provided with RSS. Information has been then analyzed by constructing the expert pool provided from the advisory committee for the technology and information, and using them. The publicity for this web program has been performed by webzines and then it is noted that the publicity programs such as some events should be regularly developed when expanded and advanced to a community in future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1217-1224
• /
• 2015

Web application security problems are addressed by the web vulnerability analysis which in turn supports companies to understand those problems and to establish their own solutions. Ministry of Science, ICT and Future Planning (MSIP) has released its guidelines for analysis and assessment of the web vulnerability. Although it is possible to distinguish vulnerability items in a manner suggested in the MSIP's guidelines, MSIP's factors and criteria proposed in the guidelines are neither sufficient nor efficient in analyzing specific vulnerability entries' risks. This study discusses analysis of the domestic and international Vulnerability Scoring system and proposes an appropriate evaluating method for web vulnerability analysis.

• Communications for Statistical Applications and Methods
• /
• v.8 no.3
• /
• pp.831-840
• /
• 2001

In this study, We introduce the process of web usage mining, which has lately attracted considerable attention with the fast diffusion of world wide web, and explain the web log data, which Is the main subject of web usage mining. Also, we illustrate some real examples of analysis for web log data and look into practical application of web usage mining for eCRM.

• The KIPS Transactions:PartA
• /
• v.15A no.3
• /
• pp.181-188
• /
• 2008

Nowadays, most web sites are developed using dynamic web pages where web pages are generated and transmitted by web application programs. Therefore, the ratio of attacks injecting malevolent strings to vulnerable web applications is increasing. In this paper, we present a static program analyzer which analyzes whether a web application program has vulnerabilities to the SQL injection attack and the cross site scripting(XSS) attack. To analyze programs using abstract interpretation framework, we designed an abstract domain which models potential string set along with excluded strings and developed an abstract interpreter for the PHP language. Also, based on them, we implemented a static analyzer. According to our experiments, our analyzer has competitive analysis speed and accuracy compared with related research results.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.221-229
• /
• 2007

Security of the port TCP/80 has been demanded by reason that the others besides web services have been rapidly increasing use of the port. Existing traffic analysis approaches can't distinguish web services traffic from application services when traffic passes though the port. monitoring method based on protocol and port analysis were weak in analyzing harmful traffic using the web port on account of being unable to distinguish payload. In this paper, we propose a method of detecting harmful traffic by web traffic analysis. To begin, traffic Capture by real time and classify by web traffic. Classed web traffic sorts each application service details and apply weight and detect harmful traffic. Finally, method propose and implement through coding. Therefore have a purpose of these paper to classify existing traffic analysis approaches was difficult web traffic classified normal traffic and harmful traffic and improved performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.1
• /
• pp.23-31
• /
• 2010

As the web technologies advance, most of applications have being developed as web applications. The web has advantages of high interoperability due to the web standards though the applications run on heterogenous platforms. However, as the systems are growing and have some interoperability problems, the government and the big companies require interoperability testing for new systems. In this paper, we introduce some interoperability issues for web applications and classify them into three groups according to 3-tier client/server architecture. We also propose interoperability testing process and tasks to be performed at each step in the process.