• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.1071-1074
• /
• 2002

최근 차세대 인터넷 환경의 표준 데이터 포맷으로 각광받고 있는 XML(eXtensible Markup Language)을 사용한 전자상거래 규격에 대한 국 내외적 표준화 작업이 가속화 되고있으며, 아울러 기업간 전자문서 교환시의 인증 및 보안문제 또한 필수적인 사항이 되어가고 있다. 본 논문에서는 XML표준화 기구에서 정의한 명세서 기반의 XSS(XML Secu.ity Suite) 라이브러리를 이용하여 기업간 전자문서 교환시 발생하는 보안문제를 해결하기 위한 전자서명 관리 시스템을 연구하였다.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• Journal of Internet Computing and Services
• /
• v.15 no.1
• /
• pp.125-134
• /
• 2014

As the social media which was simple communication media is activated on account of twitter and facebook, it's usability and importance are growing recently. Although many companies are making full use of its the capacity of information diffusion for marketing, the adverse effects of this capacity are growing. Because social network is formed and communicates based on friendships and relationships, the spreading speed of the spam and mal-ware is very swift. In this paper, we draw parameters affecting malicious data diffusion in social network environment, and compare and analyze the diffusion capacity of each parameters by propagation experiment with XSS Worm and Koobface Worm. In addition, we discuss the structural characteristics of social network environment and then proposed malicious data propagation model based on parameters affecting information diffusion. n this paper, we made up BA and HK models based on SI model, dynamic model, to conduct the experiments, and as a result of the experiments it was proved that parameters which effect on propagation of XSS Worm and Koobface Worm are clustering coefficient and closeness centrality.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.4008-4023
• /
• 2022

Since machine learning was introduced into cross-site scripting (XSS) attack detection, many researchers have conducted related studies and achieved significant results, such as saving time and labor costs by not maintaining a rule database, which is required by traditional XSS attack detection methods. However, this topic came across some problems, such as poor generalization ability, significant false negative rate (FNR) and false positive rate (FPR). Moreover, the automatic clustering property of graph convolutional networks (GCN) has attracted the attention of researchers. In the field of natural language process (NLP), the results of graph embedding based on GCN are automatically clustered in space without any training, which means that text data can be classified just by the embedding process based on GCN. Previously, other methods required training with the help of labeled data after embedding to complete data classification. With the help of the GCN auto-clustering feature and labeled data, this research proposes an approach to detect XSS attacks (called GCNXSS) to mine the dependencies between the units that constitute an XSS payload. First, GCNXSS transforms a URL into a word homogeneous graph based on word co-occurrence relationships. Then, GCNXSS inputs the graph into the GCN model for graph embedding and gets the classification results. Experimental results show that GCNXSS achieved successful results with accuracy, precision, recall, F1-score, FNR, FPR, and predicted time scores of 99.97%, 99.75%, 99.97%, 99.86%, 0.03%, 0.03%, and 0.0461ms. Compared with existing methods, GCNXSS has a lower FNR and FPR with stronger generalization ability.

• Nuclear Engineering and Technology
• /
• v.50 no.3
• /
• pp.340-355
• /
• 2018

The methods and performance of a fast reactor multigroup cross section (XS) generation code EXUS-F are described that is capable of directly processing Evaluated Nuclear Data File format nuclear data files. RECONR of NJOY is used to generate pointwise XS data, and Doppler broadening is incorporated by the Gauss-Hermite quadrature method. The self-shielding effect is incorporated in the ultrafine group XSs in the resolved and unresolved resonance ranges. Functions to generate scattering transfer matrices and fission spectrum matrices are realized. The extended transport approximation is used in zero-dimensional calculations, whereas the collision probability method and the method of characteristics are used for one-dimensional cylindrical geometry and two-dimensional hexagonal geometry problems, respectively. Verification calculations are performed first for various homogeneous mixtures and cylindrical problems. It is confirmed that the spectrum calculations and the corresponding multigroup XS generations are performed adequately in that the reactivity errors are less than 50 pcm with the McCARD Monte Carlo solutions. The nTRACER core calculations are performed with the EXUS-F-generated 47 group XSs for the two-dimensional Advanced Burner Reactor 1000 benchmark problem. The reactivity error of 160 pcm and the root mean square error of the pin powers of 0.7% indicate that EXUF-F generates properly the broad-group XSs.

• Nuclear Engineering and Technology
• /
• v.53 no.9
• /
• pp.2788-2802
• /
• 2021

Multigroup cross section (MG XS) generation by the UNIST in-house Monte Carlo (MC) code MCS for fast reactor analysis using nodal diffusion codes is reported. The feasibility of the approach is quantified for two sodium fast reactors (SFRs) specified in the OECD/NEA SFR benchmark: a 1000 MW_th metal-fueled SFR (MET-1000) and a 3600 MW_th oxide-fueled SFR (MOX-3600). The accuracy of a few-group XSs generated by MCS is verified using another MC code, Serpent 2. The neutronic steady-state whole-core problem is analyzed using MCS/RAST-K with a 24-group XS set. Various core parameters of interest (core k_eff, power profiles, and reactivity feedback coefficients) are obtained using both MCS/RAST-K and MCS. A code-to-code comparison indicates excellent agreement between the nodal diffusion solution and stochastic solution; the error in the core k_eff is less than 110 pcm, the root-mean-square error of the power profiles is within 1.0%, and the error of the reactivity feedback coefficients is within three standard deviations. Furthermore, using the super-homogenization-corrected XSs improves the prediction accuracy of the control rod worth and power profiles with all rods in. Therefore, the results demonstrate that employing the MCS MG XSs for the nodal diffusion code is feasible for high-fidelity analyses of fast reactors.

• Journal of Microbiology and Biotechnology
• /
• v.13 no.6
• /
• pp.998-1000
• /
• 2003

This study was carried out to elucidate the mode of bacteriostatic property of xanthostatin (XS), a novel depsipeptide antibiotic with an N-acetylglycine side chain and selective antimicrobial activity against Xanthomonas spp. Two biotransformed XSs were isolated by the treatment of XS with the cell lysate of Xanthomonas campestris pv. citri, a solvent partition, preparative TLC, and HPLC. Structure determination of those two biotransformed XSs demonstrated deletion of the N-acetylglycine side chain. Noteworthily, they showed no antimicrobial activity against Xanthomonas spp. This result suggests that the N-acetylglycine side chain plays a critical role in the antimicrobial activity of XS, and that the bacteriostatic property of XS is due to susceptibility of the ester bond between the hexadepsipeptide nucleus and the N-acetylglycine side chain to hydrolytic enzyme(s) produced by Xanthomonas spp.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.784-786
• /
• 2015

사물인터넷 시대가 도래함에 따라, 사물과 인터넷 간의 연결을 위한 무선 공유기의 활용이 증가하고 있다. 그러나 무선 공유기의 보안 취약점을 악용한 침해 사고도 지속적으로 발생하고 있어, 공유기 보안이 심각한 문제로 대두된 상황이다. 본 논문에서는 국내에서 사용되는 3사의 공유기가 제공하는 웹 기반 관리자 인터페이스에서 발견된 크로스 사이트 스크립팅(cross-site scripting) 취약점을 분석한다. 발견된 취약점을 기반으로, 가능한 공격 시나리오와 패치 발표 이전까지 임시 대응할 수 있는 방법을 제시한다.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.149-159
• /
• 2023

Web application security education that can provide practical experience is needed to reduce damage caused by the recent increase in web application vulnerabilities and to strengthen security. In this paper, we proposed a scenario-based web application education method, applied the proposed method to classes, and analyzed the results. In order to increase the effectiveness of scenario-based education, a real-life practice environment to perform scenarios and instructions to be performed by learners are needed. As an example of the proposed method, instructions to be performed by learners from the viewpoint of the attacker and the victim were shown in a practice environment to teach XSS and SQL injection vulnerabilities. After applying the proposed method to the class for students majoring in cyber security, when the lecture evaluation results were analyzed, it was shown that the learner's interest, understanding, and major ability all improved.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.