• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.264-266
• /
• 2015

Currently as cyber threats grow up targeting nuclear power plants(NPP), licensees must guarantee that computer and information systems of nuclear facilities can be adequately protected against cyber attack. Especially critical system that cause illegal transfer of nuclear material and adverse impact to public safety need protecting. In this paper, we surveying the cyber threat examples targeted at NPP, and taxonomy the method of cyber security for NPPs in korea through analyzing the methodology to identify critical system and address cyber security controls for nuclear facilities.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.12 no.5
• /
• pp.451-461
• /
• 2002

Differential evolution(DE) has been preyed to be an efficient method for optimizing real-valued multi-modal objective functions. DE's main assets are its conceptual simplicity and ease of use. However, the convergence properties are deeply dependent on the control parameters of DE. This paper proposes an adaptive differential evolution(ADE) method which combines with a variant of DE and an adaptive mechanism of the control parameters. ADE contributes to the robustness and the easy use of the DE without deteriorating the convergence. 12 optimization problems is considered to test ADE. As an application of ADE the paper presents a supervised clustering method for predicting events, what is called, an evolutionary event clustering(EEC). EEC is tested for 4 cases used widely for the validation of data modeling.

• Journal of Microbiology
• /
• v.43 no.spc1
• /
• pp.65-84
• /
• 2005

Invasive candidiasis is associated with high morbidity and mortality. Clinical diagnosis is complicated by a lack of specific clinical signs and symptoms of disease. Laboratory diagnosis is also complex because circulating antibodies to Candida species may occur in normal individuals as the result of commensal colonization of mucosal surfaces thereby reducing the usefulness of antibody detection for the diagnosis of this disease. In addition, Candida species antigens are often rapidly cleared from the circulation so that antigen detection tests often lack the desired level of sensitivity. Microbiological confirmation is difficult because blood cultures can be negative in up to 50% of autopsy-proven cases of deep-seated candidiasis or may only become positive late in the infection. Positive cultures from urine or mucosal surfaces do not necessarily indicate invasive disease although can occur during systemic infection. Furthermore, differences in the virulence and in the susceptibility of the various Candida species to antifungal drugs make identification to the species level important for clinical management. Newer molecular biological tests have generated interest but are not yet standardized or readily available in most clinical laboratory settings nor have they been validated in large clinical trials. Laboratory surveillance of at-risk patients could result in earlier initiation of antifungal therapy if sensitive and specific diagnostic tests, which are also cost effective, become available. This review will compare diagnostic tests currently in use as well as those under development by describing their assets and limitations for the diagnosis of invasive candidiasis.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.5
• /
• pp.69-77
• /
• 2021

This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.

• International journal of advanced smart convergence
• /
• v.8 no.2
• /
• pp.77-87
• /
• 2019

One of important concerns in information security is to control information flow. It is whether to protect confidential information from being leaked, or to protect trusted information from being tainted. In this paper, we present Piosk (Physical blockage of Information flow Kiosk) that addresses both the problems practically. Piosk can forestall and prevent the leakage of information, and defend inner tangible assets against a variety of malwares as well. When a visitor who carries a re-writable portable storage device, must insert the device into Piosk installed next to the security gate. Then, Piosk scans the device at the very moment, and detects & repairs malicious codes that might be exist. After that, Piosk writes the contents (including sanitized ones) on a new read-only portable device such as a compact disk. By doing so, the leakage of internal information through both insiders and outsiders can be prevented physically. We have designed and prototyped Piosk. The experimental verification of the Piosk prototype implementation reveals that, Piosk can accurately detect every malware at the same detection level as Virus Total and effectively prevent the leakage of internal information. In addition, we compare Piosk with the state-of-the-art methods and describe the special advantages of Piosk over existing methods.

• Nuclear Engineering and Technology
• /
• v.54 no.4
• /
• pp.1245-1252
• /
• 2022

As regulatory bodies require full implementation of security controls in nuclear power plants (NPPs), security functions for critical digital assets are currently being developed. For the ultimate introduction of security controls, not alternative measures, it is important to understand the relationship between possible cyber threats to NPPs and security controls to prevent them. To address the effectiveness of the security control implementation, this study investigated the types of cyber threats that can be prevented when the security controls are implemented through the mapping of the reorganized security controls in RS-015 to cyber threats on NPPs. Through this work, the cyber threat that each security control can prevent was confirmed, and the effectiveness of several strategies for implementing the security controls were compared. This study will be a useful reference for utilities or researchers who cannot use design basis threat (DBT) directly and be helpful when introducing security controls to NPPs that do not have actual security functions.

• Management & Information Systems Review
• /
• v.33 no.1
• /
• pp.173-190
• /
• 2014

According to COSO(2013) "Internal control is a process that is designed to provide reasonable assurance that a firm can achieve its objectives, where differing aspects of internal control can be partitioned into operating objectives, reporting objectives, and compliance objectives." Internal control over financial reporting(ICFR) is focus on reporting objectives and includes that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company's assets that could have a material effect on the financial statements. Thus, firms with weak ICFR have negative a effect on Firm value because those firms are great likelihood of misappropriation and inefficiency decision. In this regard, this study investigates the association of ICFR with the likelihood of firm failure. Specially, I measure the characteristic of ICFR as disclosures of material weaknesses and operating personnel of ICFR. I identify the likelihood of firm failure as going-concern opinion issued in audit report. As result, I find that a higher probability of firm failure is positively associated with the material weakness in ICFR also I find that a higher probability of firm failure is negatively associated with experience and qualified CPA of personnel in ICFR.

• Journal of the Korea Society for Simulation
• /
• v.29 no.3
• /
• pp.57-72
• /
• 2020

To respond to the threat of Long range artillery of North Korea, it is necessary to establish the Korean counter long range artillery intercept system(CLRAIS). The purpose of this study is to study the operational concept of the CLRAIS against the threat of long range artillery of North Korea, and to develop the operational effectiveness process of the CLRAIS. First, we set up the operating concept of the CLRAIS and established the concept of an effectiveness in a many-to-many engagement situation and a process to derive it. Based on this, a tool was developed to analyze the actual effectiveness. In order to find out the factors influencing the effectiveness in many-to-many engagement situations, simulation experiments were performed by combining various variables such as detection assets, engagement control, and launchpad performance. As a result, it was found that in addition to the missile performance, the performance of the detection assets and the engagement control center had a significant impact on the intercept rate and the defense success rate. These findings can be used to understand important indicators in terms of effectiveness in many-to-many engagement situations in the future development of weapon system, and to determine the development direction and target value of each element necessary for the level of defense success rate to be achieved.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.11-17
• /
• 2022

Cyber attacks on national infrastructure, including large-scale power outages in Ukraine, have continued in recent years. As a result, ICS-CERT vulnerabilities have doubled compared to last year, and vulnerabilities to industrial control systems are increasing day by day. Most control system operators develop vulnerability countermeasures based on the vulnerability information sources provided by ICS-CERT in the United States. However, it is not applicable to the security of domestic control systems because it does not provide weaknesses in Korean manufacturers' products. Therefore, this study presents a vulnerability analysis framework that integrates CVE, CWE, CAPE, and CPE information related to the vulnerability based on ICS-CERT information (1843 cases). It also identifies assets of nuclear facilities by using CPE information and analyzes vulnerabilities using CVE and ICS-CERT. In the past, only 8% of ICS-CERT's vulnerability information was searched for information on any domestic nuclear facility during vulnerability analysis, but more than 70% of the vulnerability information could be searched using the proposed methodology.

• Journal of Korean Society for Geospatial Information Science
• /
• v.12 no.4 s.31
• /
• pp.45-51
• /
• 2004

Control stations managed by national and local governmes are associated with other survey work and constructing geography information and they are important assets in the national level as the positional standard of the country. Since these control points are managed as some type of register and the control points could not be easily updated due to the loss of control stations from construction work or urban development. Therefore, the users could not understand the present situation of the changed control stations. In this background, the aim of this study was to develop control station management system which the managers can use to efficiently maintain control points and to support the usage of the survey control points. For developing this system, we have designed input, update, network, analysis and statistic functions, and have constructed the system using Mapobject as main engine with other languages such as Visual C++ and Visual Basic. The graphic data used in this system are 1/5,000 digital map and digital cadastral map, and the attribute data of each control station are point name, map tile name, longitude and latitude coordinates, TM coordinates, surveying data with the format of year-month-day and control situation photos and so on. In the result of constructing this control station management system, we could achieve integrated management of graphic, attribute and positioning information of each control station.