• Title/Summary/Keyword: database security

Search Result 649, Processing Time 0.03 seconds

Research on Malicious code hidden website detection method through WhiteList-based Malicious code Behavior Analysis (WhiteList 기반의 악성코드 행위분석을 통한 악성코드 은닉 웹사이트 탐지 방안 연구)

  • Ha, Jung-Woo;Kim, Huy-Kang;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.61-75
    • /
    • 2011
  • Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

Abnormal Crowd Behavior Detection via H.264 Compression and SVDD in Video Surveillance System (H.264 압축과 SVDD를 이용한 영상 감시 시스템에서의 비정상 집단행동 탐지)

  • Oh, Seung-Geun;Lee, Jong-Uk;Chung, Yongw-Ha;Park, Dai-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.6
    • /
    • pp.183-190
    • /
    • 2011
  • In this paper, we propose a prototype system for abnormal sound detection and identification which detects and recognizes the abnormal situations by means of analyzing audio information coming in real time from CCTV cameras under surveillance environment. The proposed system is composed of two layers: The first layer is an one-class support vector machine, i.e., support vector data description (SVDD) that performs rapid detection of abnormal situations and alerts to the manager. The second layer classifies the detected abnormal sound into predefined class such as 'gun', 'scream', 'siren', 'crash', 'bomb' via a sparse representation classifier (SRC) to cope with emergency situations. The proposed system is designed in a hierarchical manner via a mixture of SVDD and SRC, which has desired characteristics as follows: 1) By fast detecting abnormal sound using SVDD trained with only normal sound, it does not perform the unnecessary classification for normal sound. 2) It ensures a reliable system performance via a SRC that has been successfully applied in the field of face recognition. 3) With the intrinsic incremental learning capability of SRC, it can actively adapt itself to the change of a sound database. The experimental results with the qualitative analysis illustrate the efficiency of the proposed method.

An Efficient and Transparent Blockchain-based Electronic Voting and Survey System (효율성과 투명성을 확보한 블록체인 기반 전자투표 및 설문조사 시스템)

  • Kim, HyeonA;Na, YeonJu;Lee, JaeYun;Jeong, YuRi;Kim, Hyung-Jong
    • Journal of the Korea Society for Simulation
    • /
    • v.30 no.4
    • /
    • pp.9-19
    • /
    • 2021
  • Electronic voting has been recognized as an alternative to complement the limitations of existing paper voting. At the same time, security concerns are being raised. This paper presents a blockchain-based electronic voting and survey system that can guarantee reliability. Our smart contract was created using Solidity on Ethereum which is a blockchain-based distributed computing platform, and the system was implemented in connection with the Javascript based user interface. In addition, in order to protect the personal information of participants, the system is generating hash of the personal data and storing the hash of users for the contract data. Since we exploited different kinds of languages for the system, we derived items of functionality testing and presented the functionality testing result. Moreover, we made use of the Chrome's performance evaluation functionality to see the response time of the blockchain-based system. In addition, we compared the performance with the system which has the same functionality on database. The contribution of this research is design and implementation of blockchain-based electronic voting system and presentation of the functionality and performance simulation result.

A Study on the Method of Creating a Safety Vulnerable Class Distribution Diagram for Non-Structural Countermeasures in the Comprehensive Natural Disaster Reduction Plan (자연재해저감종합계획 비구조적 대책의 안전취약계층도 작성방안에 관한 연구)

  • Doo Hee Kim;In Jae Song;Byung-Sik Kim
    • Journal of Korean Society of Disaster and Security
    • /
    • v.16 no.1
    • /
    • pp.1-11
    • /
    • 2023
  • The comprehensive natural disaster reduction plan, the highest plan in the disaster prevention field, was implemented by local governments. second plan is currently being formulated. In order to minimize human and property damage, structural and non-structural measures for each of the nine disaster types are established and implemented for 10 years. Structural measures are based on engineering and quantitative analysis, and the criteria for setting reduction measures are clear. Non-structural measures, however, currently lack the set criteria. the basic disaster and safety management law included the safety vulnerable class in 2018. Currently, the safety vulnerable class of the detailed establishment criteria of the comprehensive natural disaster reduction plan is being established, including children, the elderly, and the disabled. However, due to the lack of data securing and database construction by local governments, it is difficult to prepare a location map for establishing reduction measures for the safety vulnerable. Therefore, in this study, OPEN API data of the safety vulnerable class were collected and statistical information and GIS of SGIS information services were used. The distribution diagram of the safety vulnerable class in Samcheok, Gangwon-do, which is a sample area, and the distribution diagram of the safety vulnerable class in units of the output area (OA) in Geundeok-myeon were prepared.

Risk Assessment Improvement Method of Small Stream When Small Sized Hazard Infrastructures Survey (소규모 공공시설 조사시 세천의 위험도 평가 방안)

  • Jungsoo Rho;Kyewon Jun;Jaesung Shin
    • Journal of Korean Society of Disaster and Security
    • /
    • v.16 no.1
    • /
    • pp.23-35
    • /
    • 2023
  • Recently, the damage caused by natural disasters such as typhoons and localized torrential rains has been increasing rapidly. The Ministry of the Interior and Safety enacted a 「law on safety management of small sized infrastructures」 and local governments have to register small sized infrastructures with the National Disaster and Safety Management System (NDMS) until March 31st every year. Recently, each local government has ordered Safety inspections of small sized infrastructures and maintenance plans and six types of facilities, including small streams, small bridges, farm roads, access roads to village, inlet weirs, and drop structures are being surveyed and digitized into a database. Each facility is being evaluated for risk, and for those deemed hazardous, maintenance plans are being developed. However, since the risk assessment method of small sized infrastructures is not clear so that is conducted through visual investigation by field investigators, risk assessment is conducted in a subjective and ambiguous form. Therefore, this study presented a reasonable and quantitative risk assessment method by providing a quantitative evaluation indicator for small stream, which has the highest disaster risk among other small sized infrastructures, so that small sized hazard infrastructures can be selected to secure transparent evidence for improvement plans and action plans.

A Forensic Methodology for Detecting Image Manipulations (이미지 조작 탐지를 위한 포렌식 방법론)

  • Jiwon Lee;Seungjae Jeon;Yunji Park;Jaehyun Chung;Doowon Jeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.4
    • /
    • pp.671-685
    • /
    • 2023
  • By applying artificial intelligence to image editing technology, it has become possible to generate high-quality images with minimal traces of manipulation. However, since these technologies can be misused for criminal activities such as dissemination of false information, destruction of evidence, and denial of facts, it is crucial to implement strong countermeasures. In this study, image file and mobile forensic artifacts analysis were conducted for detecting image manipulation. Image file analysis involves parsing the metadata of manipulated images and comparing them with a Reference DB to detect manipulation. The Reference DB is a database that collects manipulation-related traces left in image metadata, which serves as a criterion for detecting image manipulation. In the mobile forensic artifacts analysis, packages related to image editing tools were extracted and analyzed to aid the detection of image manipulation. The proposed methodology overcomes the limitations of existing graphic feature-based analysis and combines with image processing techniques, providing the advantage of reducing false positives. The research results demonstrate the significant role of such methodology in digital forensic investigation and analysis. Additionally, We provide the code for parsing image metadata and the Reference DB along with the dataset of manipulated images, aiming to contribute to related research.

A Study on Open Source Version and License Detection Tool (오픈소스 버전 및 라이선스 탐지 도구에 관한 연구)

  • Ki-Hwan Kim;Seong-Cheol Yoon;Su-Hyun Kim;Im-Yeong Lee
    • The Transactions of the Korea Information Processing Society
    • /
    • v.13 no.7
    • /
    • pp.299-310
    • /
    • 2024
  • Software is expensive, labor-intensive, and time-consuming to develop. To solve this problem, many organizations turn to publicly available open source, but they often do so without knowing exactly what they're getting into. Older versions of open source have various security vulnerabilities, and even when newer versions are released, many users are still using them, exposing themselves to security threats. Additionally, compliance with licenses is essential when using open source, but many users overlook this, leading to copyright issues. To solve this problem, you need a tool that analyzes open source versions, vulnerabilities, and license information. Traditional Blackduck provide a wealth of open source information when you request the source code, but it's a heavy lift to build the environment. In addition, Fossology extracts the licenses of open source, but does not provide detailed information such as versions because it does not have its own database. To solve these problems, this paper proposes a version and license detection tool that identifies the open source of a user's source code by measuring the source code similarity, and then detects the version and license. The proposed method improves the accuracy of similarity over existing source code similarity measurement programs such as MOSS, and provides users with information about licenses, versions, and vulnerabilities by analyzing each file in the corresponding open source in a web-based lightweight platform environment. This solves capacity issues such as BlackDuck and the lack of open source details such as Fossology.

Flavonoid intake according to food security in Korean adults: Based on the Korea National Health and Nutrition Examination Survey 2007~2012 (한국 성인의 식품안정성에 따른 플라보노이드 섭취 실태: 2007~2012년 국민건강 영양조사 자료를 이용하여)

  • Jun, Shinyoung;Hong, Eunju;Joung, Hyojee
    • Journal of Nutrition and Health
    • /
    • v.48 no.6
    • /
    • pp.507-518
    • /
    • 2015
  • Purpose: The aim of this study was to examine the association of food security with the total and individual flavonoid intakes among Korean adults. Methods: Study subjects were 13,454 men and 19,563 women aged 19 years and older who participated in the 2007~2012 Korea National Health and Nutrition Examination Survey. Subjects were classified into food-secure and food-insecure groups using the answers to a self-reported question on food sufficiency of subjects' household. The total and individual flavonoid intakes were calculated by linking 24-h dietary recall data of subjects with a flavonoid database. Mean differences in dietary outcomes by food security status, and major food sources of total flavonoids were examined. Results: In this cross-sectional study, 5.8% of male adults and 6.6% of female adults were in food insecure households. Mean daily intakes of total flavonoids, flavonols, flavones, flavanones, flavan-3-ols, isoflavones, and proanthocyanidins were significantly lower in food-insecure groups than food-secure groups among both male and female adults. The differences were maintained in total flavonoids, flavones, flavanones, and flavan-3-ols after adjusting for total energy intake. Mean intakes of fruits and vegetables were significantly lower in food-insecure groups and the total flavonoid intake from fruits and vegetables was also significantly lower in food-insecure groups. The major food sources of total flavonoids were apples (20.7%), mandarines (12.0%), and tofu (11.5%) in the food-secure group, and apples (14.9%), tofu (13.3%), and mandarines (12.6%) in the food-insecure group. Conclusion: This study showed that food insecurity was associated with lower intakes of flavonoids and reduced intakes of fruits and vegetables in a representative Korean population.

Nuclear Terrorism and Global Initiative to Combat Nuclear Terrorism(GICNT): Threats, Responses and Implications for Korea (핵테러리즘과 세계핵테러방지구상(GICNT): 위협, 대응 및 한국에 대한 함의)

  • Yoon, Tae-Young
    • Korean Security Journal
    • /
    • no.26
    • /
    • pp.29-58
    • /
    • 2011
  • Since 11 September 2001, warnings of risk in the nexus of terrorism and nuclear weapons and materials which poses one of the gravest threats to the international community have continued. The purpose of this study is to analyze the aim, principles, characteristics, activities, impediments to progress and developmental recommendation of the Global Initiative to Combat Nuclear Terrorism(GICNT). In addition, it suggests implications of the GICNT for the ROK policy. International community will need a comprehensive strategy with four key elements to accomplish the GICNT: (1) securing and reducing nuclear stockpiles around the world, (2) countering terrorist nuclear plots, (3) preventing and deterring state transfers of nuclear weapons or materials to terrorists, (4) interdicting nuclear smuggling. Moreover, other steps should be taken to build the needed sense of urgency, including: (1) analysis and assessment through joint threat briefing for real nuclear threat possibility, (2) nuclear terrorism exercises, (3) fast-paced nuclear security reviews, (4) realistic testing of nuclear security performance to defeat insider or outsider threats, (5) preparing shared database of threats and incidents. As for the ROK, main concerns are transfer of North Korea's nuclear weapons, materials and technology to international terror groups and attacks on nuclear facilities and uses of nuclear devices. As the 5th nuclear country, the ROK has strengthened systems of physical protection and nuclear counterterrorism based on the international conventions. In order to comprehensive and effective prevention of nuclear terrorism, the ROK has to strengthen nuclear detection instruments and mobile radiation monitoring system in airports, ports, road networks, and national critical infrastructures. Furthermore, it has to draw up effective crisis management manual and prepare nuclear counterterrorism exercises and operational postures. The fundamental key to the prevention, detection and response to nuclear terrorism which leads to catastrophic impacts is to establish not only domestic law, institution and systems, but also strengthen international cooperation.

  • PDF

Development of Signal Detection Methods for ECG (Electrocardiogram) based u-Healthcare Systems (심전도기반 u-Healthcare 시스템을 위한 파형추출 방법)

  • Min, Chul-Hong;Kim, Tae-Seon
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.46 no.6
    • /
    • pp.18-26
    • /
    • 2009
  • In this paper, we proposed multipurpose signal detection methods for ECG (electrocardiogram) based u-healthcare systems. For ECG based u-healthcare system, QRS signal extraction for cardiovascular disease diagnosis is essential. Also, for security and convenience reasons, it is desirable if u-healthcare system support biometric identification directly from user's bio-signal such as ECG for this case. For this, from Lead II signal, we developed QRS signal detection method and also, we developed signal extraction method for biometric identification using Lead II signal which is relatively robust from signal alteration by aging and diseases. For QRS signal detection capability from Lead II signal, ECG signals from MIT-BIH database are used and it showed 99.36% of accuracy and 99.68% of sensitivity. Also, to show the performance of signal extraction capability for biometric diagnosis purpose, Lead III signals are measured after drinking, smoking, or exercise to consider various monitoring conditions and it showed 99.92% of accuracy and 99.97% of sensitivity.