• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.757-759
• /
• 2024

Software vulnerabilities represent security weaknesses in software systems that attackers exploit for malicious purposes, resulting in potential system compromise and data breaches. Despite the increasing prevalence of these vulnerabilities, manual repair efforts by security analysts remain time-consuming. The emergence of deep learning technologies has provided promising opportunities for automating software vulnerability repairs, but existing AIbased approaches still face challenges in effectively handling complex vulnerabilities. This paper explores the potential of large language models (LLMs) in addressing these limitations, examining their performance in code vulnerability repair tasks. It introduces the latest research on utilizing LLMs to enhance the efficiency and accuracy of fixing security bugs.

• Proceedings of the IEEK Conference
• /
• 2007.07a
• /
• pp.99-100
• /
• 2007

Rapid developments of industry and economics have made a metropolis which demands an effective urban transport management system (UTMS). Specially, this paper considers a subway surveillance system based on integrated wireless LAN technologies for public safety. Since a current subway platform security entirely relies on conventional closed circuit television camera (CCTV) or human operators, subway train drivers cannot detect platform states and cope with abnormal situations or accidents immediately. However, through the IP cameras and some wireless routers, high qualify images of the platform conditions can be directly delivered to the train drivers and other station employees in advance of train entering the platform. In this paper, several design issues and problems are discussed when building up the subway management system. Further, we illustrate a system model with the system requirements in real parametric values in order to draw concrete system designs and to realize a practical implementation of the future UTMS.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.83-90
• /
• 2004

Preventive measures and control over cyber terrorism in Korea is a complex problem. Today laws should meet requirements made by modern technologies development, Law enforcement, special services and judicial system cooperation, their efforts coordination and their material security are priority directions, None of the country is able to prevent cyber terror independently and international cooperation in this field is vital. Taking the above into consideration, we propose and inisit that National Intelligence Service(NIS) should share cyber terror data with Police Agency and have top police authority over the cyber terror.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.1
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

• Review of KIISC
• /
• v.4 no.1
• /
• pp.44-52
• /
• 1994

정보화 사회에서는 가계, 기업, 정보 등의 정보 활동의 주체들이 가진 정보자산은 데이타 베이스(이하DB)와 소프트웨어(S/W)로 대변할 수 있으며, 이중 DB는 정보화 사회의 기반시설의 하나라고 볼 수 있다. 특별히 통계DB는 각 주체들에게는 필수적인 정보를 갖고 있다. 금융자산의 정보, 국방에 관련된 병력, 장비, 군수물자등의 정보, 회계정보 뿐 아니라 인구센서스, 경제계획수립 등등의 다양한 분야에 이 통계 DB는 사용되고 있다. 이러한 통계DB는 기존의DB에서의 데이타의 저장, 관리, 추출 기능외에 통계적인 데이타의 분석기능이 요구되고 있다. 통계 처리를 위한 데이타베이스관리 시스템(DBMS, database management system)은 주로 기존의 DBMS 에 통계처리를 위한 기능을 추가하거나 통계를 위한 DB를 따로 구축하는 방법을 사용하고 있다. 따라서 일반적인 DB 보호 기술과 더불어 통계 의 환경을 이해하는 보호 기술이 요구되고 있다. 일반적으로 DB 를 보호하는 방법으로는 물리적인 보안(physical security)과 운영체계 보안(operating system security) 이 있으며, 이들과 함께 데이타 암호화(data encryption)의 방법을 사용하고 있다. DB 의 보안 방법에 관한 연구 중 George I. Davida 등에 의한 방법은 중국인의 나머지 정리(chinese remainder thorem)를 사용하는 암호화 알고리즘을 이용하여 레코드(record) 단위의 암호화를 하며, Khamis A. Omar등에 의한 방법은 읽기, 쓰기, 갱신의 3단계의 사용자 등급을 부여하여 DB 접근의 제약을 가하는 기능을 갖고 있다. 본고에서는 특히 그 중요성이 더해가고 있는 통계 의 일반적인 개념을 살펴보며, 특성 지향형 질의 모델(characteristic-specified query model)의 보호기술을 살펴본다. 특별히 본고는 통계 DB의 보호에 대한 일반적인 조사 연구로서 잘 알려진 사실들을 많은 참고 문헌과 더불어 소개하는 내용으로 통계 DB의 보호에 관한 새로운 연구 결과는 아니다.

• Journal of Korean Society of societal Security
• /
• v.1 no.4
• /
• pp.41-49
• /
• 2008

As bridges have been longer and bigger recently, lots of bridge management systems (BMS) have been developed for each bridge. However, the differences among the data models developed by different system developers give a serious problem in integrated information management for national security. The aim of this study is to develop a common data model which can be referred in development of the BMS. The existing BMS and work process by laws are carefully analyzed. Based on the analysis results, the bridge management and maintenance process is categorized into the four basic activity types. In addition, common data models for each the unit activity type are defined.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.69-82
• /
• 2015

This dissertation introduce how to react against the cybercrime and analysis of malware detection. Also this dissertation emphasize the importance about efficient control of correspond process for the information security. Cybercrime and cyber breach are becoming increasingly intelligent and sophisticated. To correspond those crimes, the strategy of defense need change soft kill to hard kill. So this dissertation includes the study of weak point about OS, Application system. Also this dissertation suggest that API structure for handling and analyzing big data forensic.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.79-86
• /
• 2013

The objective of DDoS Attacks is to simply disturb the services. In recent years, the DDoS attacks have been evolved into Multi-Vector Attacks which use diversified and mixed attacking techniques. Multi-Vector Attacks start from DDoS Attack and Malware Infection, obtain inside information, and make zombie PC to reuse for the next DDoS attacks. These forms of Multi-Vector Attacks are unable to be prevented by the existing security strategies for DDoS Attacks and Malware Infection. This paper presents an approach to effectively defend against diversified Multi-Vector attacks by using Reverse Proxy Group and PMS(Patch Management Server).

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.357-362
• /
• 2009

Summation generator can be easily made as a simple hardware or software and it's period and linear complexity are very high. So it is appropriate to mobile security system for ubiquitous environment. But it showed us the weakness by Golic's correlation attack and Meier's fast correlation attack. In this paper, we proposed a Nonlinear Summation Generator(NSG), which is improved by using LFSR and NFSR(nonlinear feedback shift register), is different from $E_0$ algorithm which use only LFSR in summation generator. It enhanced nonlinearity and is hard to decipher even though the correlation attack or fast correlation attack. We also analyzed the security aspects and the performances for the proposed algorithm.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.7-12
• /
• 2023

Remote sensor systems are utilized in a few applications, including military, restorative, ecological and family unit. In every one of these applications, vitality use is the deciding component in the execution of wireless sensor systems. Thusly, strategies for information steering and exchanging to the base station are critical in light of the fact that the sensor hubs keep running on battery control and the vitality accessible for sensors is constrained. There are two explanations for the various leveled directing Low Energy Adaptive Clustering Hierarchy convention be in investigated. One, the sensor systems are thick and a considerable measure of excess is engaged with correspondence. Second, with a specific end goal to build the versatility of the sensor arrange remembering the security parts of correspondence. In this exploration paper usage of LEACH steering convention utilizing NS2 test system lastly upgraded vitality productive EE-LEACH directing convention guarantees that the chose cluster heads will be consistently conveyed over the system with a specific end goal to enhance the execution of the LEACH convention. EE-LEACH enhances vitality utilization by around 43%.