• Annual Conference of KIPS
• /
• 2015.10a
• /
• pp.851-854
• /
• 2015

수중음파통신은 물속에서 지상과는 달리 음파를 사용하여 통신한다. 또한 제한된 전력과 자원을 사용하기 때문에 최소한의 연산으로 본래의 목적을 수행해야만 하는 조건이 따른다. 따라서 수중음파통신에 보안을 적용하기 위해서는 기밀성과 안전성도 중요하지만 무엇보다 가용성을 고려한 보안설계가 중요하다. 본 논문은 제한된 전력과 자원 환경에서 동작하는 수중음파통신용 MAC 프로토콜에 가용성이 부각할 수 있는 LEA 블록암호알고리즘의 적용방안을 논하고자 한다. 또한 기존의 AES(Advanced Encryption Standard)와 ARIA(Academy, Research Institute, Agency) 블록암호알고리즘과의 성능분석을 통해 LEA의 우수성과 수중음파통신에 적합성을 보이고자 한다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.3
• /
• pp.33-39
• /
• 2012

Since the passing of the Personal Information Act in March 2011 and its initial introduction in September, over the one year to date diverse security devices and solutions have been flowing into the market to enable observance of the relevant laws. Beginning with security consulting, corporations and institutions have focused on technology-based business in order to enable observance of those laws competitively in accordance with 6-step key procedures including proposal, materialization, introduction, construction, implementation, and execution. However there has not been any investment in human resources in the field of education such as technology education and policy education relative to the most important human resources field nor investment in professionals in the organization for the protection of personal information or in human resources for operating and managing IT infrastructure for actual entire personal information such as special sub-organizations. In this situation, as one process of attracting change from the nature of the technology-based security market toward a professional human resource-based security infrastructure market, it is necessary to conduct research into standardization modeling concerning special organizational composition and a management system for the protection of personal information.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.6
• /
• pp.1320-1326
• /
• 2011

National institutions on the importance of information security is being recognized, information security laws are being discussed in Congress 3.4 DDoS incident and Nonghyup hacking, etc. However, National Assembly Secretariat when the results of the Information Security Consulting has been assessed very low 61.2 points, evaluation of hardware and software in secure areas were vulnerable. This paper, the legislative support agencies National Assembly and National Assembly Secretariat on the network and computer systems, and managerial, technical and physical security elements are analyzed for the status. And network should have the legislative support agencies and system for the physical network separation, DDoS attack response, Virus attack response, hacking attacks response, and Cyber Emergency Response Team/Coordination Center for Cyber infringing design and research through the confidentiality, integrity, availability, access control, authentication and security analysis is based on the evaluation criteria. Through this study, the legislative support agencies to strengthen the security of data and security laws enacted to provide the basis for.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.6
• /
• pp.1155-1160
• /
• 2018

Presently in 2018, the security market is requiring progressive development and innovation in the area of security on account of new changes and technologies. This means the rapid and prompt development of the service platforms and service-based information systems. Here, this study is going to examine the process of operating a number of services and obtaining security, not the criteria for selecting particular service in online environment where the various services exist. Within a series of flows to protect the manager's authority about the platforms operated by information systems, and to provide and destroy services, this author limits the entire service platforms of the optimized balance module into four categories maximum for the security of the area apt for illegal invasion and access, and the proper area. Also, about the area with limited security, this researcher again applies subordinate security policy and technology respectively. This author here will suggest a method to provide and to extend safety and security for the information system and also propose the process of applying it as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1223-1234
• /
• 2016

The Industrial control system is adopted by various industry field and national infrastructure, therefore if it received cyber attack, the serious security problems can be occured in the public sector. For this reason, security requirements of the industrial control system have been proposed, in accordance with the security guidelines of the electronic control system, and it is operated by separate from the external and the internal network. Nevertheless, cyber attack by malware (such as Stuxnet) targeting to control system have been occurred continuously, and also the real-time detection of untrusted traffic is very difficult because there are some difficulty of keeping up with quickly evolving the advent of new-variant malicious codes. In this paper, we propose the traffic analysis architecture for providing secure industrial control system based on the analyzed the security threats, the security requirements, and our proposed architecture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.107-122
• /
• 1997

Most of the currently used electronic mail system has the threat of security such as illegal leak of message, forgery, uncertain identity, denial of sending and receiving, and so forth. The security for this system is not satisfied yet, thus we explore these problems. In this thesis, we implement the security services for internet mail system which cover the weakness for traditional mail system. This system provides not only security services which PEM and PGP provides (i.e message confidentiality, message integrity, originator authentication, non-repudiation of origin), but also message replay prevention. and non-denial of recipient using certification of contents. In addition, this system increases security of the digital signature by signing with signature block formatting on the creation of it. And it increases security of the digital enveloping by encrypting with encryption block formatting of message encryption key.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.107-112
• /
• 2015

Due to the rapid development of wireless communication technology, foundation system of military communication that is based on the daily use technology has been changed in to wireless system. However, military communication contains clssified information, and it is expected to have increase amount of enemy's there in such a imperfect security system. The next generation of tactical network communication system is expected to adopt All IP based wireless system. This research studies expected threatening factor on the wireless environment, and find the appropriate tunneling techniques.

• Annual Conference of KIPS
• /
• 2010.04a
• /
• pp.758-761
• /
• 2010

악성코드는 P2P, 전자메일, 메신저나 저장매체, 인터넷 사이트 등 여러 가지 경로를 통해 전파된다. 특히 USB 기반 악성코드는 USB가 시스템에 연결될 때 악성코드를 자동 실행시키고, 로컬 드라이브 영역에 자기복제를 하는 등 특정 행위를 보인다. 포렌식 수사에서는 이러한 악의적 행위를 빠르게 분석하고 여러 가지 증거를 수집하여 감염의 원인을 신속하게 파악하는 것이 요구된다. 본 논문에서는 USB 기반 악성코드에 감염된 시스템의 피해 흔적을 분석하고 패턴을 정형화하여 USB 기반 악성코드의 감염 여부를 판별하는 방법론을 제시한다.