• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.17-22
• /
• 2013

Impersonation attack, based on vulnerable security of SIP, facilitate a intruder to take malicious actions such as toll fraud and session hijacking. This paper suggests a new technique for a countermeasure. When receiving a register request message, registrar checks whether the value of Form header or the value of Call-ID header is stored in location server or not. If the record containing either of them are stored and periodically updated, we regard that message as impersonation attack and discard it. Since this technique uses the information stored in server instead of adding encryption mechanism for user authentication, it can easily build securer SIP environment.

• The Journal of the Korea Contents Association
• /
• v.8 no.2
• /
• pp.195-204
• /
• 2008

With the growth of airline management, as well as computer and IT security, the international trade in this modern society has been rapidly increasing, Along with the advancing, airplanes have become a universal means of communication. However, the complications associated with airplane safety have also been brought up as a result, the most concerning of which is terrorism. One of the main counterplans for preventing terrorism is Ground security activities the core of Ground security activities is absolute safety for passengers in both passenger terminal and freight terminal. Subastral security refers to physical protection, proximity control and 100% security search and freight guarding of the passengers' possessions, and the personnel's duties to perform such jobs are be! coming more crucial. On the other hand, Airport security check has bee n gradually developing since the 1960's, when hijacking began to take place. Although the airports have been providing more safe and comfortable services to their customers, terrorism is still happening today. When Ground security activities is minute, the users feel displeasure and discomfort, yet considering solely their convenience can brings problems in achieving safety. Since the 9.11 terror in 2001, the idea of improving and strengthening airport security was reinforced and a considerable amount of estate is being spent today for invention and application of new technology. Various nations, including the United States, have been improving their systems of security through public services; public police department is actively carrying out their duties in airports as well. In San Francisco International Airport, private police department is in charge of collection of data, national events, VIP protection, law enforcement, cooperation within facilities, daily-based patrol and traffic control. Under guidance and supervision of national organizations, such as TSA, general police department interprets X-Rays, operates metal detectors, checks passports or IDs and observes reactions to explosives. Under these circumstances, studies about advancement of cooperation and duties of general police department and private police department necessitated: especially about private police department and their training for searching equipments, decrease in number of turn over rate, invention of technology and prior settlement in estate for security. The privacy of the public, who make up the major population of airport passengers, must also be minimized. In the following research, the activities of police departments in San Francisco International Airport will be analyzed in order to understand recent actions of the United States on airport security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.273-277
• /
• 2013

Phishing attacks have been implemented in smarter, more advanced ways with the passage of time. Hackers use intelligent phishing attacks to take over computers and to penetrate internal networks in major organizations. So, in this paper, a model for a prevention of phishing attack spread is conceptual designed in order to protect internal users and sensitive or important information from sophisticated phishing attacks. Internal users simultaneously utilize both external web and organizational mail services. And hackers can take the both side equally as a vector. Thus, packets in each service must be monitored and stored to recognize threatening elements from both sides. The model designed in this paper extends the mail server based security structure used in conventional studies for the protection of Internet mail services accessed by intranet users. This model can build a list of phishing sites as the system checks e-mails compared to that of the method that directly intercepts accesses to phishing sites using a proxy server, so it represents no standby time for request and response processes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.10B
• /
• pp.639-647
• /
• 2005

When a DEV associates with an existing WPAN, the PNC checks the capabilities of the new DEV to see if it is more capable to be the PNC of the piconet based on the criteria defined in the IEEE Std 802.15. If the new DEV is more capable and the current security policies allow it, then the PNC has the option of handing over control of the piconet to the DEV that has just joined. And, If the PNC is shutting down or wants to leave the WPAN, it also uses the handover process to give control to another DEV in the piconet. However, IEEE 802.15.3 checks only DEV capability information for more PNC capable. For PNC selection, it should consider the radio coverage of new PNC capable DEVs. So, we propose the method of PNC selection with accessibility check. This method manages PNC candidate list in the current piconet. In this paper, we analyze accessibility problems for PNC selection in section 2. In section 3, we explain CI(Configuration Inquiry) process which is proposed by Sony Corporation and propose PCI(PNC Candidate Inquiry) process. Also, we perform numerical analysis to compare PCI process with CI process in section 4. Finally, we conclude in section 5.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.17-25
• /
• 2014

In the devices that leave video records, it is an important issue to distinguish whether the input image is a real object or a photo when securing an identifying image. Using a single image and sensor, which is a simple way to distinguish the target from distance measurement has many weaknesses. Thus, this paper proposes a way to distinguish a simple photo and a real object by using stereo images. It is not only measures the distance to the target, but also checks a three-dimensional effect by making the depth map of the face area. They take pictures of the photos and the real faces, and the measured value of the depth map is applied to the learning algorithm. Exactly through iterative learning to distinguish between the real faces and the photos looked for patterns. The usefulness of the proposed algorithm was verified experimentally.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.113-120
• /
• 2020

KISTI(Korea Institute of Science and Technology Information) provides HPC(High Performance Computing) service to users of university, institute, government, affiliated organization, company and so on. The NURION, supercomputer that launched its official service on Jan. 1, 2019, is the fifth supercomputer established by the KISTI. The NURION has 25.7 petaflops computation performance. Understanding how supercomputing services are used and how researchers are using is critical to system operators and managers. It is central to monitor and analysis network traffic. In this paper, we briefly introduce the NURION system and supercomputing service network with security configuration. And we describe the monitoring system that checks the status of supercomputing services in real time. We analyze inbound/outbound traffics and abnormal (attack) IP addresses data that are collected in the NURION supercomputing service network for 11 months (from January to November 1919) using time series and correlation analysis method.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1706-1727
• /
• 2023

Under Water Sensor Networks (UWSN) has gained attraction among various communities for its potential applications like acoustic monitoring, 3D mapping, tsunami detection, oil spill monitoring, and target tracking. Unlike terrestrial sensor networks, it performs an acoustic mode of communication to carry out collaborative tasks. Typically, surface sink nodes are deployed for aggregating acoustic phenomena collected from the underwater sensors through the multi-hop path. In this context, UWSN is constrained by factors such as lower bandwidth, high propagation delay, and limited battery power. Also, the vulnerabilities to compromise the aquatic environment are in growing numbers. The paper proposes an Energy-Efficient standalone Intrusion Detection System (EEIDS) to entail the acoustic environment against malicious attacks and improve the network lifetime. In EEIDS, attributes such as node ID, residual energy, and depth value are verified for forwarding the data packets in a secured path and stabilizing the nodes' energy levels. Initially, for each node, three agents are modeled to perform the assigned responsibilities. For instance, ID agent verifies the node's authentication of the node, EN agent checks for the residual energy of the node, and D agent substantiates the depth value of each node. Next, the classification of normal and malevolent nodes is performed by determining the score for each node. Furthermore, the proposed system utilizes the sheep-flock heredity algorithm to validate the input attributes using the optimized probability values stored in the training dataset. This assists in finding out the best-fit motes in the UWSN. Significantly, the proposed system detects and isolates the malicious nodes with tampered credentials and nodes with lower residual energy in minimal time. The parameters such as the time taken for malicious node detection, network lifetime, energy consumption, and delivery ratio are investigated using simulation tools. Comparison results show that the proposed EEIDS outperforms the existing acoustic security systems.

• Health Policy and Management
• /
• v.29 no.2
• /
• pp.105-111
• /
• 2019

On December 31, 2018, an incident occurred where a doctor was attacked and killed by a patient carrying a lethal weapon in the outpatients' clinic of the psychiatric department of a tertiary general hospital. The suspect was diagnosed with bipolar affective disorder (manic depressive disorder) and has been hospitalized and cared for in the psychiatric ward of this hospital. This incident illustrates the necessity of more active cures and therapeutic intervention for mental patients with intellectual developmental disorders who require treatment considering the fact that a radical outcome has been caused by such a patient. However, on the other hand, there is also a need for an approach and analysis from the perspective of crime prevention for all medical departments. The reason for this is that even a tertiary general hospital equipped with the largest human resources, medical devices, facilities, and so forth, is susceptible to violence. As for illegal actions perpetrated against health and medical service personnel in medical institutions, such as verbal abuse, assault, injury, etc. there have neither been understanding shown for the current extent of damage in detail, nor discussions of active institutional improvement related to the seriousness of the act. It can be said that violence in the field of medical treatment is a realm requiring serious discussion and appropriate remedial actions. This is because when such incidents take place, if a patient who is supposed to get treatment from the damaged health care provider is in an urgent situation or on the waiting list of serious cases, he or she could suffer serious damage caused by deprivation of treatment opportunity, or secondary damage might be caused to the patient and/or a guardian who can hardly have an opportunity to take action. Accordingly, in this review, we would like to help create the necessary conditions for both health and medical service personnel and patients/guardians, respectively, to provide and receive medical treatment in a more secure environment. Therefore, objective assessment of the institution and issues relating to this aforementioned incident and general cases of violence occurring in medical institutions, and by suggesting legal and institutional improvements and solutions.