• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.39-46
• /
• 2023

The purpose of this study is to introduce a proposed Framework for Evaluating the Return on Investment (ROI) of E-Learning Programs at Saudi Universities. To achieve this goal, the descriptive analysis methodology is used to analyze the literature review about e-learning and its evaluation from different viewpoints, especially from the ROI-related perspective. As well as the literature reviews related to ROI and the methods of calculating it inside society institutes. This study suggests a conceptual framework for evaluating the ROI of E-Learning Programs at Saudi Universities. This framework is based on the merging process among the analyze, design, develop, implement, and evaluate (ADDIE) model for designing e-learning programs, which gives detailed procedures for executing the program, several evaluating models for e-learning, and the Kirkpatrick model for evaluating the ROI of e-learning. It consists of seven stages (analysis, calculating the costs, design, development, implementation, calculation of the benefits, and calculation of the final ROI).

• Health Policy and Management
• /
• v.28 no.3
• /
• pp.210-216
• /
• 2018

National Health Insurance Service (NHIS) has put a great effort on extending life expectancy, for last 40 years. The system has also made remarkable outcomes in achieving universal health coverage. However, it is facing challenges of low health insurance benefits and sustainability risk due to low birth rate and aging society at the same time. To overcome the difficulties and build a lifelong health security system for the nation, it is required for NHIS to make multilateral changes in its roles. Based on the quantitative growth achieved so far, NHIS needs to strive for the growth in quality by not only increasing coverage and reforming contribution imposition system, but also reorganizing the relevant systems such as lifelong health management support, rational adjustment to the medical fee, and benefit costs monitoring. In addition, it's important for NHIS to restructure the organizational culture by having specialty and communicating with people for high quality of administration and health insurance sustainability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.8
• /
• pp.4025-4042
• /
• 2017

Session initiation protocol (SIP) is a kind of powerful and common protocols applied for the voice over internet protocol. The security and efficiency are two urgent requirements and admired properties of SIP. Recently, Hamed et al. proposed an efficient authentication and key agreement scheme for SIP. However, we demonstrate that Hamed et al.'s scheme is vulnerable to de-synchronization attack and cannot provide anonymity for users. Furthermore, we propose an improved and efficient authentication and key agreement scheme by using elliptic curve cryptosystem. Besides, we prove that the proposed scheme is provably secure by using secure formal proof based on Burrows-Abadi-Needham logic. The comparison with the relevant schemes shows that our proposed scheme has lower computation costs and can provide stronger security.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.11-16
• /
• 2022

Applying predictive analytics to predict software defects has improved the overall quality and decreased maintenance costs. Many supervised and unsupervised learning algorithms have been used for defect prediction on publicly available datasets. Most of these datasets suffer from an imbalance in the output classes. We study the impact of class imbalance in the defect datasets on the efficiency of the defect prediction model and propose a CPP method for handling imbalances in the dataset. The performance of the methods is evaluated using measures like Matthew's Correlation Coefficient (MCC), Recall, and Accuracy measures. The proposed sampling technique shows significant improvement in the efficiency of the classifier in predicting defects.

• Electronics and Telecommunications Trends
• /
• v.39 no.5
• /
• pp.40-48
• /
• 2024

Quantum computers can likely perform computations that are unattainable by classical computers, and they represent the next generation of computing technologies. Due to high costs and complex maintenance, direct ownership of quantum computers by individuals users is challenging. Future utilization is predicted to involve quantum computing servers performing delegated computations for clients lacking quantum capabilities, similar to the current utilization of supercomputing. This delegation model allows several users to benefit from quantum computing without requiring ownership, thereby providing innovation potential in various fields. Ensuring data privacy and computational integrity in this model is critical for ensuring the reliability of quantum cloud computing services. However, these requirements are difficult to achieve because classical security techniques cannot be directly applied to quantum computing. We review research on security protocols for the delegation of quantum computing with focus on data privacy and integrity verification. Our analysis covers the background of quantum computing, privacy-preserving quantum computational models, and recent research trends. Finally, we discuss challenges and future directions for secure quantum delegated computations, highlighting their importance for the commercialization and widespread adoption of quantum computing.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.4
• /
• pp.80-87
• /
• 2015

The proliferation of the Internet and communication technologies and applications, besides the conventional retailers, has led to a new form of distribution channel, namely home sopping through the telephone, TV, catalog or the Internet. The conventional and new distribution channels have different transaction costs perceived by the consumers in the following perspectives: the accessibility to the product information, the traffic cost and the opportunity cost for the time to visit the store, the possibility of 'touch and feel' to test the quality of the product, the delivery time and the concern for the security for the personal information. Difference in the transaction costs between the distribution channels results in the different selling prices even for the same product. Moreover, distribution channels with different selling prices necessarily result in different business surpluses. In this paper, we study the multilateral bargaining strategy of a manufacturer who sells a product through multiple distribution channels with different transaction costs. We first derive the Nash equilibrium solutions for both simultaneous and sequential bargaining games. The numerical analyses for the Nash equilibrium solutions show that the optimal bargaining strategy of the manufacturer heavily depends not only on the degree of competition between the distribution channels but on the difference of the business surpluses of the distribution channels. First, it is shown that there can be four types of locally optimal bargaining strategies if we assume the market powers of the manufacturer over the distribution channels can be different. It is also shown that, among the four local optimal bargaining strategies, simultaneous bargaining with the distribution channels is the most preferred bargaining strategy for the manufacturer.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.115-122
• /
• 2022

Component adaptation is widely recognized as one of the main problems of the components, used in component based software engineering (CBSE). We developed methods to adjust the components classified by the keywords. Three main methods are discussed in this article those methods are combined with several domain component interfaces, high level simple notation for the adapter design patterns. The automated process for classifying high-level components are using adaptation is novel to software engineering domain. All Specifications and many technologies for re-using software, CBD and further developments have been emerged in recent years. The effects of these technologies on program quality or software costs must be analyzed. The risk concerns a single technology and must identify its combinations. In this paper, we are going to discuss the methods to adapt components of different technologies

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.81-90
• /
• 2022

There are several ways to improve software performance by using existing software. So, the developments of some programs are the most promising ways. However, traditional part programming studies usually assume that the components are recycled "as is". Existing models of component objects only provide limited support for partial adjustments, namely white box technologies ( copy-paste & inheritance) and the black-box methods (such as mixing and encapsulation). These technologies have problems related to recovery, efficiency, implementation of indirect costs, or their own problems. This paper suggests as JALTREE, The Black Box adaptation technology, which allows us for the implementation of previous components, but we need configurable the interface types, for measuring the adaptability. In this article we discussed the types of adjustments including component interfaces and component composition. An example of customizing JALTREE and component can be illustrated in several examples