• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.4
• /
• pp.805-821
• /
• 2011

Wireless Sensor Networks (WSNs) are rapidly emerging because of their potential applications available in military and civilian environments. Due to unattended and hostile deployment environments, shared wireless links, and inherent resource constraints, providing high level security services is challenging in WSNs. In this paper, we revisit various security attack models and analyze them by using a well-known standard notation, Unified Modeling Language (UML). We provide a set of UML collaboration diagram and sequence diagrams of attack models witnessed in different network layers: physical, data/link, network, and transport. The proposed UML-based analysis not only can facilitate understanding of attack strategies, but can also provide a deep insight into designing/developing countermeasures in WSNs.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.66 no.2
• /
• pp.76-81
• /
• 2017

In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.63-70
• /
• 2016

With the development of information and communication technologies like internet, the environment where people are able to access internet at any time and at any place has been established. As a result, cyber threats have been tried through various routes. Of cyber threats, DDoS is on the constant rise. For DDoS prediction modeling, this study drew a DDoS security index prediction formula on the basis of event data by using a statistical technique, and quantified the drawn security index. It is expected that by using the proposed security index and coming up with a countermeasure against DDoS threats, it is possible to minimize damage and thereby the prediction model will become objective and efficient.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.121-134
• /
• 2017

With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4 big steps, Security requirements, Design, Implementation and Operation and each step has own goals and activities. Deriving security requirements, the first step of SDLC, must be accurate and objective because it affect the rest of the SDLC. For accurate and objective security requirements, Threat modeling is used. And the results of the threat modeling can satisfy the completeness of scope of analysis and the traceability of threats. In many countries, academic and IT company, a lot of researches about drawing security requirements systematically are being done. But in domestic, awareness and researches about deriving security requirements systematically are lacking. So in this paper, I described about method and process to drawing security requirements systematically by using threat modeling including DFD, STRIDE, Attack Library and Attack Tree. And also security requirements are described via Common Criteria for delivering objective meaning and broad use of them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.1-12
• /
• 2023

With the rapid increase of user generated data on digital platforms, the task of categorizing and classifying theses huge data has become difficult. Topic modeling is an unsupervised machine learning technique that can be used to get a summary from a large collection of documents. Topic modeling has been widely used in English content, yet the application of topic modeling in Arabic language is limited. Therefore, the aim of this paper is to provide a systematic review of the application of topic modeling algorithms in Arabic content. Using a well-known and trusted databases including ScienceDirect, IEEE Xplore, Springer Link, and Google Scholar. Considering the publication date from 2012 to 2022, we got 60 papers. After refining the papers based on predefined criteria, we resulted in 32 papers. Our result show that unfortunately the application of topic modeling techniques in Arabic content is limited.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.183-192
• /
• 2004

As the use of the Internet has explosively increased, it is likely for the Internet to be exposed to various attacks. Modeling the Internet attacks is essential to simulate the attacks. However, the existing studies on attack modeling have mainly focused on classifying and categorizing the attacks and consequently they are not suitable to representing attack scenarios in the Internet security simulation. In this paper, we introduce the existing methods of attack modeling, and propose an adapted attack modeling to properly express the properties for the Internet security simulator. The adapted attack modeling suggests a solution to the problems of the existing attack tree modelings, such as difficulty of composing complex scenarios ambiguity of attack sequence, lack of system state information. And it can represent simultaneous, precise time-dependent attack, and attack period, which are nearly impossible to be represented in many other existing methods.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.92-98
• /
• 2008

Network data modeling is a essential research for the evaluation for intrusion detection systems performance, network modeling and methods for analyzing network data. In network data modeling, real data from the network must be analyzed and the modeled data must be efficiently composed to reflect a sufficient amount of the original data. In this parer the useful elements of real network data were quantified from packets captured from a huge network. Futhermore, a statistical analysis method was used to find the most effective element for efficiently classifying the modeled data.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.397-402
• /
• 2006

디지털 범죄 수사 능력은 디지털 포렌식 기술 개발 뿐만 아니라 정책적인 수사체계가 얼마나 잘되어 있느냐에 따라 달라진다. 점차 다양화 되고 지능화 되어가는 디지털 범죄를 수사하기 위해서는 디지털 범죄 수사 체계 모델링이 필요하다. 따라서 본고에서는 디지털 범죄의 종류와 그에 적합한 수사 절차를 언급하고, UML(Unified Modeling Language)을 이용하여 디지털 범죄 수사 절차를 체계화하고 모델링하는 방법을 제시하고자 한다.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.67-75
• /
• 2022

Due to the COVID-19 pandemic, many companies have introduced remote work. However, the introduction of remote work has increased attacks on companies to access sensitive information, and many companies have begun to use cloud services to respond to security threats. This study used LDA topic modeling techniques by collecting news data with the keyword 'cloud security' to analyze changes in domestic cloud security trends before and after the COVID-19 pandemic. Before the COVID-19 pandemic, interest in domestic cloud security was low, so representation or association could not be found in the extracted topics. However, it was analyzed that the introduction of cloud is necessary for high computing performance for AI, IoT, and blockchain, which are IT technologies that are currently being studied. On the other hand, looking at topics extracted after the COVID-19 pandemic, it was confirmed that interest in the cloud increased in Korea, and accordingly, interest in cloud security improved. Therefore, security measures should be established to prepare for the ever-increasing usage of cloud services.