• Journal of the Korea Society for Simulation
• /
• v.10 no.4
• /
• pp.51-64
• /
• 2001

It is quite necessary that an organization's information network should be equipped with a proper security system based on its scale and importance. One of the effective methods is to use the simulation model for deciding which security policy and mechanism is appropriate for the complex network. Our goal is to build a foundation of knowledge-based modeling and simulation environment for the network security. With this environment, users can construct the abstracted model of security mechanisms, apply various security policies, and quantitatively analyze their security performance against possible attacks. In this study, we considered security domain from several points of view and implemented the models based on a systematic modeling approach. We enabled the model to include knowledge in modular fashion and provided well-defined guidelines for transforming security policy to concrete rule set.

• Journal of Radiation Industry
• /
• v.12 no.4
• /
• pp.303-310
• /
• 2018

Since Roentgen discovered X-rays, radiation sources have been utilized for many areas such as agriculture, industry, medicine and fundamental chemical research. As a result, human society has gained lots of benefits. However, if a radioactive material is used for the malicious purpose, it causes serious consequences to humanity and environment. Consequently, international organizations including International Atomic energy Agency (IAEA) have been emphasizing establishment and implementation of security management to prevent sabotage and illicit trafficking of radioactive materials. For this reason, the rule of technical standards of radiation safety management was revised and the public notice of security management regarding radioisotope was legislated in 2015 by Nuclear Safety and Security Commission (NSSC). Several radioactive sources which have to be regulated under the above rule and the public notice have been utilized in Advanced Radiation Technology Institute (ARTI) of Korea Atomic Energy Research Institute (KAERI). In order to control them properly, security management system such as access control and physical protection has been adapted since 2015. In this paper, we have analyzed the public notice of NSSC and its field application case. Based on the results, we are going to draw improvement on the public notice of NSSC and security system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.33-43
• /
• 2013

The research on data mining that can manage a large amount of information efficiently has grown with the drastic increment of information. Privacy-preserving data mining can protect the privacy of data owners. There are several privacy-preserving association rule, clustering and classification protocols. A privacy-preserving association rule protocol is used to find association rules among data, which is often used for marketing. In this paper, we propose a privacy-preserving k-bits inner product protocol based on Shamir's secret sharing.

• Journal of the Korea Society for Simulation
• /
• v.12 no.2
• /
• pp.63-73
• /
• 2003

The major objective of this paper is to propose the method of attacker and host modeling for cyber-attack simulation. In the security modeling and simulation for information assurance, it is essential the modeling of attacker that is able to generate various cyber-attack scenarios as well as the modeling of host, which is able to represent behavior on attack concretely The security modeling and simulation, which was announced by Cohen, Nong Ye and etc., is too simple to concretely analyze attack behavior on the host. And, the attacker modeling, which was announced by CERT, Laura and etc., is impossible to represent complex attack excepting fixed forms. To deal with this problem, we have accomplished attacker modeling by adopted the rule-based SES which integrates the existing SES with rule-based expert system for synthesis and performed host modeling by using the DEVS formalism. Our approach is to show the difference from others in that (ⅰ) it is able to represent complex and repetitive attack, (ⅱ) it automatically generates the cyber-attack scenario suitable on the target system, (ⅲ) it is able to analyze host's behavior of cyber attack concretely. Simulation tests performed on the sample network verify the soundness of proposed method.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.73-82
• /
• 2018

We often experience complex presence of files within the compute environment. It could be an end-user's desktop environment or a professional part of file management. We would like to suggest one way to manage these different cases of duplicate files. It is a rule-based file management tool, and we want to use it as a tool to consolidate facility management log files. In this paper, we will describe the rule-based file management tools and show examples of how files are managed using them. We are interested in the management of the disaster environment and would like to apply this method to the management of log data related to facilities to be considered in the event of a disaster.

• Journal of the Korea Society for Simulation
• /
• v.14 no.1
• /
• pp.9-18
• /
• 2005

Attempts to attack hosts in the network have become diverse, due to crackers developments of new creative attacking methods. Under these circumstances the role of intrusion detection system as a security system component gets considerably importance. Therefore, in this paper, we have suggested multiple intrusion detection system based on the contract net protocol which provides the communication among multiple agents. In this architecture, fuzzy rule based system has been applied for agent selection among agents competing for being activated. The simulation models are designed and implemented based on DEVS formalism which is theoretically well grounded means of expressing discrete event simulation models.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.115-125
• /
• 1995

본 논문에서는 컴퓨터 시스템에서 침입 감지 시스템을 설계함에 있어서 사용될 수 있는 새로운 방법인 Event Sequence Tracking 방법을 제안하였다. Event Sequence Tracking 방법에서는 컴퓨터 시스템의 공격방법을 크게 두가지로 분류한다. 첫번째는 일련의 시스템 명령어를 이용한 공격방법이고 두번째는 침입자 자신이 만들었거나 다른 사람으로부터 얻은 프로그램을 이용하는 방법이다. 첫번째 공격방법에 대한 감지방법은 시스템을 공격할 때 사용한 일련의 시스템 명령어들을 감사 데이타를 분석하여 찾아내고 이 결과를 기존에 알려진 공격 시나리오들과 비교하여 침입자를 찾아내는 방식이다. 두번째 공격방법에 대한 감지 방법은 보안 관리자가 정해놓은, 시스템에서 일반 사용자가 할 수 없는 행위에 관한 보안 정책에 따라 Key-Event 데이타 베이스를 만들고 여기에 해당하는 event의 집합을 감사 데이타에서 찾아내는 방법이다. Event Sequence Tracking 방법은 Rule-based Penetration Identification 방법의 일종으로서 시스템의 공격방법을 분류하여 컴퓨터 시스템에의 침입을 효과적으로 감지할 수 있다는 것과 rule-base의 생성과 갱신을 함에 있어서 보다 간단하게 할 수 있다는 장점을 갖는다.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.54 no.2
• /
• pp.67-72
• /
• 2005

This paper presents a method to select contingency ranking considering voltage security problems in power systems. Direct method which needs not the detailed knowledge of the post contingency voltage at each bus is used. Based on system operator's experience and knowledge, the membership functions for the MVAR mismatch and allowable voltage violation are justified describing linguistic representation with heuristic rules. Rule base is used for the computation of severity index for each contingency by fuzzy inference. Contingency ranking harmful to the system is formed by the index for security evaluation. Compared with 1P-1Q iteration, this algorithm using direct method and fuzzy inference shows higher computation speed and almost the same accuracy. The proposed method is applied to model system and KEPCO pratical system which consists of 311 buses and 609 lines to show its effectiveness.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.197-200
• /
• 2008

In most sensor networks, nodes can be easily compromised by adversaries due to hostile environments. Adversaries may use compromised nodes to inject false reports into the sensor networks. Such false report attacks will cause false alarms that can waste real-world response effort, and draining the finite amount of energy resource in the battery-powered network. A dynamic enroute scheme proposed by Yu and Guan can detect and drop such false reports during the forwarding phase. In this scheme, choosing a threshold value is very important, as it trades off between security power and energy consumption. In this paper, we propose a threshold determining method which uses the fuzzy rule-based system. The base station periodically determines a threshold value though the fuzzy rule-based system. The number of cluster nodes, the value of the key dissemination limit, and the remaining energy of nodes are used to determine the threshold value.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.135-148
• /
• 2004

Recently, it is difficult to block the spam mail that changes variously with past spam distinction method by words. To solve such problem, This paper propose the method of generating spam distinction rule using URL frequency analysis. It is consist of collecting spam, drawing URL that get into characteristic from collected spam mail. URL noonalizing, generating spam distinction rule by time frequency, and blocking mail. It can effectively block various types of spam mail and various forms of spam mail that change.