• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1225-1233
• /
• 2015

This study investigates the effects of information security awareness arising from E-Commerce in terms of the Elaboration Likelihood Model(ELM) and analyzes the moderating effect of the trust's involvement and experience. Consumers are using E-Commerce Web sites, depending on the level of involvement and experience in E-Commerce. This study is based on the ELM, the information security awareness of consumer confidence in E-Commerce form, according to the degree of experience and involvement suggested a theoretical model to describe the effect that the scaling and, through empirical studies validation of model. Consumer confidence is formed the attitude of the E-Commerce company through different paths, depending on the type of awareness in the E-Commerce web site, this moderate has the effect of consumer involvement and experience. Studying the information security awareness of consumer in the on E-Commerce is considered to present a new perspective on trust.

• Journal of Industrial Convergence
• /
• v.21 no.3
• /
• pp.181-188
• /
• 2023

The e-Government standard framework provides overall technologies such as reuse of common components for web environment development such as domestic government/public institutions, connection of standard modules, and resolution of dependencies. However, in a standardized development environment, there is a possibility of updating old versions according to core versions and leakage of personal and confidential information due to hacking or computer viruses. This study directly analyzes security vulnerabilities focusing on websites that operate eGovFrame in Korea. As a result of analyzing/classifying vulnerabilities at the internal programming language source code level, five items associated with representative security vulnerabilities could be extracted again. As a countermeasure against this, the security settings and functions through the 2 steps (1st and 2nd steps) and security policy will be explained. This study aims to improve the security function of the e-government framework and contribute to the vitalization of the service.

• Journal of Digital Convergence
• /
• v.13 no.12
• /
• pp.193-202
• /
• 2015

The development of the security solutions that can provide a variety of security services is needed urgently. For development of the security solutions, analysis of international standard security technology is the key. In this paper, international organizations' standardization(ISO/IEC JTC1 SC27, ITU-T SG-17, IETF Security Area, etc.) and the current trend of the standard security technology are mainly analyzed. The core of the latest security technology(Application Bridging, DNS-based Authentication, HTTP Authentication, IP Security, Javascript Security, Authentication Technology Next Generation, Managed Incident, Web Authorization Protocol, Security Automation, Transport Layer Security, etc.) is analyzed focusing on 18 working groups of the IETF.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.5
• /
• pp.319-324
• /
• 2014

Web applications make life more convenient. Many web applications have several kinds of user input (e.g. personal information, a user's comment of commercial goods, etc.) for the activities. On the other hand, there are a range of vulnerabilities in the input functions of Web applications. Malicious actions can be attempted using the free accessibility of many web applications. Attacks by the exploitation of these input vulnerabilities can be achieved by injecting malicious web code; it enables one to perform a variety of illegal actions, such as SQL Injection Attacks (SQLIAs) and Cross Site Scripting (XSS). These actions come down to theft, replacing personal information, or phishing. The existing solutions use a parser for the code, are limited to fixed and very small patterns, and are difficult to adapt to variations. A machine learning method can give leverage to cover a far broader range of malicious web code and is easy to adapt to variations and changes. Therefore, this paper suggests the adaptable classification of malicious web code by machine learning approaches for detecting the exploitation user inputs. The approach usually identifies the "looks-like malicious" code for real malicious code. More detailed classification using sequence information is also introduced. The precision for the "looks-like malicious code" is 99% and for the precise classification with sequence is 90%.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.9-14
• /
• 2010

The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3219-3237
• /
• 2019

The Cloud Computing is growing rapidly in the current IT industry. Cloud computing has become a buzzword in relation to Grid & Utility computing. It provides on demand services to customers and customers will pay for what they get. Various "Cloud Service Provider" such as Microsoft Azure, Google Web Services etc. enables the users to access the cloud in cost effective manner. However, security, privacy and integrity of data is a major concern. In this paper various security challenges have been identified and the survey briefs the comprehensive overview of various security issues in cloud computing. The classification of security issues in cloud computing have been studied. In this paper we have discussed security challenges in cloud computing and also list recommended methods available for addressing them in the literature.

• Journal of Korean Society of societal Security
• /
• v.2 no.1
• /
• pp.81-89
• /
• 2009

A web-based information management system to share engineering data of truss bridge is developed through construction of standardized database of truss bridge. 3D shape information is stored in database according to AP 203 of STEP, and 3D visualization on the web is implemented by using the web 3D technology that helps users to understand geometrical shape of structures, directly. AP209 is used to store structural analysis information such as finite elements, material properties, and analysis result into relational database. Based on the developed database, a prototype of integrated information management system for truss bridge is developed, and it provides additional information such as specifications and inspection information related with shape object to end users.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.225-234
• /
• 2015

With the growing number of people that use web services, the perception of the importance of securing web applications is also increasing. There are many different types of attacks that target web applications. In the rapidly-changing knowledge and information society, which came into being with the advancements made in information and communication technology, there is currently an urgent need for building web sites for the purposes of developing one's creativity and character. In this paper, attack schemes that use SQL injections and XSS and target educational digital curation systems which provide educational contents with the aim of developing of one's creativity and character are analyze, in terms of how the attacks are carried out and their vulnerabilities. Furthermore, it suggests ways of dealing appropriately with these web-based attacks that use SQL injections and XSS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.9B
• /
• pp.1073-1081
• /
• 2011

An URL parameter can hold some information that is confidential or vulnerable to illegitimate tampering. We propose Link-E-Param(Link with Encrypted Parameters) to protect the whole URL parameter names as well as their values. Unlike other techniques concealing only some of the URL parameters, it will successfully discourage attacks based on URL analysis to steal secret information on the Web sites. We implement Link-E-Param in the form of a servlet filter to be deployed on any Java Web server by simply copying a jar file and setting a few configuration values. Thus it can be used for any existing Web application without modifying the application. It also supports numerous encryption algorithms to choose from. Experiments show that our implementation induces only 2~3% increase in user response time due to encryption and decryption, which is deemed acceptable.