• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.9B
• /
• pp.1073-1081
• /
• 2011

An URL parameter can hold some information that is confidential or vulnerable to illegitimate tampering. We propose Link-E-Param(Link with Encrypted Parameters) to protect the whole URL parameter names as well as their values. Unlike other techniques concealing only some of the URL parameters, it will successfully discourage attacks based on URL analysis to steal secret information on the Web sites. We implement Link-E-Param in the form of a servlet filter to be deployed on any Java Web server by simply copying a jar file and setting a few configuration values. Thus it can be used for any existing Web application without modifying the application. It also supports numerous encryption algorithms to choose from. Experiments show that our implementation induces only 2~3% increase in user response time due to encryption and decryption, which is deemed acceptable.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.43-49
• /
• 2013

Web sites provide the first impression of an organization. For many organizations, web sites are crucial to ensure sales or to procure services within. When a person opens a web site, the first impression is probably made in a few seconds, and the user will either say or move on to the next site on the basis of many factors. One of the factors that may influence users to stay or go is the page aesthetics. Another reason may involve a user's judgment of the site's credibility. Our findings indicate that when the same content is presented using different levels of aesthetic treatment, the content with a higher aesthetic content credibility. Our study suggests that this effect is operational within the first few seconds in which a user views a web page. Given the same content, a higher aesthetic treatment will increase perceived credibility.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.39-49
• /
• 2009

In this paper, we classify web-based social network into two types: open and community, and model user behavior in social activities. After that, we also propose the combination of instant messaging and web system as the method of support asynchronous/synchronous social activities. Furthermore, we introduce ImCoWeb prototype system that supports both asynchronous social activities (ex. social bookmark, comment, rate, and data share) and synchronous ones (ex. real-time communication, file transfer, co-browsing, and co-work). Because it is built on the existing instant messaging, it reduces costs by reusing the facilities such as session management, user management, and security of instant messaging.

• Proceedings of the Korea Contents Association Conference
• /
• 2003.11a
• /
• pp.113-119
• /
• 2003

Both the highly developed computing environment and the rapid increase of the internet users enable the present web based cluster system accounting service to help many users access to numerous data at high speed. However, the information security of users and data is also as important as the convenience of the systematic environment. Especially, the significance of damage to the individuals and organizations resulted from the data outflow, hacking and malicious coding has risen up to one of the most essential problems in the internet service business. In this study, I suggest a more safe web based cluster system accounting service solution applying SEED, the Korean Telecommunications Technology Association (TTA) standard encryption algorithm.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.403-406
• /
• 2012

인터넷이 확산과 더불어 보안의 문제도 증가하고 있다. 이로 인해 네트워크 보안과 서비스에 대한 관리자의 책임 또한 더욱더 중요시 되고 있다. 본 논문에서는 웹로그를 분석하여 웹호스팅 환경에서 장시간 사용되지 않아 보안성이 약한 사용자 계정을 관리자로 하여금 시스템 보안의 틈새를 찾고 이를 해결할 수 있는 방안을 제시하였다. 이를 위해 WLA(Web Log Analyzer)를 구현하여 웹서버가 수행될 때 기록되는 각각의 로그를 분석한다. 그 결과 웹호스팅을 사용한 계정 이름의 수를 포함한 UUL(Used User List)를 구축하고 일정기간 사용하지 않는 호스팅 서비스 이용자를 찾아내고, 관리할 수 있게 한다.

• Journal of information and communication convergence engineering
• /
• v.5 no.1
• /
• pp.68-72
• /
• 2007

In this paper, we present robust and secure metering scheme to measure the number of interactions between clients and servers in the web, especially the web advertising. In most cases the web advertising is consists of advertisers, clients, servers, and an audit agency. The metering scheme should always be secure against fraud attempts by servers which maliciously try to inate the number of their visits and against clients that attempt to disrupt the metering process. We propose robust and secure metering scheme based on cryptographic techniques. By analyzing the proposed scheme we show that our scheme is more robust and secure than the previous schemes [1,2,4,5].

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1969-1972
• /
• 2003

최근 이 기종 시스템 및 애플리케이션의 상호호환을 위해 웹 기반 서비스에 대한 관심이 고조되어가고 있다. 웹의 편리함과 동시에 누구에게나 접근 가능한 웹의 개방성은 보안에 대한 문제점을 야기시키는데, 웹서비스 보안기술은 이에 대한 해결책을 제시하고 있다. 본고에서는 웹서비스 보안기술에 대해 살펴보고, 웹서비스 보안 기술의 취약점 및 이를 보완할 수 있는 향상방안에 대해 기술하고자 한다.

• IE interfaces
• /
• v.13 no.2
• /
• pp.258-265
• /
• 2000

EDI(Electronic Data Interchange) allows the exchange of business information and computer-processable data in a standard, structured format electronically between organizational entities. EDI handles the restructuring of a business document into the standard format so that it can be transmitted from one computer to another. This paper identifies features and technologies of web browsed electronic document exchange system as follows 1) the fundamental technologies that consists of the EDI technologies, the Internet/Web technologies, the security/authentication techniques, and the XML implementation technologies. 2) the functions that consists of the document standards, transfer technology of the document, encryption and authentication 3) the implemented Web-EDI systems that consists of document generation module, encryption and authentication module, transfer module, acknowledgement module, administration module. In this paper, the Web-based EDI system implemented from the researched technologies will be installed on the EDI servers owned by corporate customers and enable the exchange of documents between each installed companies.