• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1509-1521
• /
• 2011

WfMC, which is one of the international standardization organizations leading the business process and workflow technologies, has been officially released the BPAF1.0 that is a standard format to record process instances' event logs according as the business process intelligence mining technologies have recently issued in the business process and workflow literature. The business process mining technologies consist of two groups of algorithms and their analysis techniques; one is to rediscover flow-oriented process-intelligence, such as control-flow, data-flow, role-flow, and actor-flow intelligence, from process instances' event logs, and the other has something to do with rediscovering relation-oriented process-intelligence like process-driven social networks and process-driven affiliation networks from the event logs. The current standardized format of BPAF1.0 aims at only supporting the control-flow oriented process-intelligence mining techniques, and so it is unable to properly support the relation-oriented process-intelligence mining techniques. Therefore, this paper tries to extend the BPAF1.0 so as to reasonably support the relation-oriented process-intelligence mining techniques, and the extended BPAF is termed BPAF2.0. Particularly, we have a plan to standardize the extended BPAF2.0 as not only the national standard specifications through the e-Business project group of TTA, but also the international standard specifications of WfMC.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.75-80
• /
• 2019

2018년까지 알려진 표적공격 그룹은 꾸준히 증가하여 현재 155개로 2016년 대비 39개가 증가하였고, 침해사고의 평균 체류시간(dwell-time)은 2016년 172일에서 2018년 204일로 32일이 증가하였다. 점점 다양해지고 심화되고 있는 APT(Advanced Persistent Threat)공격에 대응하기 위하여 국내외 기업들의 사이버 위협 인텔리전스(CTI; Cyber Threat Intelligence) 활용이 증가하고 있는 추세이다. 현재 KISA에서는 글로벌 동향에 발맞춰 CTI를 활용할 수 있는 시스템을 개발 중에 있다. 본 논문에서는 효율적인 CTI 활용을 위한 OSINT(Open Source Intelligence)기반 사이버 위협 정보 수집 및 연관관계 표현 시스템을 소개하고자 한다.

• The Journal of the Korea Contents Association
• /
• v.17 no.3
• /
• pp.231-237
• /
• 2017

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

• Korean System Dynamics Review
• /
• v.7 no.1
• /
• pp.5-26
• /
• 2006

Ever increasing dependence of organization on information technology stimulates interactions between individuals and groups in the process of knowledge creation, which overall impies that a reciprocal mechanism lies within the structure of the growth of group intelligence. Individual's intelligence may affect the group intelligence, and vise versa. However, the level of group intelligence is not necessarily determined by the sum of individual's intelligence but the quality of the interactions among the individuals. This study thus aims to conceptually identify the dynamic structure of interactions among the factors influencing the group intelligence level, which is believed to be used as a tool to measure the difference of intelligence between groups. To achieve this goal several attempts were made. First, determinants of intelligence at indiviual level and group level and similarities and differences between individual's and group intelligence were identified from the previous research. Second, causal loop diagrams were developed, which show how individual's intelligence influences group intelligence and vise versa. Third, it was attempted to identify and interpret which feedback loops are most influential in either improving or hapering group intelligence as a whole. Since this study remains only at exploratory level, a more detailed and workable model for field applications has to be developed in the future.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.63-72
• /
• 2013

Business Process Intelligence (BPI) is one of the emerging technologies in the knowledge discovery and analysis area. BPI deals with a series of techniques from discovering knowledge to analyzing the discovered knowledge in BPM-supported organizations. By means of the BPI technology, we are able to provide the full functionality of control, monitoring, prediction, and optimization of process-supported organizational knowledge. Particularly, we focus on the focal organizational knowledge, which is so-called the BPM activity-performer affiliation networking knowledge that represents the affiliated relationships between performers and activities in enacting a specific business process model. That is, in this paper we devise a statistical analysis method to be applied to the BPM activity-performer affiliation networking knowledge, and dubbed it the activity-performer correspondence analysis method. The devised method consists of a series of pipelined phases from the generation of a bipartite matrix to the visualization of the analysis result, and through the method we are eventually able to analyze the degree of correspondences between a group of performers and a group of activities involved in a business process model or a package of business process models. Conclusively, we strongly expect the effectiveness and efficiency of the human resources allotments, and the improvement of the correlational degree between business activities and performers, in planning and designing business process models and packages for the BPM-supported organization, through the activity-performer correspondence analysis method.

• Journal of Internet Computing and Services
• /
• v.24 no.5
• /
• pp.51-66
• /
• 2023

In this paper, we propose a new type of process discovery framework, which is named as control-path-driven process group discovery framework, to be used for process mining and process reengineering in supporting life-cycle management of business process models. In addition, we develop a process mining system based on the proposed framework and perform experimental verification through it. The process execution event logs applied to the experimental effectiveness and verification are specially defined as Process BIG-Logs, and we use it as the input datasets for the proposed discovery framework. As an eventual goal of this paper, we design and implement a control path-driven process group discovery algorithm and framework that is improved from the ρ-algorithm, and we try to verify the functional correctness of the proposed algorithm and framework by using the implemented system with a BIG-Log dataset. Note that all the process mining algorithm, framework, and system developed in this paper are based on the structural information control net process modeling methodology.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.