• Journal of KIISE:Software and Applications
• /
• v.35 no.9
• /
• pp.538-546
• /
• 2008

It has limits that system administrator deals with many problems occurred in systems because computing environments are increasingly complex. It is issued that systems have an ability to recognize system's situations and adapt them by itself in order to resolve these limits. But it requires much experiences and knowledge to build the Self-Adaptive System. The difficulty that builds the Self-Adaptive System has been problems. This paper proposes a technique that generates automatically the codes of the Self-Adaptive System in order to make the system to be built more easily. This Self-Adaptive System resolves partially the problems about ineffectiveness of the exceeded usage of the system resource that was previous research's problem and incorrect operation that is occurred by external factors such as virus. In this paper, we applied the proposed approach to the file transfer module that is in the video conferencing system in order to evaluate it. We compared the length of the codes, the number of Classes that are created by the developers, and development time. We have confirmed this approach to have the effectiveness.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.8B
• /
• pp.630-636
• /
• 2012

In this paper, we propose an improved Multi Gray-Leveling scheme which reduces the problems of the existing Multi Gray-Leveling scheme suggested as a way of prevention against call spam in VoIP environment. The existing scheme having two different time period distinguishes the possibility of call spam by checking the call interval, so that it prevents the spammer's avoidance controlling the call interval. This is the strength of the existing one but it can misunderstand the normal user as a spammer due to taking long term time period. To solve this problem, this paper proposes the upgrade scheme which utilizes the receiver's action pattern as well as the caller's action pattern. It has such a good strength that can do gray leveling via the collected information in the database of VoIP service provider without user's direct involvement. Hence it can be a very effective way of VoIP spam detection.

• Journal of the Korea Convergence Society
• /
• v.12 no.1
• /
• pp.11-17
• /
• 2021

If a vulnerability in the software connected to the network to obtain the user's privilege, a remote attacker could gain the privilege to use the computer. In addition, in a user environment in which an operating system for a specific series is used a lot, if a problem occurs in the operating system, considerable damage can occur. In particular, If an error is a security vulnerability, it can be a very big problem. Various studies have been conducted to find and respond to vulnerabilities in such a situation. Among various security technologies, the fuzzing technology is one of the most effective technologies to find errors in software. In this paper, I designed and implemented a fuzzing agent that can detect buffer overflow vulnerabilities that can occur in various applications. Through this fuzzing agent, application developers will be able to realize a more secure computing environment in which they can discover and fix vulnerabilities in their own applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1115-1130
• /
• 2020

Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.

• Knowledge Management Research
• /
• v.22 no.4
• /
• pp.283-301
• /
• 2021

RPA (Robotic Process Automation) technology has recently been spotlighted to preemptively respond to the 4th industrial revolution without spending a lot of time and money to improve various existing business and IT processes. In this study, variables affecting intention to use RPA technology were representatively identified into three positive factors and three negative factors, and the causal relationship between the effects of these variables on actual RPA acceptance intention was examined. After conducting an email survey for general office workers, structural equation analysis (SEM) was performed using SPSS 27.0 and SmartPLS 3.3.5. The second order factor of a positive perception consisting of security, accuracy, and efficiency, and the second order factor of a negative perception consisting of job security, execution error, and fear of introduction failure. The positive perception affected the intention to use RPA through perceived usefulness and perceived ease. It was confirmed that the negative perception has a mediating effect on the intention to use RPA through acceptance conflict. In addition, it was confirmed that the presence or absence of experience in using RPA interacts with perceived ease and has a moderating effect on intention to use RPA. It can be said that there is practical and theoretical implications from the point of view of knowledge management in that it allows companies to recognize and respond to which factors are important from the point of view of companies that want to use RPA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Journal of Korean Elementary Science Education
• /
• v.28 no.3
• /
• pp.292-303
• /
• 2009

In this study, we investigated the characteristics of the analogies, the mapping understanding, and the mapping errors on saturated solution of scientifically-gifted and general elementary students. Fifth graders (n=60) at four scientifically-gifted education institutes in Seoul and/or Gyeonggi province and fifth graders (n=91) at three elementary schools in Seoul were selected and assigned to the scientifically-gifted group and the general group respectively. After the students of each group performed the experiment and were taught about the target concept in the first class, they administered the test on the self-generating analogies on the target concept in the second class. The results revealed that the students in the scientifically-gifted group made more analogies, especially verbal/pictorial, structural/functional, enriched, and higher systematic ones, and had deeper understanding of the analogy than those in the general group. The numbers of the shared attributes included in the student-generated analogies and the scores of the mapping understanding of the students in the scientifically-gifted group were significantly higher than those in the general group. The students in the scientifically-gifted group had fewer mapping errors than those in the general group. However, not a few students in the scientifically-gifted group had at least one mapping error. Educational implications of these findings are discussed.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.223-230
• /
• 2009

Among the remote user authentication schemes, password-based authentication methods are the most widely used. In 2004, Das et al. proposed a "Dynamic ID Based Remote User Authentication Scheme" that is the password based scheme with smart-cards, and is the light-weight technique using only one-way hash algorithm and XOR calculation. This scheme adopts a dynamic ID that protects against ID-theft attack, and can resist replay attack with timestamp features. Later, many flaws of this scheme were founded that it allows any passwords to be authenticated, and can be vulnerable to impersonation attack, and guessing attack. By this reason many modifications were announced. These scheme including all modifications are similarly maintained security against replay the authentication message attack by the timestamp. But, if advisory can replay the login immediately, this attempt can be succeeded. In this paper, we analyze the security vulnerabilities of Das scheme, and propose improved scheme which can resist on real-time replay attack using the counter of authentication. Besides our scheme still secure against impersonation attack, guessing attack, and also provides mutual authentication feature.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.45-54
• /
• 2006

Nowadays, a lot of techniques have been applied for the detection of malicious behavior. However, the current techniques taken into practice are facing with the challenge of much variations of the original malicious behavior, and it is impossible to respond the new forms of behavior appropriately and timely. There are also some limitations can not be solved, such as the error affirmation (positive false) and mistaken obliquity (negative false). With the questions above, we suggest a new method here to improve the current situation. To detect the malicious code, we put forward dealing with the basic source code units through the conceptual graph. Basically, we use conceptual graph to define malicious behavior, and then we are able to compare the similarity relations of the malicious behavior by testing the formalized values which generated by the predefined graphs in the code. In this paper, we show how to make a conceptual graph and propose an efficient method for similarity measure to discern the malicious behavior. As a result of our experiment, we can get more efficient detection rate.

• Journal of the Society of Disaster Information
• /
• v.13 no.4
• /
• pp.550-561
• /
• 2017

This paper deals with the improving issues and methods for 119 dispatcher's work and training manual in order to improve their emergency response ability in Korea. Firstly, it was investigated and compared on manuals and training methods for the reception of emergency calls between South Korea and the USA. And then, specific improvement methods were considered by questionnaire for 95 dispatchers who work at 119 communication center in Gyeonggi-do in the basis of surveys. As a result, people and equipment related to 119 have been continuously upgraded, however, their work depend on their personal experiences and capabilities but because of the insufficient pretraining for the dispatchers. Also, the manpower is still insufficient overall compared to the work. Therefore, it is necessary to secure the expertise of the dispatchers through the systematic training program and proper training and test standards for 119 dispatchers, and to prevent errors in the logic of the situation and systematize their work by standardizing the response work and arranging appropriate manpower.