• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• Journal of Intelligence and Information Systems
• /
• v.22 no.1
• /
• pp.107-118
• /
• 2016

The advent of 5G mobile communications, which is expected in 2020, will provide many services such as Internet of Things (IoT) and vehicle-to-infra/vehicle/nomadic (V2X) communication. There are many requirements to realizing these services: reduced latency, high data rate and reliability, and real-time service. In particular, a high level of reliability and delay sensitivity with an increased data rate are very important for M2M, IoT, and Factory 4.0. Around the world, 5G standardization organizations have considered these services and grouped them to finally derive the technical requirements and service scenarios. The first scenario is broadcast services that use a high data rate for multiple cases of sporting events or emergencies. The second scenario is as support for e-Health, car reliability, etc.; the third scenario is related to VR games with delay sensitivity and real-time techniques. Recently, these groups have been forming agreements on the requirements for such scenarios and the target level. Various techniques are being studied to satisfy such requirements and are being discussed in the context of software-defined networking (SDN) as the next-generation network architecture. SDN is being used to standardize ONF and basically refers to a structure that separates signals for the control plane from the packets for the data plane. One of the best examples for low latency and high reliability is an intelligent traffic system (ITS) using V2X. Because a car passes a small cell of the 5G network very rapidly, the messages to be delivered in the event of an emergency have to be transported in a very short time. This is a typical example requiring high delay sensitivity. 5G has to support a high reliability and delay sensitivity requirements for V2X in the field of traffic control. For these reasons, V2X is a major application of critical delay. V2X (vehicle-to-infra/vehicle/nomadic) represents all types of communication methods applicable to road and vehicles. It refers to a connected or networked vehicle. V2X can be divided into three kinds of communications. First is the communication between a vehicle and infrastructure (vehicle-to-infrastructure; V2I). Second is the communication between a vehicle and another vehicle (vehicle-to-vehicle; V2V). Third is the communication between a vehicle and mobile equipment (vehicle-to-nomadic devices; V2N). This will be added in the future in various fields. Because the SDN structure is under consideration as the next-generation network architecture, the SDN architecture is significant. However, the centralized architecture of SDN can be considered as an unfavorable structure for delay-sensitive services because a centralized architecture is needed to communicate with many nodes and provide processing power. Therefore, in the case of emergency V2X communications, delay-related control functions require a tree supporting structure. For such a scenario, the architecture of the network processing the vehicle information is a major variable affecting delay. Because it is difficult to meet the desired level of delay sensitivity with a typical fully centralized SDN structure, research on the optimal size of an SDN for processing information is needed. This study examined the SDN architecture considering the V2X emergency delay requirements of a 5G network in the worst-case scenario and performed a system-level simulation on the speed of the car, radius, and cell tier to derive a range of cells for information transfer in SDN network. In the simulation, because 5G provides a sufficiently high data rate, the information for neighboring vehicle support to the car was assumed to be without errors. Furthermore, the 5G small cell was assumed to have a cell radius of 50-100 m, and the maximum speed of the vehicle was considered to be 30-200 km/h in order to examine the network architecture to minimize the delay.

• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Journal of Intelligence and Information Systems
• /
• v.24 no.2
• /
• pp.195-220
• /
• 2018

In this study, we conducted an empirical analysis of the factors that affect the change of Bitcoin Closing Price. Previous studies have focused on the security of the block chain system, the economic ripple effects caused by the cryptocurrency, legal implications and the acceptance to consumer about cryptocurrency. In various area, cryptocurrency was studied and many researcher and people including government, regardless of country, try to utilize cryptocurrency and applicate to its technology. Despite of rapid and dramatic change of cryptocurrencies' price and growth of its effects, empirical study of the factors affecting the price change of cryptocurrency was lack. There were only a few limited studies, business reports and short working paper. Therefore, it is necessary to determine what factors effect on the change of closing Bitcoin price. For analysis, hypotheses were constructed from three dimensions of consumer, industry, and macroeconomics for analysis, and time series data were collected for variables of each dimension. Consumer variables consist of search traffic of Bitcoin, search traffic of bitcoin ban, search traffic of ransomware and search traffic of war. Industry variables were composed GPU vendors' stock price and memory vendors' stock price. Macro-economy variables were contemplated such as U.S. dollar index futures, FOMC policy interest rates, WTI crude oil price. Using above variables, we did times series regression analysis to find relationship between those variables and change of Bitcoin Closing Price. Before the regression analysis to confirm the relationship between change of Bitcoin Closing Price and the other variables, we performed the Unit-root test to verifying the stationary of time series data to avoid spurious regression. Then, using a stationary data, we did the regression analysis. As a result of the analysis, we found that the change of Bitcoin Closing Price has negative effects with search traffic of 'Bitcoin Ban' and US dollar index futures, while change of GPU vendors' stock price and change of WTI crude oil price showed positive effects. In case of 'Bitcoin Ban', it is directly determining the maintenance or abolition of Bitcoin trade, that's why consumer reacted sensitively and effected on change of Bitcoin Closing Price. GPU is raw material of Bitcoin mining. Generally, increasing of companies' stock price means the growth of the sales of those companies' products and services. GPU's demands increases are indirectly reflected to the GPU vendors' stock price. Making an interpretation, a rise in prices of GPU has put a crimp on the mining of Bitcoin. Consequently, GPU vendors' stock price effects on change of Bitcoin Closing Price. And we confirmed U.S. dollar index futures moved in the opposite direction with change of Bitcoin Closing Price. It moved like Gold. Gold was considered as a safe asset to consumers and it means consumer think that Bitcoin is a safe asset. On the other hand, WTI oil price went Bitcoin Closing Price's way. It implies that Bitcoin are regarded to investment asset like raw materials market's product. The variables that were not significant in the analysis were search traffic of bitcoin, search traffic of ransomware, search traffic of war, memory vendor's stock price, FOMC policy interest rates. In search traffic of bitcoin, we judged that interest in Bitcoin did not lead to purchase of Bitcoin. It means search traffic of Bitcoin didn't reflect all of Bitcoin's demand. So, it implies there are some factors that regulate and mediate the Bitcoin purchase. In search traffic of ransomware, it is hard to say concern of ransomware determined the whole Bitcoin demand. Because only a few people damaged by ransomware and the percentage of hackers requiring Bitcoins was low. Also, its information security problem is events not continuous issues. Search traffic of war was not significant. Like stock market, generally it has negative in relation to war, but exceptional case like Gulf war, it moves stakeholders' profits and environment. We think that this is the same case. In memory vendor stock price, this is because memory vendors' flagship products were not VRAM which is essential for Bitcoin supply. In FOMC policy interest rates, when the interest rate is low, the surplus capital is invested in securities such as stocks. But Bitcoin' price fluctuation was large so it is not recognized as an attractive commodity to the consumers. In addition, unlike the stock market, Bitcoin doesn't have any safety policy such as Circuit breakers and Sidecar. Through this study, we verified what factors effect on change of Bitcoin Closing Price, and interpreted why such change happened. In addition, establishing the characteristics of Bitcoin as a safe asset and investment asset, we provide a guide how consumer, financial institution and government organization approach to the cryptocurrency. Moreover, corroborating the factors affecting change of Bitcoin Closing Price, researcher will get some clue and qualification which factors have to be considered in hereafter cryptocurrency study.

• Journal of Hospice and Palliative Care
• /
• v.1 no.1
• /
• pp.39-46
• /
• 1998

Purpose : Hospice Care is considered as one of the most perfect solutions for the problems brought up as the number of chronically ill patients are increasing rapidly and most of social welfare oriented countries are seeking the quality of life. Our former studies(1996, 1997) were to find out the current status of the hospice care in Korea by surveying terminally ill patients and their family members as well as medical professionals. The former study was also to conduct the operation research by developing an information service system for training of hospice care teams and volunteers, and hospice patients management. The purpose of this study was that hospice information service system was tested by home visiting hospice care through visiting nurses. Methods : From October 1, 1997 to March 31, 1998, Twenty six terminal cancer patients were included in this study from Seoul National University Hospital and other hospital. Databases and homepage, hospice information service system were designed and developed for the information needed for the hospice care before this study by our research team and this services were available through the internet. Visiting nurses were trained about this system and they visited the patients with PC notebook and provided them hospice care with hospice information system. They collected physical, psychiatric, social data of the subjects at the first visit and during hospice care at home. Results : Sixteen subjects(61.5%) died during the study and the mean survival was 20.7 days. Anorexia(96.2%), immobility(88.5%) and pain(84.6%) were the major symptom in the 26 subjects, Altered nutrition(26.1%) and pain(12.4%) were the most frequent diagnoses in 226 nursing diagnoses of the subjects. Families understood and demanded the hospice care more than patients. And most patients and families didn't demand spiritual or social care. Conclusion : Through this demonstration study, it was found that we have to provide the information of pain management and nutritional support for patients by the nurses and visiting hospice nurse. The information service system needs to be upgraded with information and manpower of spiritual and social care according to the findings.

• Korean Security Journal
• /
• no.33
• /
• pp.103-135
• /
• 2012

The object is that this research searches the relationship of the office given condition actual condition of the country important facility private security guard and job satisfaction degree. In order to grasp and analyze the real state of the country important facility private security guards directly, the questionnaire, that is the general measurement tool, was utilized and the guard whom it works in the airport, the port region and general work place, that is the national important facility of Busan and Ulsan area, was aimed at. The enough survey object was illustrated to the facility and person in charge in the security company and the item was previewed and the total 400 sheets was distributed and 331 sheets (82.8%) except the doubleness subject intention and incongruent questionnaire was utilized for the analysis. The statistic processing of collected data utilized the SPSS version 15.0 the statistical package program through data coding and cleaning process and performed the frequency analysis, reliability analysis, t-test, one way analysis of variance, Pearson analysis, and regression analysis. The relationship of the office given condition actual condition of the guard about the national important facility and job satisfaction degree was classified into the interpersonal relationship, task characteristic, office environment, and complement factor and the difference of the job satisfaction degree according to the general characteristic was verified. If the conclusion obtained through the method of study described in the above looked at, for as to general tendency, the low wages and poor field environment was continued. In the general characteristic, the man was higher than the excitation about the job satisfaction level. As there was lots of the age and the scholarship was low, the age was high. And as there was lots of the career and income, the police of a petition or search and guide staff was high and the job satisfaction degree in which relatively the employee and the other job group is high so that the case of being the former student incidence can be the poorest was shown rather than the facility security agent. As the interrelation analysis result job satisfaction was high, the change of occupation pseudo was low and the organizational commitment degrees was increased. The regression analysis result job satisfaction degree was exposed to reach the meaningful effect on the change of occupation pseudo and organizational commitment. It had an effect on the change of occupation pseudo as the task characteristic and office ambient level was low. It had an effect on the organizational commitment as the extend of satisfaction about the task characteristic and interpersonal relationship, complement, and office ambient level were high. If the research result of this time is integrated, the support of the political system including the interpersonal relationship thesis between top and bottom of the organized I and substantial complement actualization is urgently needed between the office given condition improvement effort in the country important facility defense manpower field and police of a petition and special guard.

• The Korean Journal of Air & Space Law and Policy
• /
• v.30 no.1
• /
• pp.207-244
• /
• 2015

Aviation safety is the stage in which the risk of harm to persons or of property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and risk management. Many accidents and incidents have been taking place since 2014, while there had been relatively safer skies before 2014. International civil aviation community has been exerting great efforts to deal with these emerging issues, thus enhancing and ensuring safety throughout the world over the years. The Preamble of the Chicago Convention emphasizes safety and order of international air transport, and so many Articles in the Convention are related to the safety. Furthermore, most of the Annexes to the Convention are International Standards and Recommended Practices pertaining to the safety. In particular, Annex 19, which was promulgated in Nov. 2013, dealing with safety management system. ICAO, as law-making body, has Air Navigation Commission, Council, Assembly to deliberate and make decisions regarding safety issues. It is also implementing USOAP and USAP to supervise safety functions of member States. After MH 370 disappeared in 2014, ICAO is developing Global Tracking System whereby there should be no loophole in tracking the location of aircraft anywhere in world with the information provided by many stakeholders concerned. MH 17 accident drove ICAO to install web-based repository where information relating to the operation in conflict zones is provided and shared. In addition, ICAO has been initiating various solutions to emerging issues such as ebola outbreak and operation under extreme meteorological conditions. Considering the necessity of protection and sharing of safety data and information to enhance safety level, ICAO is now suggesting enhanced provisions to do so, and getting feedback from member States. It has been observed that ICAO has been approaching issues towards problem-solving from four different dimensions. First regarding time, it analyses past experiences and best practices, and make solutions in short, mid and long terms. Second, from space perspective, ICAO covers States, region and the world as a whole. Third, regarding stakeholders it consults with and hear from as many entities as it could, including airlines, airports, community, consumers, manufacturers, air traffic control centers, air navigation service providers, industry and insurers. Last not but least, in terms of regulatory changes, it identifies best practices, guidance materials and provisions which could become standards and recommended practices.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.12
• /
• pp.51-57
• /
• 2019

In this paper, we analyzed the performance of IoT based smart wearable mine detection device. There are various mine detection methods currently used by the military. Still, in the general field, mine detection is performed by visual detection, probe detection, detector detection, and other detection methods. The detection method by the detector is using a GPR sensor on the detector, which is possible to detect metals, but it is difficult to identify non-metals. It is hard to distinguish whether the area where the detection was performed or not. Also, there is a problem that a lot of human resources and time are wasted, and if the user does not move the sensor at a constant speed or moves too fast, it is difficult to detect landmines accurately. Therefore, we studied the smart wearable mine detection device composed of human body antenna, main microprocessor, smart glasses, body-mounted LCD monitor, wireless data transmission, belt type power supply, black box camera, which is to improve the problem of the error of mine detection using unidirectional ultrasonic sensing signal. Based on the results of this study, we will conduct an experiment to confirm the possibility of detecting underground mines based on the Internet of Things (IoT). This paper consists of an introduction, experimental environment composition, simulation analysis, and conclusion. Introduction introduces the research contents such as mines, mine detectors, and research progress. It consists of large anti-personnel mine, M16A1 fragmented anti-mine, M15 and M19 antitank mines, plastic bottles similar to mines and aluminum cans. Simulation analysis is conducted by using MATLAB to analyze the mine detection device implementation performance, generating and transmitting IoT signals, and analyzing each received signal to verify the detection performance of landmines. Then we will measure the performance through the simulation of IoT-based mine detection algorithm so that we will prove the possibility of IoT-based detection landmine.

• Journal of KIISE:Information Networking
• /
• v.32 no.3
• /
• pp.279-290
• /
• 2005

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not effectively defend against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. In this paper, we propose a detection architecture against DDoS attack using data mining technology that can classify the latest types of DDoS attack, and can detect the modification of existing attacks as well as the novel attacks. This architecture consists of a Misuse Detection Module modeling to classify the existing attacks, and an Anomaly Detection Module modeling to detect the novel attacks. And it utilizes the off-line generated models in order to detect the DDoS attack using the real-time traffic. We gathered the NetFlow data generated at an access router of our network in order to model the real network traffic and test it. The NetFlow provides the useful flow-based statistical information without tremendous preprocessing. Also, we mounted the well-known DDoS attack tools to gather the attack traffic. And then, our experimental results show that our approach can provide the outstanding performance against existing attacks, and provide the possibility of detection against the novel attack.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.109-115
• /
• 2015

The new medical device technologies for bio-signal information and medical information which developed in various forms have been increasing. Information gathering techniques and the increasing of the bio-signal information device are being used as the main information of the medical service in everyday life. Hence, there is increasing in utilization of the various bio-signals, but it has a problem that does not account for security reasons. Furthermore, the medical image information and bio-signal of the patient in medical field is generated by the individual device, that make the situation cannot be managed and integrated. In order to solve that problem, in this paper we integrated the QR code signal associated with the medial image information including the finding of the doctor and the bio-signal information. bio-signal. System implementation environment for medical imaging devices and bio-signal acquisition was configured through bio-signal measurement, smart device and PC. For the ROI extraction of bio-signal and the receiving of image information that transfer from the medical equipment or bio-signal measurement, .NET Framework was used to operate the QR server module on Window Server 2008 operating system. The main function of the QR server module is to parse the DICOM file generated from the medical imaging device and extract the identified ROI information to store and manage in the database. Additionally, EMR, patient health information such as OCS, extracted ROI information needed for basic information and emergency situation is managed by QR code. QR code and ROI management and the bio-signal information file also store and manage depending on the size of receiving the bio-singnal information case with a PID (patient identification) to be used by the bio-signal device. If the receiving of information is not less than the maximum size to be converted into a QR code, the QR code and the URL information can access the bio-signal information through the server. Likewise, .Net Framework is installed to provide the information in the form of the QR code, so the client can check and find the relevant information through PC and android-based smart device. Finally, the existing medical imaging information, bio-signal information and the health information of the patient are integrated over the result of executing the application service in order to provide a medical information service which is suitable in medical field.