• Journal of KIISE:Databases
• /
• v.31 no.1
• /
• pp.1-12
• /
• 2004

As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.25 no.2
• /
• pp.201-211
• /
• 2019

Safety and security measures in the shipping industry play a pivotal role in ensuring efficient and reliable cargo and passengers operations at each stage of the supply chain. The ISPS Code was adopted into SOLAS convention to protect seafarers and vessels from security threats. Furthermore, according to the Manila amendments to STCW Convention in 2010, personnel employed on board are required to participate in security training. Effective seafarers' education and training programs are of major importance to guarantee satisfactory performance levels onboard to minimize security-related risks. The study's contribution focuses on empirically evaluating the relationship between personal level of awareness and security performance when seafarers undertake security training courses. Findings of this study suggest that (1) seafarers who undertake maritime security training have a higher awareness of ship security, (2) security training and security awareness have a positive influence on security performance, and (3) security awareness mediates the impact of security training and security performance. In conclusion, education and training programs are key tools in enhancing seafarers' security awareness and security performance which, from an industry viewpoint, can translate into major economic, operational and reputational benefits.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1087-1090
• /
• 2004

인터넷이 발전함에 따라 기업의 업무, 커뮤니케이션 등이 온라인으로 전환되고 있으며, 정보 전달의 통로로써 전자 메일의 사용이 나날이 늘어남과 동시에 전자 메일을 통한 스팸메일의 폭발적인 증가로 인한 심각성 또한 대두되고 있다. 현재 스팸메일을 막기 위한 여러 가지 방법이 제안되었으나, 대부분 메일 서버내의 정책에 따른 메일 필터링 방식으로써 완벽한 스팸메일 탐지를 제공하지 못하며, 스팸메일로 인한 메일서버 및 네트워크 자원 손실 문제는 여전히 해결되지 않고 있다. 본 논문에서는 스팸메일 탐지율을 높이고 네트워크 내 자원 손실을 예방할 수 있는 SMTP 보안 게이트웨이를 제안하고자 한다. 본 SMTP 보안 게이트웨이는 스팸메일 차단 규칙에 의한 메일 필터링을 기본적으로 제공하고, 룰에 정의되지 않은 메일에 대해서는 사용자 선택에 기반한 메일 전송을 제공한다. 이는 규칙에 정의되지 않은 스팸메일에 대한 탐지 가능성을 높이며, 궁극적으로 메일서버의 자원 및 네트워크 자원의 가용성을 높일 수 있다.

• Journal of Advanced Navigation Technology
• /
• v.28 no.1
• /
• pp.27-36
• /
• 2024

In this paper, we analyze the unified requirements of international association of classification societies - cyber resilience of ships, ahead of implementation of the agreement on July 1, 2024, and respond to ship cyber security and resilience programs based on 5 requirements, 17 details, and documents that must be submitted or maintained according to the ship's cyber resilience,. Measures include document management such as classification certification documents and design documents, configuration of a network with enhanced security, establishment of processes for accident response, configuration management using software tools, integrated network management, malware protection, and detection of ship network security threats with security management solutions. proposed a technology capable of real-time response.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.71-81
• /
• 2021

This paper examines the ongoing research on ways to improve cybersecurity during the entire life cycle of weapons systems applied in advanced countries such as the United States, analyzes restrictions on obtaining domestic weapons systems, and presents effective security evaluation measures. By consistently performing mission-based risk assessment in the cybersecurity test and evaluation plan suitable for domestic circumstances at all stages of acquisition, important information is provided to major decision-making organizations in a timely manner to support decision-making, and to respond to identified vulnerabilities in cybersecurity. It is proposed to set the rules of engagement so that the protection measures can be verified, and a simulated invasion is proposed. In addition, the proposed cybersecurity test and evaluation system was compared with the domestic weapon system test and evaluation. Through this, the mission-based risk assessment element was grafted into the cybersecurity test and evaluation system research conducted so far to identify risks in a timely manner between acquisition projects, thereby supplementing the capability to support major decision-making.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.1-14
• /
• 2015

To conform to new emerging computing paradigm, various researches and challenges are being done. New information technologies make easy to access and acquire information in various ways. In other side, however, it also makes illegal access more powerful and various threat to system security. In this paper, we suggest a new extended access control method that make it possible to conform to security policies enforcement even with discrepancy between policy based constraints rules and query based constraints rules, based on their semantic information. New method is to derive security policy rules using context tree structure and to control the exceed granting of privileges through the degree of the semantic discrepancy. In addition, we illustrate prototype system architecture and make performance comparison with existing access control methods.

• The KIPS Transactions:PartC
• /
• v.11C no.2
• /
• pp.177-182
• /
• 2004

Delegation is one of important security policies in the access control area. We propose a management model of delegation integrated with ARBAC model for environment of distributed access control. We Integrate PBDM delegation model with ARBAC97 model, and suggest integrity rules of delegation for preventing security threats in new model. Our model supports both free delegation for users without intervention of administrators, and controlling delegation for security administrators.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.

• Journal of the Korea Convergence Society
• /
• v.10 no.9
• /
• pp.47-53
• /
• 2019

This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.125-135
• /
• 2009

Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.