• Title/Summary/Keyword: 보안상황인지

Search Result 73, Processing Time 0.022 seconds

보안 이벤트 시각화를 이용한 보안 상황 인지 기술

  • Jang Beom-Hwan;Na Jung-Chan;Jang Jong-Su
    • Review of KIISC
    • /
    • v.16 no.2
    • /
    • pp.18-25
    • /
    • 2006
  • 네트워크 보안 상황인지 기술이란 현재 네트워크에서 보안과 관련하여 무슨 일이 발생하고 있는 지를 관리자에게 인지시켜 주는 기술이다. 이는 침입탐지시스템이나 방화벽에서 수행하는 잠재적인 공격자의 패킷을 필터링하거나 보고하는 것과는 달리 현재 네트워크에서 발생하고 있는 상황(침입 또는 공격 등)을 알려주는 것에 초점을 맞춘다. 네트워크 보안 상황인지 기술에는 데이터 선정 및 수집, 특성 인자 추출, 연관성 분석, 데이터마이닝, 패턴분석, 이벤트시각화 등과 같이 매우 다양한 세부 기술들이 있지만, 본 고에서는 이벤트 종류에 따른 시각화 기술들의 현황과 ETRI에서 개발한 Visual Scope에 대해 살펴보고자 한다.

Network Security Situational Awareness using Traffic Pattern-Map (트래픽 패턴-맵을 이용한 네트워크 보안 상황 인지 기술)

  • Chang Beom-Hwan;Na Jung-Chan;Jang Jong-Su
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.11 no.3
    • /
    • pp.34-39
    • /
    • 2006
  • This paper introduces a network security situation awareness tool using a traffic pattern map which facilitates recognizing a current network status by extracting and analyzing predetermined traffic features and displaying an abnormal or harmful traffic which deteriorates network performance. The traffic pattern-map consists of $26{\times}26$ intersections, on which the occupancy rate of the port having maximum occupancy is displayed as a bar graph. In general, in case of the Internet worm, the source address section on the traffic pattern map is activated. In case of DDoS the destination address section is activated.

  • PDF

Network Security Situational Awareness using Traffic Pattern-Map (트래픽 패턴-맵을 이용한 네트워크 보안 상황 인지 기술)

  • Chang Beom-Hwan;Na Jung-Chan;Jang Jong-Su
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 2006.05a
    • /
    • pp.397-401
    • /
    • 2006
  • 트래픽 패턴-맵(PatternMap)은 전체/세부 도메인별 보안 상황을 근원지/목적지 IP 주소 범위로 이루어진 그리드 상에 표현하여 관리자에게 네트워크 보안상황을 실시간으로 인지시키는 도구이다. 각각의 그리드는 근원지-목적지 간의 연결을 의미하며, 최다 점유를 차지하는 트래픽의 포트를 식별력을 갖는 색으로 표현한다. 이상 트래픽 현상의 검출은 가로 및 세로 열에 나타난 동일 색의 막대그래프(포트)의 개수와 그것의 합에 따라 결정되며, 그 결과로 선택된 세로 열과 가로 열을 활성화시켜 관리자에게 그 현상을 인지시킨다. 일반적으로 인터넷 웜이 발생할 경우에는 특정 근원지 열이 활성화되고, DDoS와 같은 현상은 목적지 열이 활성화되는 특징이 있다.

  • PDF

Decision Model of the Effectiveness for Advanced that Security Visualization (발전된 보안 시각화 효과성 결정 모델)

  • Lee, Min-Sun;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.147-162
    • /
    • 2017
  • With the advent of various services and devices in the change of IT environment, increasing the complexity of the data, and increasing scale of IT, Many organizations are experiencing the difficulty of analyzing and processing with a large amounts of data for security situations awareness. Therefore, propose the enhancement of security situational awareness through visualization in order to solve the problems of slow response and security situational awareness in organizational risk management. In this paper, we selected the evaluation factors and alternatives for effective visualization by considering user type, situational awareness step, and information visualization attributes through various studies on visualization. And established AHP layer model. Based on this, by using the AHP method for solving the problem of multi-criteria decision making, by calculating the factors for effectively visualizing and the importance of alternative by factor, try to propose a visualization method that can improve the effectiveness of the security situational awareness according to the purpose of visualization and the type of user.

Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks (대규모 네트워크의 효과적 보안상황 인지를 위한 벌집 구조 시각화 시스템의 설계 및 구현)

  • Park, Jae-Beom;Kim, Huy-Kang;Kim, Eun-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1197-1213
    • /
    • 2014
  • Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

A Study on the U-learning Service Application Based on the Context Awareness (상황인지기반 U-Learning 응용서비스)

  • Lee, Kee-O;Lee, Hyun-Chang;Shin, Hyun-Cheul
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.81-89
    • /
    • 2008
  • This paper introduces u-learning service model based on context awareness. Also, it concentrates on agent-based WPAN technology, OSGi based middleware design, and the application mechanism such as context manager/profile manager provided by agents/server. Especially, we'll introduce the meta structure and its management algorithm, which can be updated with learning experience dynamically. So, we can provide learner with personalized profile and dynamic context for seamless learning service. The OSGi middleware is applied to our meta structure as a conceptual infrastructure.

  • PDF

Applying Platform Engineering with Enhanced Security (보안을 강화한 플랫폼 엔지니어링 적용 방안)

  • 김유란;유헌창
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2024.05a
    • /
    • pp.89-92
    • /
    • 2024
  • 클라우드 네이티브 환경에서 데브옵스를 채택하고 내재화하는 과정에서 개발자의 인지부하가 발생하였다. 이를 해결하기 위해, 개발자가 개발에만 집중할 수 있도록 일관된 요구사항에 맞는 개발환경을 제공하는 플랫폼 엔지니어링이 등장하였다. 하지만, 플랫폼 엔지니어링에서 전체 워크플로우 보안을 고려한 연구가 부족한 상황이다. 이를 보완하기 위해 데브섹옵스 관점을 적용하여 전체 워크플로우 보안 방안을 CI/CD 파이프라인 단계, 운영 단계로 나누어서 제안하였다. 또한, 신규 서비스를 런칭 한다고 가정 후 보안 적용 프로세스에 대해서 제안한다. 이렇게 전체 워크플로우의 보안을 고려함으로써, 모든 서비스에서 동일 수준의 보안을 유지할 수 있는 장점이 있다.

Design of Security Agent System to Provide Ubiquitous Service (유비쿼터스 서비스를 위한 보안 에이전트 시스템 설계)

  • Kim, Seok-Soo;Park, Gil-Cheol;Song, Jae-Gu
    • Convergence Security Journal
    • /
    • v.7 no.2
    • /
    • pp.101-106
    • /
    • 2007
  • Recently, Ubiquitous innovation is being promoted so that they can support the uHealthcare provide management to human's health. It is thus necessary to conduct such research on the medical care environment where there is a high demand for utilization of status information. In the current situation, there is a lack of research on measures of security processing and monitoring patient status information produced from rapid growth of infra within Medical environment. This study suggests a solution of using RFID to gather patient information such as inpatient information, location of treatment room, progress of patient, humidity, temperature, and diagnostic status, after which the information are protect and processed using security level method.

  • PDF

Design and Implementation of Security Reconfiguration for Effective Security Management of Mobile Communication Device (휴대용통신단말의 효과적인 보안관리를 위한 보안 재구성기법의 설계 및 구현)

  • An, Gae-Il;Kim, Ki-Young;Seo, Dong-Il
    • The KIPS Transactions:PartC
    • /
    • v.16C no.6
    • /
    • pp.691-698
    • /
    • 2009
  • A mobile communication device is a small size of portable computer which provides communication service, such as smart phone and PDA. Currently, one of the biggest barriers in developing the mobile communication device is security issue. Even though there are excellent security functions which can remove the security issues, there is a problem that the mobile communication device can not be loaded with all the functions because it has low storage, poor computational power, and inconvenient user interface, compared to the desktop personal computer. This paper proposes a context-aware security reconfiguration scheme for effective security management of the mobile communication device. The scheme can provide the mobile communication device with the optimized security service which is most adapted to its current security context. Through the prototype implementation and the experiments of the proposed scheme, we have confirmed that the proposed scheme is excellent in terms of computing resource efficiency and usability, without degrading security level.

A Study on the Impact of Security Risk on the Usage of Knowledge Management System : Focus on Parameter of Trust (보안위험 수준이 지식관리시스템의 성공에 미치는 영향 : '신뢰'를 매개변인으로)

  • Ahn, Joong-Ho;Choi, Kyu-Chul;Sung, Ki-Moon;Lee, Jae-Hong
    • The Journal of Society for e-Business Studies
    • /
    • v.15 no.4
    • /
    • pp.143-163
    • /
    • 2010
  • The purpose of this study is to investigate the user's perception of security risk and examine its impact on the usage of Knowledge Management Systems(KMS). The findings of this study are three-fold. First, the overall user's perception of security risk is not high. However, there is a considerably big difference in the perception of security risk among users. This finding means that user's perception of a security risk is not based on the actual security effects but one's individual perception. Another finding is that user's perception of a security risk has a negative impact on the usage of KMS through "trust", which is a mediating variable in our study. This finding corresponds with the existing theory that security risk is oneof the critical sources of trust, and trust is a critical factor of user's acceptance of KMS. Finally, the result of this study reveals that activities devoted to security do not decrease the effectiveness and productivity of KMS. Our long-held cognition that security activity hinders the effectiveness and productivity of an information system is not particularly applied to the KMS.