• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.195-196
• /
• 2022

url 은 사용자들에게 편의성을 제공하지만 이로 인해 발생하는 보안 문제점들이 있다. 파라미터 값을 변조해 발생하는 온라인 쇼핑몰 해킹이나 회사 내부망에서 관리자 페이지나 사내 기밀 게시판 등 평소라면 접근할 수 없는 숨겨진 페이지에 접근을 시도하는 문제점들이 발생해 이를 방지할 AES 방식의 url 암호화 기술을 구상해 보았다.

• Journal of Internet Computing and Services
• /
• v.17 no.1
• /
• pp.91-99
• /
• 2016

A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.

• Journal of Service Research and Studies
• /
• v.5 no.1
• /
• pp.57-70
• /
• 2015

This paper develop curnel based high speed packet filtering imbedded gateway and firewall using cloud database. This study develop equipment include of predict function through bigdata analysis using cloud system. This equipment include intrusion prevention for network attack, and include system security function of L7 switch based contents. This study can improve security level of little company and general family. This study can pioneer a new market. This study can develop high perfomance switch and replacement of existing security equipment. This study proposed new next generation algorithm for constuction of high performance system from low specifications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.53-64
• /
• 2006

Worm analysis report currently produced by anti-virus companies closely resemble those of virus report and do not properly characterize the specific attributes of worms. In this paper, we propose formalized presentation method based on time-based behavioral sequences to more accurately characterize worms. we define a format based on the behavior and communication patterns that occur between an infected host and a target host. we also propose a method for presently worm analysis data with that format. We also compare our framework with analysis data provided by Symantec.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.8
• /
• pp.1587-1592
• /
• 2009

RFID is Playing a central role in ubiquitous technology according with the advent of the ubiquitous era, and the development of an RFID reader is also emerging as an important technical development field. In this paper, we developed a hardware system which is able to make use of the 13.56MHz RFID infrastructure being used as a transportation card, a credit card, and so on as well as the 125KHz RFID infrastructure being used in security company, and which is applicable to a location identification, an entrance and exit control, and security control over the TCP/IP communication. The existing local RFID methods have some problems which bottlenecks such as administrative problems, technical problems, and so force frequently occur because a casual server is placed and operated in a company. Hence, in this paper we developed an RFID multi reader which is connected to a central administrable server over the TCP/IP in order to solve these problems, and we make it be possible to keep an security control and be easy to install, transfer and administrate RFID infrastructures.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.3-13
• /
• 2017

In the knowledge-information society, many domestic companies put lots of investment in technical development to possess core technologies and intellectual property. However, in the results of passive investment in security to protect their technologies compared to the active investment in technical development, the technology leaks from many companies and research institutes are rapidly increasing. Such increase of technology leaks not only causes damage to companies, but also has harmful effects on national economy directly and indirectly. Even though it has been perceived that a lot of industrial technology leak crimes are committed by former/current workers of small and medium-sized businesses, it is hard to find researches that mainly compare and analyze them. Therefore, this study aimed to understand the actual status of industrial technology leaks by analyzing cases of industrial technology leaks from 2014 to 2016 based on the type of victimized companies, corporate internal leakers' positions, matter of complicity, tools used for technology leaks, and motivation for technology leaks. Through the analysis in each type, the patterns and characteristics of industrial technology leaks were researched, and also the exploratory research on industrial security for the prevention of industrial technology leaks was conducted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.21-29
• /
• 2024

With the development of ICT and network, security management of IT infrastructure that has grown in size is becoming very difficult. Many companies and public institutions are having difficulty managing system and network security. In addition, as the complexity of hardware and software grows, it is becoming almost impossible for a person to manage all security. Therefore, AI is essential for network security management. However, since it is very dangerous to operate an attack model in a real network environment, cybersecurity emulation research was conducted through reinforcement learning by implementing a real-life network environment. To this end, this study applied reinforcement learning to the network environment, and as the learning progressed, the agent accurately identified the vulnerability of the network. When a network vulnerability is detected through AI, automated customized response becomes possible.

• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.23-35
• /
• 2014

This study aims to verify the relationship between customer orientation and job stress due to the degree of emotional labor on security agents. Objects of study are from 10 security companies, randomly selected from those registered on the Regional Police Agencies in Daejeon and Chungnam, from November 10th to 20th, 2013; thirty agents from each company, or three-hundred in total, were selected as research subjects by random sampling method. Twenty-five subjects were excluded for poor response contents and/or low reliability. Thus, only 275 subjects were included in actual analysis. The research tool was the questionnaire which was re-composed on the basis of domestic/overseas preliminary studies, while the data was processed through the frequency analysis, the reliability analysis, the confirmatory factor analysis and structure model analysis, using SPSS version 19.0 and AMOS 17.0 statistics package. Through the data analysis following the research methods above, the conclusion was acquired as follows. First, as job stress of security agents decreased, customer orientation increased. Second, the group of security agents with lower level of emotional labor positively affected job stress and customer orientation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.37-45
• /
• 2023

Cyber deception technology plays a crucial role in monitoring attacker activities and detecting new types of attacks. However, along with the advancements in deception technology, the development of Anti-honeypot technology has allowed attackers who recognize the deceptive environment to either cease their activities or exploit the environment in reverse. Currently, deception technology is unable to identify or respond to such situations. In this study, we propose a predictive model using Markov chain analysis to determine the identification of attackers who infiltrate deceptive environments. The proposed model for deception status determination is the first attempt of its kind and is expected to overcome the limitations of existing deception-based attacker analysis, which does not consider attackers who identify the deceptive environment. The classification model proposed in this study demonstrated a high accuracy rate of 97.5% in identifying and categorizing attackers operating in deceptive environments. By predicting the identification of an attacker's deceptive environment, it is anticipated that this model can provide refined data for numerous studies analyzing deceptive environment intrusions.