• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.347-350
• /
• 2023

연합 학습(Federated Learning, FL)은 중앙 서버 없이 분산된 클라이언트들이 공동으로 모델을 훈련시키는 방식으로, 데이터를 로컬에서 학습시키기에 개인정보 보호의 이점을 제공한다. 그러나 연합 학습 환경에서도 여전히 데이터 보안을 위협하는 다양한 공격이 존재한다. 본 논문에서는 특히 개인 데이터 탈취와 관련된 개인 정보 보호, 보안을 주요 대상으로 공격기법과 대응 방안에 대한 연구를 소개하고 이를 통해 연합 학습에서 클라이언트 데이터 보호를 위한 지속적인 연구를 촉진하기 위한 기초를 제공한다.

• Korean Security Journal
• /
• no.32
• /
• pp.205-225
• /
• 2012

This study is to present an improvement of facility security through the evaluation of facility security operation level. To fulfill the purpose of the study, a survey of some facilities was conducted and the result was analyzed as follows; First, although security personnels were deployed in the facilities, the level of security personnel operation was relatively low. Second, job education training level was relatively proper, that is relevant to the result that show the level of service mind and the working mind of security personnel were proper, also relevant to the relatively good work shift system. Third, although situation room was operated well, the level of restricted area set-up and access control of visitor were low, and the level of article inspection and vehicle access control were very low. Forth, the level of security manual application that include detailed security method and procedure was proper. But accident prevention and response manual application was lower than security manual application, that show preparation for fire and negligent-accident is passive. For the improvement of facility security, the high level part and low level part in the survey result could be merged. For example, we could specify factors that show low level in the survey such as security personnel operation, access control of visitor and vehicle, article inspection, accident prevention and response in the security manual and promote education circumstance that show high level.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.1
• /
• pp.7-18
• /
• 2013

These days, the teaching and learning system has been increasing for the rapid advancement of the information technologies. We can access education systems of good quality anytime, anywhere and we can use the individually personalized teaching and learning system depending on developing the wireless communication technology and the multimedia processing technology. The more the various systems develop, the more software security systems become important. There are a lot kind of fault analysis methods to evaluate software security systems. However, the only assessment method to evaluate software security system is not enough to analysis properly on account of the various types and characteristic of software systems by progressing information technology. Therefore, this paper proposes an integrative method of Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis(FMEA) to evaluate the security of e-teaching and learning system as an illustration.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.805-821
• /
• 2020

Cyber defense exercise should require training on the latest cyber attacks and have a similar process to defense cyber attacks. In addition, it is also important to train on cyber resilience that can perform normal tasks or support equivalent tasks regardless of cyber attacks. In this paper, we proposed and developed a cyber range that can strengthen the elements of cyber resilience by performing cyber defense exercise in real time based on the cyber crisis alert issued when a cyber attack occurs in Korea. When BLUE, YELLOW, ORANGE, and RED warnings are issued according to the cyber crisis, our system performs proactive response, real time response, and post response according to the alarm. It can improve trainee's capability to respond to cyber threats by performing cyber defense exercise in a cyber crisis environment similar to the actual situation of Korea.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.85-86
• /
• 2023

ActiveX와 같은 플러그인으로 돌아갔었던 웹 페이지들은 보안 취약성과 인터넷 익스플로어(IE)의 서비스 종료로 인하여 많은 웹 브라우저들이 플러그인 제거 사업을 진행하였다. 하지만 웹 표준으로 전환하였을 때 생기는 웹 호환성과 보안 문제들이 발생하였다. 이를 해결하고자 호환성과 보안 문제를 훈련 시킨 클라우드 서버를 이용하여 미리 파악하고 진단할 수 있는 웹 페이지 보안 체크 모델을 제안한다. 본 논문에서 제안한 모델을 적용한다면, 웹의 표준 및 호환성과 보안 문제에 대해 더 빠르게 파악하는데 도움을 줄 수 있을 것이다.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.197-208
• /
• 2020

Based on the network infrastructure advanced in the information knowledge society, the structure of computer net work is operated by establishing the composition of network in various forms that have secured the security. In case of computer network of national/public organizations, it is necessary to establish the technical and managerial securit y environment even considering the characteristics of each organization and connected organizations. For this, the im portance of basic researches for cyber training by analyzing the technical/managerial vulnerability and cyber threats based on the classification and map of cyber threats according to the characteristics of each organization is rising. T hus, this study aims to analyze each type of external/internal cyber threats to computer network of national/public o rganizations established based on the dualistic infrastructure network of internet and national information network, a nd also to present the cyber threat framework for drawing the elements of cyber security training, by drawing and analyzing the actual elements of cyber threats through the case-based scenario.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.187-188
• /
• 2022

As information processing technology develops with the trend of the times, the possibility of cyber threats to nuclear facilities is increasing. In the 2000s, there was a growing perception that cyberattacks on nuclear facilities were needed, and in fact, a cybersecurity regulatory system for nuclear power plants began to be established to prepare for cyberattacks. In Korea, in order to prepare for cyber threats, in 2013 and 2014, the Act on Protection and Radiation Disaster Prevention, Enforcement Decree, and Enforcement Rules of Nuclear Facilities, etc., and notices related to the Radioactive Disaster Prevention Act were revised. In 2015, domestic nuclear operators prepared information system security regulations for each facility in accordance with the revised laws and received approval from the Nuclear Safety Commission for implementation of information system security regulations divided into seven stages. In 2019, a special inspection for step-by-step implementation was completed, and since 2019, the cybersecurity system of operators has been continuously inspected through regular inspections. In this paper, we present some measures to build improved training to suit the steadily revised inspection of the nuclear facility cybersecurity system to counter cyber threats to the ever-evolving nuclear facilities.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.06a
• /
• pp.111-112
• /
• 2022

자율운항선박과 관련된 첨단기술의 급속한 산업현장 적용과 상업화가 진행됨에 따라 이와 관련된 해양계 인력양성을 위한 교육 시스템에 대한 연구개발이 요구되고 있다. 본 연구에서는 기존 국내외 자율운항선박의 상용화 또는 산업화 동향과, 이와 관련된 다양한 연구결과의 자료 수집과 비교분석 등을 통해서 현황을 분석하고, 자율운항선박과 관련된 스마트 해기사 인력양성 시스템 구축에 요구되는 교육 관련 내용을 정리 한 후, 현재 연구 개발된 시스템 또는 장비 등과 향후 교육 및 훈련에 요구되는 시스템 또는 장비 등을 연계하여 고찰하였다. 연구 결과, 자율운항선박 관련 기술의 상용화 속도는 기존 예상과 달리 빨라지고 있으며, 이에 대응하기 위한 스마트 해기사 인력양성 시스템의 구축이 시급한 것으로 고려되었다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.12
• /
• pp.1264-1268
• /
• 2010

In this paper, we propose a behavior pattern analysis method for users tasking on hands-on security exercise missions. By analysing and evaluating the observed user behavior data, the proposed method discovers some significant patterns able to contribute mission successes or fails. A Markov chain modeling approach and algorithm is used to automate the whole analysis process. How to apply and understand our proposed method is briefly shown through a case study, "network service configurations for secure web service operation".

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1011-1020
• /
• 2021

Throughout the years, cybersecurity incidents related to the shipbuilding and maritime industries are occurring more frequently as the IT industry develops. Accordingly, expertise in the information protection industry is necessary, and effective education contents on information protection are needed for this purpose. Recently, there have been more and more cases of increasing user experience by applying Metaverse technology to the educational field. Therefore, this study analyzes the existing information protection education and training and the information protection education contents in the maritime industries and proposes four directions for content development (i.e., online education and seminars, cybersecurity threat learning of virtual ships, accident reproduction, and maritime cybersecurity exhibition operation).