• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.466-469
• /
• 2014

기존 Window8 Style 에 대한 디지털 포렌식 연구는 윈도우 기본 애플리케이션에 대해서만 진행되어 있는 상황이고, 다른 3rd party Style App 들에 대해서만 진행되어있는 상황이다. 본 논문에서는 Window8 Style UI 의 Instant Messengers 에 대해 디지털 포렌식 분석하고 이를 통해 범인의 행동 흐름 파악 및 증거확보 매커니즘을 제시하고자 한다. 본 논문은 기존의 Window8 의 접근방법을 토대로 하여, Style App 의 사용흔적이나 내용에 대해 확인하며, 시간정보, 이미지 등 각종 애플리케이션들을 다각적으로 분석한다. 본 논문에서 제안한 접근법은 개별 App 들에 대한 정보를 효율적이고 빠르게 분석하고 사건에 대한 정보를 제공함으로써 범죄수사과정에 도움이 될 것으로 기대된다.

• Korean Security Journal
• /
• no.42
• /
• pp.115-153
• /
• 2015

This study identified the cause-and-effect relationship of security management service quality by empirically analyzing whether the performance factors affecting the casino industry are improved when the quality of the security management service is improved. For this, Partial Least Squares (PLS) that can deduce the structural relationship between variables was used. To verify the representativeness of the population, SPSS 19.0 was utilized in a demographic analysis, a independent T-test and Scheffe test. The analysis of the data revealed that the casino industry must preferentially manage assurance, empathy, and security to improve the casino security management service quality, and that, of these, security was the most important factor. To help improve service quality, a theoretical and empirical basis that can consider the importance and priority of individual factors was presented based on the result of this analysis. It also revealed that the security management service is an essential factor for stable business activities of casinos. Further, the importance of the role of the security management service in business strategy formulation for improving the industry performance was recognized through the study results. A service quality improvement method was provided by focusing on the factors that must be preferentially considered for service quality improvement; moreover, implications that can predict the results of such method were presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.411-425
• /
• 2023

Today, AI (Artificial Intelligence) technology is widely used in various fields, performing classification and regression tasks according to the purpose of use, and research is also actively progressing. Especially in the field of security, unexpected threats need to be detected, and unsupervised learning-based anomaly detection techniques that can detect threats without adding known threat information to the model training process are promising methods. However, most of the preceding studies that provide interpretability for AI judgments are designed for supervised learning, so it is difficult to apply them to unsupervised learning models with fundamentally different learning methods. In addition, previously researched vision-centered AI mechanism interpretation studies are not suitable for application to the security field that is not expressed in images. Therefore, In this paper, we use a technique that provides interpretability for detected anomalies by searching for and comparing optimization references, which are the source of intrusion attacks. In this paper, based on reference, we propose additional logic to search for data closest to real data. Based on real data, it aims to provide a more intuitive interpretation of anomalies and to promote effective use of an anomaly detection model in the security field.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.37-44
• /
• 2015

There appears a variety forms of crime type and age in accordance with the change of social structure. In this paper it is described for combining the Anomie theory of Emile Durkheim. Anomie refers to the absence of dual standards or norms. In other words, while weakening the existing norms prevailing when the new rules has not been established. That situation would cause social chaos. Rules on the dissemination and utilization of SNS due to the development of information and communication technology undermine the social norms while online regulations are being a weak state not established. In the confusion of these norms it has been shown to increase in juvenile delinquency. Social media has characteristics such as openness, accessibility, relationships, and content diversity. The social media itself is not subject to the general mechanisms of consumption and production due to growing as a kind of organism. It has characteristic to make the most content by utilizing the users to voluntarily share information. Social media using as communication, contact and information in the youth, thus the possibility of crime is high. Social media is also direct and indirect influence on youth crime but no apparent systemic regulation of this situation.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.21-27
• /
• 2009

In the environment of development of network bandwidth and intrusion technology there is limit to the pattern analysis of all massed packets through the existing pattern matching method by the intrusion detection system. To detect the packets efficiently when they are received fragmented, it has been presented the matching method only the pattern of packets consisting with the operation system such as Esnort. Pattern matching performance is improved through the use of NMAP, the basic mechanism od Esnort, by scanning the operation system of the same network system and appling pattern match selectively scanned information and the same operation system as the received packets. However, it can be appeared the case of disregarding the receivied packets depending on the diversity of the kind of operation systems and recognition mistake of operation system of nmap. In this paper, we present and verify the improved intrusion detection system shortening the pattern matching time by the creation of hashy table through the pattern hash of intrusion detection system independently with the users system environment .in the state of flux.

• Journal of Digital Convergence
• /
• v.16 no.9
• /
• pp.159-172
• /
• 2018

This study searched and analyzed online tracking technologies. It tried to understand what to consider when establishing policies related to online tracking. Online tracking technologies were classified into 'general cookies', 'super cookies', 'fingerprinting', 'device ID tracking' and 'cross-device tracking'. Political considerations should include the layers of online tracking, the subjects of tracking technology, purpose of use, duration and storage format of information, and development of technology. The implications of this study are as follows: first, policy makers and industry should be aware that the degree of risk perceived by users may vary according to the characteristics of online tracking technology. Secondly, it is necessary to understand factors that affect the classification of online tracking technology. Finally, in the industry, preemptive measures such as building an integrated privacy system are needed to relieve anxiety of users and to build trust.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.27 no.9
• /
• pp.844-853
• /
• 2016

Generally, the compromising electromagnetic emanations are generated from LCD(Liquid Crystal Display) monitor which is typical output component of computer. Because display information transmitted to LCD monitor is included in these emanations, there are risks about information leakage of monitor by eavesdropping of leaked signal. So, analysis about possibility of information leakage is necessary because electromagnetic security through the electromagnetic emanations is being at issue. In this paper, the possibility of display information leakage are demonstrated by analyzing the electromagnetic emanations from desktop and laptop monitors. The characteristics of leaked signal from LCD monitor is verified by analyzing display mechanism and the electromagnetic emanations are measured in the long distance by eavesdropping experiment. Also, threat of information leakage is confirmed by recovering display information with several signal processing technique and comprising with target display.

• Journal of Advanced Navigation Technology
• /
• v.15 no.4
• /
• pp.655-663
• /
• 2011

Recently, with improvement of internet service technology, web service has been affecting the environment for computing user. Not only current events, economics, game, entertainment, but also personal financial system is processed by web pages through internet. When data transmission is implemented on the internet, webpage acquire text form code and transform them to DOM information, and then shows processed display to user by web browser. However, those information are not only easily accessed by diversified route, but also easily deformed by intentional purpose. Furthermore, it is also possible to acquire logon information of users and certification information by detouring security mechanism. Therefore, this dissertation propose the method to verify integrity of web contents by using BHO which is one of the Add-On program based on MS Internet Explorer platform which is one of major web browser program designed by MicroSoft to detect any action of webpage deformation.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.195-202
• /
• 2008

In this paper, To improve the effectiveness of security enforcement, the first contribution in this work is that we present a clustered heterogeneous WSN(Wareless Sensor Network) architecture, composed of not only resource constrained sensor nodes, but also a number of more powerful high-end devices acting as cluster heads. Compared to sensor nodes, a high-end cluster head has higher computation capability, larger storage, longer power supply, and longer radio transmission range, and it thus does not suffer from the resource scarceness problem as much as a sensor node does. A distinct feature of our heterogeneous architecture is that cluster heads are equipped with TC(trusted computing) technology, and in particular a TCG(Trusted Computing Group) compliant TPM (Trusted Platform Module) is embedded into each cluster head. According the TCG specifications, TPM is a tamper-resistant, self-contained secure coprocessor, capable of performing cryptographic functions. A TPM attached to a host establishes a trusted computing platform that provides sealed storage, and measures and reports the integrity state of the platform.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.9 s.339
• /
• pp.85-96
• /
• 2005

A ' Virtual Private Network (YPN) over Internet' has the benefits of being cost-effective and flexible. However, given the increasing demands for high bandwidth Internet and for reliable services in a 'VPN over Intemet,' an IP/GMPLS over DWDM backbone network is regarded as a very favorable approach for the future 'Optical VPN (OVPN)' due to the benefits of transparency and high data rate. Nevertheless, OVPN still has survivability issues such that a temporary fault can lose a large amount of data in seconds, moreover unauthorized physical attack can also be made on purpose to eavesdrop the network through physical components. Also, logical attacks can manipulate or stop the operation of GMPLS control messages and menace the network survivability of OVPN. Thus, network survivability in OVPN (i.e. fault/attack tolerant recovery mechanism considering physical structure and optical components, and secured transmission of GMPLS control messages) is rising as a critical issue. In this Paper, we propose a new path establishment scheme under shared risk link group (SRLG) constraint for physical network survivability. And we also suggest a new logical survivability management mechanism by extending resource reservation protocol-traffic engineering extension (RSVP-TE+) and link management protocol (LMP). Finally, according to the results of our simulation, the proposed algorithms are revealed more effective in the view point of survivability.