• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.167-176
• /
• 2024

Chatbot services are used in various fields in connection with AI services. Security research on AI is also in its infancy, but research on practical security in the service implementation stage using it is more insufficient. This paper analyzes the security requirements for chatbot services linked to AI services. First, the paper analyzes the recently published papers and articles on AI security. A general implementation model is established by investigating chatbot services provided in the market. The implementation model includes five components including a chatbot management system and an AI engine Based on the established model, the protection assets and threats specialized in Chatbot services are summarized. Threats are organized around threats specialized in chatbot services through a survey of chatbot service managers in operation. Ten major threats were drawn. It derived the necessary security areas to cope with the organized threats and analyzed the necessary security requirements for each area. This will be used as a security evaluation criterion in the process of reviewing and improving the security level of chatbot service.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.217-219
• /
• 2004

전자문서교환(EDI, Electronic Data Interchange)은 기업과 기업 간에 컴퓨터와 컴퓨터의 통신을 통하여 필요한 거래문서를 구조화된 형식으로 교환하여 업무를 처리하는 방식을 말한다. 이러한 전자문서의 유통은 절러 위험요소로부터 완전히 해방되지는 못한다. 본 연구에서는 향후 국내에서 발생 될 위협요소 중 우선적인 보호가 요구되는 것으로 메시지 노출로 인한 프라이버시 침해 및 중요 내용의 노출문제와 메시지 수정 문제 및 발신처 인증 문제. 그리고 수신자의 수신사실에 대한 부인을 위험요소로 선정하였다. 또한, 이를 막기 위한 보안서비스를 메시지 비밀보장. 무결성, 메시지 발신처 인증 및 수신내용 부인불능 등을 선정하여 이들의 구현방안을 제시하였다.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.19-24
• /
• 2018

In this study, for evaluating the cyber threat, we presented a quantitative assessment measures of the threat-level with multiple factors. The model presented in the study is a compound model with the 4 factors; the attack method, the actor, the strength according to the type of the threat, and the proximity to the target. And the threat-level can be quantitatively evaluated with the Fuzzy Inference. The model will take the information in natural language and present the threat-level with quantified data. Therefore an organization can accurately evaluate the cyber threat-level and take it into account for judging threat.

• Review of KIISC
• /
• v.27 no.2
• /
• pp.12-21
• /
• 2017

마이크로그리드는 다양한 전력공급원과 전력부하가 존재하며, 이들을 효율적으로 관리하여 안정적인 전력 공급을 하기 위해서 다양한 센서와 제어기가 존재한다. 센서를 통해서 현재 마이크로그리드의 상태를 파악하고, 제어기를 조정하여 전력망의 상태를 안정적으로 유지한다. 이러한 마이크로그리드가 사이버 공격을 받을 경우, 정전 등의 물리적 피해가 발생할 수 있으므로 사이버 위협을 미연에 방지하기 위한 사이버 보안 대책이 필요하다. 본 고에서는 유사 제어시스템 공격 사례, 관련 기기 및 제품 취약점 정보 등을 통해 식별된 마이크로그리드 내 존재 가능한 사이버 보안 위협 요소들을 활용하여 마이크로그리드 사이버 공격 시나리오들을 식별하고, 각 시나리오 별로 존재하는 보안 위협들에 대처하기 위한 방안들을 분석한다. 이를 통해 마이크로그리드의 사이버 보안성을 강화하고 운영 안정성을 확보하고자 한다.

• Journal of the Korea Convergence Society
• /
• v.10 no.9
• /
• pp.47-53
• /
• 2019

This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.

• Review of KIISC
• /
• v.23 no.6
• /
• pp.76-89
• /
• 2013

최근의 사이버 위협은 공격자에 의해 지속적이고 지능화된 위협으로 진화하고 있다. 이러한 위협은 장기간에 걸쳐 이루어지기 때문에 보안체계를 잘 갖추고 있는 회사라 하더라도 탐지하는데 한계가 있다. 본 논문에서는 차세대 보안관제 프레임워크의 지향점을 네트워크 가시성 강화, 상황인식 기반 지능형 보안관제, 관련 업무조직과의 정보 통합 및 협업 강화로 제시하고 있으며 구조적, 수집 파싱, 검색 분석, 이상 탐지 등 총 9개 관점에서 이를 지원하는 필요 기술들을 분류하였다. 아울러 침투 경로 및 공격 단계와 내부 자원 간 연관성 분석을 통한 수집 정보 범위 설정, 사례 기반 상관분석 규칙 생성 적용, 정보연동, 업무처리, 컴플라이언스, 조사 분석 등 지원 기능의 연계를 보안관제 모델링의 필요 요소로 도출하였다.

• Journal of the Korea Convergence Society
• /
• v.4 no.1
• /
• pp.27-31
• /
• 2013

The fast-paced development in the field of wireless charger based on M2M, which is available anytime and anywhere, is being underway in accordance with the development of IT technology. Wireless charger technology in M2M has various security threats because it is based on wireless network. The purpose of this paper is to examine the threats of authentication and payment attacks based on wireless network attacks, and to propose the response technique that fit the situation of the wireless charger service by modifying the existing detecting authentication and payment through wireless charger.

• Journal of the Korea Convergence Society
• /
• v.3 no.4
• /
• pp.1-5
• /
• 2012

The fast-paced development in the field of U-Healthcare, which is available anytime and anywhere, is being underway in accordance with the development of IT technology. U-Healthcare technology has various security threats because it is based on network. The purpose of this paper is to examine the threats of DOS / DDOS attacks based on network attacks, and to propose the response technique that fit the situation of the U-Healthcare service by modifying the existing Detecting Early DOS / DDOS attacks through Packet Counting.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.49-57
• /
• 2020

It is no exaggeration to say that we live with cyber threats every day. Nevertheless, it is difficult for us to obtain objective information about cyber threats and attacks because it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage, and rely on information from a single source. In the preceding research of this study, we proposed the new approach for establishing Database (DB) for cyber attacks using Open Source Intelligence(OSINT). In this research, we present the evaluation factors for cyber threats among cyber attack DB and analyze the priority of those factors in oder to quantify cyber threats. We select the purpose of attack, attack category, target, ease of attack, attack persistence, frequency of OSINT DB, and factors of the lower layer for each factor as the evaluation factors for cyber threats. After selection, the priority of each factor is analyzed using the Analytic Hierarchy Process(AHP).

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.9 no.1
• /
• pp.17-23
• /
• 2003

With the terrorist attacks on 11 September 2001, the ships and their crew' safety and security have become a major issue in the maritime industries, In high-risk terrorism, not only ship owners and port authorities but also crew members on board should take precautions in the conduct of their business. In this paper, the vulnerability and essential elements in overall security of merchant ship are analyzed with a discussion in depth of the concept and principles of maritime security of merchant ship are analyzed with a discussion in depth of the concept and principles of maritime security management. And then, ship's security model and security system to reduce security rish and to minimize damage are proposed.