• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.27-35
• /
• 2021

With the development of the Internet, various IT technologies such as IoT, Cloud, etc. have been developed, and various systems have been built in countries and companies. Because these systems generate and share vast amounts of data, they needed a variety of systems that could detect threats to protect the critical data contained in the system, which has been actively studied to date. Typical techniques include anomaly detection and misuse detection, and these techniques detect threats that are known or exhibit behavior different from normal. However, as IT technology advances, so do technologies that threaten systems, and these methods of detection. Advanced Persistent Threat (APT) attacks national or companies systems to steal important information and perform attacks such as system down. These threats apply previously unknown malware and attack technologies. Therefore, in this paper, we propose a hybrid intrusion detection system that combines anomaly detection and misuse detection to detect unknown threats. Two detection techniques have been applied to enable the detection of known and unknown threats, and by applying machine learning, more accurate threat detection is possible. In misuse detection, we applied Classification based on Association Rule(CBA) to generate rules for known threats, and in anomaly detection, we used One-Class SVM(OCSVM) to detect unknown threats. Experiments show that unknown threat detection accuracy is about 94%, and we confirm that unknown threats can be detected.

• Journal of the Society of Disaster Information
• /
• v.17 no.1
• /
• pp.176-183
• /
• 2021

Purpose: The introduction of smart factories that reflect the 4th industrial revolution technologies such as AI, IoT, and VR, has been actively promoted in Korea. However, in order to solve various problems arising from existing file-based operating systems, this research will focus on identifying and verifying non-file system-based data protection technology. Method: The research will measure security storage that cannot be identified or controlled by the operating system. How to activate secure storage based on the input of digital key values. Establish a control unit that provides input and output information based on BIOS activation. Observe non-file-type structure so that mapping behavior using second meta-data can be performed according to the activation of the secure storage. Result: First, the creation of non-file system-based secure storage's data input/output were found to match the hash function value of the sample data with the hash function value of the normal storage and data. Second, the data protection performance experiments in secure storage were compared to the hash function value of the original file with the hash function value of the secure storage after ransomware activity to verify data protection performance against malicious ransomware. Conclusion: Smart factory technology is a nationally promoted technology that is being introduced to the public and this research implemented and experimented on a new concept of data protection technology to protect crucial data within the information system. In order to protect sensitive data, implementation of non-file-type secure storage technology that is non-dependent on file system is highly recommended. This research has proven the security and safety of such technology and verified its purpose.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.4
• /
• pp.285-296
• /
• 2018

Among many hacking attempts carried out in the past few years, the cyber-attacks that could have caused a national-level disaster were the attacks against nuclear facilities including nuclear power plants. The most typical one was the Stuxnet attack against Iranian nuclear facility and the cyber threat targeting one of the facilities operated by Korea Hydro and Nuclear Power Co., Ltd (Republic of Korea; ROK). Although the latter was just a threat, it made many Korean people anxious while the former showed that the operation of nuclear plant can be actually stopped by direct cyber-attacks. After these incidents, the possibility of cyber-attacks against industrial control systems has become a reality and the security for these systems has been tightened based on the idea that the operations by network-isolated systems are no longer safe from the cyber terrorism. The ROK government has established a realistic control systems defense concept and in the US, the relevant authorities have set up several security frameworks to prepare for the threats. This paper presented various cyber security attack cases and their scenarios against control systems, along with the analysis of countermeasures for them. Though this task, we attempt to identify the items that need to be considered when designing a domestic security framework to improve security and secure stability.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.105-119
• /
• 2017

Smartphone users hit over eighty-five percentage of Korean populations and personal private items and various information are stored in each user's smartphone. There are so many cases to propagate malicious codes or spywares for the purpose of catching illegally these kinds of information and earning pecuniary gains. Thus, need of information security is outstanding for using smartphone but also user's security perception is important. In this paper, we investigate about how information security affects smartphone operating system choices by users. For statistical analysis, the online survey with questionnaires for users of smartphones is conducted and effective 218 subjects are collected. We test hypotheses via communalities analysis using factor analysis, reliability analysis, independent sample t-test, and linear regression analysis by IBM SPSS statistical package. As a result, it is found that hardware environment influences on perceived ease of use. Brand power affects both perceived usefulness and perceived ease of use and degree of personal risk-accepting influences on perception of smartphone spy-ware risk. In addition, it is found that perceived usefulness, perceived ease of use, degree of personal risk-accepting, and spy-ware risk of smartphone influence significantly on intention to purchase smartphone. However, results of independent sample t-test for each operating system users of Android or iOS do not present statistically significant differences among two OS user groups. In addition, each result of OS user group testing for hypotheses is different from the results of total sample testing. These results can give important suggestions to organizations and managers related to smartphone ecology and contribute to the sphere of information systems (IS) study through a new perspective.

• The Korean Journal of Nuclear Medicine Technology
• /
• v.19 no.2
• /
• pp.74-80
• /
• 2015

Purpose Breast lymphoscintigraphy is an important technique to present for body surface precisely, which shows a lymph node metastasis of malignant tumors at an early stage and is performed before and after surgery in patients with breast cancer. In this study, we evaluated several methods of body outline imaging to present exact location of lesions, as well as compared respective exposure doses. Materials and Methods RANDO phantom and SYMBIA T-16 were used for obtaining imaging. A lesion and an injection site were created by inserting a point source of 0.11 MBq on the axillary sentinel lymph node and 37 MBq on the right breast, respectively. The first method for acquiring the image was used by drawing the body surface of phantom for 30 sec using $Na^{99m}TcO_4$ as a point source. The second, the image was acquired with $^{57}Co$ flood source for 30 seconds on the rear side and the left side of the phantom, the image as the third method was obtained using a syringe filled with 37 MBq of $Na^{99m}TcO_4$ in 10 ml of saline, and as the fourth, we used a photon energy and scatter energy of $^{99m}Tc$ emitting from phantom without any addition radiation exposure. Finally, the image was fused the scout image and the basal image of SPECT/CT using MATLAB$^{(R)}$ program. Anterior and lateral images were acquired for 3 min, and radiation exposure was measured by the personal exposure dosimeter. We conducted preference of 10 images from nuclear medicine doctors by the survey. Results TBR values of anterior and right image in the first to fifth method were 334.9 and 117.2 ($1^{st}$), 266.1 and 124.4 ($2^{nd}$), 117.4 and 99.6 ($3^{rd}$), 3.2 and 7.6 ($4^{th}$), and 565.6 and 141.8 ($5^{th}$). And also exposure doses of these method were 2, 2, 2, 0, and $30{\mu}Sv$, respectively. Among five methods, the fifth method showed the highest TBR value as well as exposure dose, where as the fourth method showed the lowest TBR value and exposure dose. As a result, the last method ($5^{th}$) is the best method and the fourth method is the worst method in this study. Conclusion Scout method of SPECT/CT can be useful that provides the best values of TBR and the best score of survey result. Even though personal exposure dose when patients take scout of SPECT/CT was higher than another scan, it was slight level comparison to 1 mSv as the dose limit to non-radiation workers. If the scout is possible to less than 80 kV, exposure dose can be reduced, and also useful lesion localization provided.