• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.1
• /
• pp.34-39
• /
• 2007

According to the active use of internet the need for security in various environment is being emphasized. Moreover with the broad use of Messenger on PC and P2P applications. the security and management of individual hosts on internet became very important issues. Therefore in this paper we propose the design and implementation of a host based access control system for the hosts on internet including window based PC which provides access control, information on packets, and record and monitoring of log files.

• Journal of Korea Multimedia Society
• /
• v.8 no.9
• /
• pp.1163-1176
• /
• 2005

The Web is the largest distributed information space but, the individual's capacity to read and digest contents is essentially fixed. In these Web environments, mining traversal patterns is an important problem in Web mining with a host of application domains including system design and information services. Conventional traversal pattern mining systems use the inter-pages association in sessions with only a very restricted mechanism (based on vector or matrix) for generating frequent K-Pagesets. We extend a family of novel algorithms (termed WebPR - Web Page Recommend) for mining frequent traversal patterns and then pageset to recommend. We add a WebPR(A) algorithm into a family of WebPR algorithms, and propose a new winWebPR(T) algorithm introducing a window concept on WebPR(T). Including two extended algorithms, our experimentation with two real data sets, including LadyAsiana and KBS media server site, clearly validates that our method outperforms conventional methods.

• Journal of Convergence for Information Technology
• /
• v.12 no.2
• /
• pp.47-53
• /
• 2022

Recently, with the change of the intelligent security paradigm, study to apply various information generated from various information security systems to AI-based anomaly detection is increasing. Therefore, in this study, in order to convert log-like time series data into a vector, which is a numerical feature, the CBOW and Skip-gram inference methods of deep learning-based Word2Vec model and statistical method based on the coincidence frequency were used to transform the published ADFA system call data. In relation to this, an experiment was carried out through conversion into various embedding vectors considering the dimension of vector, the length of sequence, and the window size. In addition, the performance of the embedding methods used as well as the detection performance were compared and evaluated through GRU-based anomaly detection model using vectors generated by the embedding model as an input. Compared to the statistical model, it was confirmed that the Skip-gram maintains more stable performance without biasing a specific window size or sequence length, and is more effective in making each event of sequence data into an embedding vector.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.125-128
• /
• 2010

Linux server offers various kinds of service including web, FTP, and SSH. The users of these kinds of service are trying to hack by making use of it. That’s why some countermeasures are required for the security of the server. In this thesis, each type of service log of multiple Linux server was analyzed, and a solution was developed to monitor and control the multiple Linux server system not based on Linux but based on Windows.

• Journal of the Korea Convergence Society
• /
• v.8 no.5
• /
• pp.37-43
• /
• 2017

A registry is a hierarchy database which is designed to store information necessary for operating system and application programs in Windows operating system, and it is involved in all activities such as booting, logging, service execution, application execution, and user behavior. Digital forensic is widely used. In recent years, malicious codes have penetrated into systems in a way that is not recognized by the user, and valuable information is leaked or stolen, causing financial damages. Therefore, this study proposes a method to detect malicious code by using a shareware application without using expensive digital forensic program, so as to analysis hacking methods and prevent hacking damage in advance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.05a
• /
• pp.490-493
• /
• 2002

Many servers that is operated in present earth are UNIX base, is trend that server of LINUX base is increasing steadily recently. When users who have account to this server wish to do remote access, instruction that use most easily is‘telnet’, security does not consist entirely about ID and password that this uses at communication substance as well as login. The interest about latest SSH is rising by the alternative, but SSH has various kinds problem in following telnet's fame. Therefore, We studied about problems and the solution that can happen when window users attempted remote access laying stress on OpenSSH.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.1
• /
• pp.121-132
• /
• 2009

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.841-844
• /
• 2008

This paper describes technical method about remote control and monitoring of local system by use internet web connection system, which connect local system and system manager works in long distance office. The local system, which will be controlled remotely have constructed with analog/digital signal acquisition device, signal control board and their software. The local systems are constructed with several electronic modules need AC or DC power supply to operate the right way. We used NI labview software to control and monitoring of local system. The computer server for remote connection are constructed with Apache web server, PHP and MySQL ODBC. The experiment for the remote control are need internet web browser which load local control software. By use of web system, we have experimented control and monitoring of local electronic module.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1599-1609
• /
• 2014

TCP does not ensure the bandwidth and delay bound required for multimedia streaming services in broadband wireless network environments. In this paper, we propose a new congestion control scheme for efficient multimedia transmission, called COLO TCP (Concave Increase Slow Start Logarithmic Increase Congestion Avoidance TCP). The COLO TCP prevents the burst packet loss by applying the concave increase algorithm in slow start phase. In the congestion avoidance phase, COLO TCP uses the logarithmic increase algorithm that quickly recovers congestion window after packet loss. To highly utilize network bandwidth and reduce packet loss ratio, COLO TCP uses additive increase algorithm and adaptive decrease algorithm. Through simulation results, we prove that our COLO TCP is more robust for random loss. It is also possible for efficient multimedia transmission.