• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.726-729
• /
• 2012

최근 클라우드 컴퓨팅 서비스가 활발히 이루어지면서, 가상화 기술에 대한 보안이슈가 급부상하고 있다. 클라우드 서비스는 가상화 기술을 사용하는데 복수의 가상 운영체제가 구동되는 환경을 제공하는 하이퍼바이저 역할이 중요하다. 특히, 여러 Guest OS의 사용으로 인해 서버의 자원을 공유하는 측면에서 보안 위협이 발생 가능하다. 본 논문에서는 외적인 보안위협이 아닌 가상화의 내적 영역에서 발생 가능한 위협에 대해 대응할 수 있는 시스템을 제안한다. 제안하는 시스템은 내부에서 발생하는 트래픽에 대한 로그 수집과 분석을 통해 이상트래픽을 판별하여 기존의 시스템이 탐지하지 못하는 가상화 내부트래픽에 대한 보안위협을 해결한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.91-92
• /
• 2021

최근 사물 인터넷 관련 해킹 우려 신고 건수가 증가하는 추세를 보이고 있다. 하지만 급격하게 늘어나는 IoT 환경에 따라서 관리자가 새로운 침입 탐지 공격패턴을 인식하는 것에 대한 어려움이 있으며, 대량의 공격이나 새로운 공격패턴이 등장할 경우 이에 맞는 특징을 재선정해야 할 경우도 발생한다. 본 논문에서는 운영 네트워크 상에 특정이상동작 파악 및 근원지 진단을 위한 목적을 가진 전반적인 네트워크 상태 분석 및 사용자 이슈 식별이 가능한 프레임워크를 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.145-153
• /
• 2018

SSL (Secure Socket Layer) and TLS (Transport Layer Security) are widely used protocols for secure and encrypted communication over a computer network. However, there have been reported several security vulnerabilities of SSL/TLS over the years. The vulnerabilities can let an adversary carry out critical attacks on SSL/TLS enabled servers. In this paper, we have developed a system which can periodically scan SSL/TLS vulnerabilities on internal network servers and quickly detects, reports and visualizes the vulnerabilities. We have evaluated the system on working servers of Naver services and analyzed detected vulnerabilities. 816 vulnerabilities are found on 213 internal server domains (4.2 vulnerabilities on average) and most vulnerable servers are not opened to public. However, 46 server domains have old vulnerabilites which were found 2016. We could patch and response to SSL/TLS vulnerabilites of servers by leveraging the proposed system.

• Journal of the Korea institute for structural maintenance and inspection
• /
• v.26 no.6
• /
• pp.175-181
• /
• 2022

The condition of infrastructure deteriorates as the service life increases. Since most infrastructure in South Korea were intensively built during the period of economic growth, the proportion of outdated infrastructure is rapidly increasing now. Aging of such infrastructure can lead to safety accidents and even human casualties. To prevent these issues in advance, periodic and accurate inspection is essential. For this reason, the need for research to detect various types of damage using computer vision and deep learning is increasingly required in the field of remotely controlled or autonomous inspection. To this end, this study proposed a neural network structure that can detect concrete damage by classifying it into three types. In particular, the proposed neural network can detect them more accurately through a hierarchical learning technique. This neural network was trained with 2,026 damage images and tested with 508 damage images. As a result, we completed an algorithm with average mean intersection over union of 67.04% and F1 score of 52.65%. It is expected that the proposed damage detection algorithm could apply to accurate facility condition diagnosis in the near future.

• Journal of KIISE:Software and Applications
• /
• v.35 no.9
• /
• pp.538-546
• /
• 2008

It has limits that system administrator deals with many problems occurred in systems because computing environments are increasingly complex. It is issued that systems have an ability to recognize system's situations and adapt them by itself in order to resolve these limits. But it requires much experiences and knowledge to build the Self-Adaptive System. The difficulty that builds the Self-Adaptive System has been problems. This paper proposes a technique that generates automatically the codes of the Self-Adaptive System in order to make the system to be built more easily. This Self-Adaptive System resolves partially the problems about ineffectiveness of the exceeded usage of the system resource that was previous research's problem and incorrect operation that is occurred by external factors such as virus. In this paper, we applied the proposed approach to the file transfer module that is in the video conferencing system in order to evaluate it. We compared the length of the codes, the number of Classes that are created by the developers, and development time. We have confirmed this approach to have the effectiveness.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2015

As the number of smartphone users is increasing with the development of mobile devices, the range of monetary transaction from the individual use is increasing. Therefore, hacking methods are diversified and the information forgery of mobile devices has been a current issue. The forgery via apps in mobile devices is a hacking method that creates an app similar to well-known apps to deceive the users. The forgery attack corresponds to the violation of integrity, one of three elements of security. Due to the forgery, the value and credibility of an app decreases with the risk increased. With the forgery in app, private information and data can be stolen and the financial losses can occur. This paper examined the forgery, and suggested a way to detect it, and sought the countermeasure to the forgery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.411-421
• /
• 2015

These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.529-532
• /
• 2005

In anomaly intrusion detection, how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior as a profile, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes a new clustering algorithm which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.11 no.2
• /
• pp.28-37
• /
• 2008

In this study, we perform land surface monitoring of NDVI (Normalized Difference Vegetation Index) variation by using remote sensing data during 1999-2005 over North Korea, which can't easily access to measure directly land surface characteristics due to one of the world's most closed societies. North Korea forest region has most abundant forest vegetation - so called Lungs of Korea in the Korea peninsula. NDVI represents vegetation activity used in many similar studies. In this study, we detect vegetation variation and analysis factors of the change over North Korea. By using variation of NDVI, we can infer that effect of drought over North Korea, and reduced vegetation indices by typhoon in North Korea. Land surface type except barren ground with decreased NDVI value is considered as when North Korea region was suffering from drought and typhoon effects, which show lower than mean of 7-year NDVI value. Especially, in recently, the food production of North Korea with political and economical issues can be inferred indirectly these trends by using estimated output data from this study.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.67-72
• /
• 2005

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. In order to solve a same problem, this paper researched early detection techniques for only early warning of cyber threats with separate way the detection due to and existing security equipment from the large network. It researched the cyber example alert system which applies the module of based honeynet from the actual large network and this technique against the malignant traffic how many probably it will be able to dispose effectively from large network.