• Journal of Wetlands Research
• /
• v.14 no.3
• /
• pp.341-352
• /
• 2012

The purpose of this study is to statistically project future probable rainfall and to quantitatively assess a future flood vulnerability using flood vulnerability model. To project probable rainfall under non-stationarity conditions, the parameters of General Extreme Value (GEV) distribution were estimated using the 1 yr data added to the initial 30 yr base series. We can also fit a linear regression model between time and location parameters after comparing the linear relationships between time and location, scale, and shape parameters, the probable rainfall in 2030 yr was calculated using the location parameters obtained from linear regression equation. The flood vulnerability in 2030 yr was assessed inputted the probable rainfall into flood vulnerability assessment model suggested by Jang and Kim (2009). As the result of analysis, when a 100 yr rainfall frequency occurs in 2030 yr, it was projected that vulnerability will be increased by spatial average 5 % relative to present.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.34 no.6
• /
• pp.1695-1705
• /
• 2014

In the present study, a total of 275 tested specimens (149 of non-seismically designed and 126 of seismically designed) for reinforced concrete bridge piers with circular section have been investigated in order to suggest drift limits probabilistically according to damage states in seismic fragility analysis. Thus, quantitative damage states of the piers have been evaluated depending on details of the piers. Nonlinear time-history analyses have been conducted for a damaged bridge in terms of using the suggested drift limits. Then, seismic fragility analysis for a reinforced concrete bridge structure has been conducted using both suggested and existing drift limits. Comparative analyses have revealed that median values by the suggested limits is smaller than those by the existing limits. This implies that seismic performance of the structure can be overestimated when the existing limits are used.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2017.05a
• /
• pp.123-123
• /
• 2017

기후변화의 영향으로 개발밀도가 높은 도시지역은 호우로 인한 피해가 지속적으로 증가하고 있다. 최근, 극한 호우에 의해 발생되는 도시침수의 피해를 저감하기 위해 시설물 대책에만 의존하기 보다는 지자체가 수립하는 공간계획을 통해 토지이용, 건축물 등을 아우르는 종합적인 예방전략 마련이 강조되고 있다. 하지만 지자체 도시계획 담당자가 기후변화를 고려해 방재대책을 마련하는데는 국가 차원의 표준화된 방법론의 부재, 침수해석을 위한 전문적 지식이 요구되는 등의 한계가 있다. 본 연구에서는 지자체가 도시계획에 실효성 있는 방재대책을 마련하는데 직접적으로 활용할 수 있는 도시침수에 대한 상세 위험도 주제도를 개발하고자 한다. 이를 위해, 우선적으로 중장기적인 측면에서 기후변화의 영향과 도시지역의 유출 특성을 고려해 방재계획을 수립할 수 있는 강우 시나리오 기준으로 지속시간 1시간에 대한 재현빈도 30년과 100년을 제시하였다. 기후변화의 영향을 고려한 강우 시나리오 기준에 따라 도시지역 내 내수 외수의 침수발생 원인을 고려해 침수심 지도를 생성하고자 한다. 이를 위해 범용적으로 적용할 수 있는 침수해석 모형인 HEC-RAS와 SWMM을 선정하고, 공간적 제약이 없이 폭 넓게 적용할 수 있도록 모형의 구축 절차를 간소화한 방법을 제안하였다. 간소화된 침수해석 모형 결과를 토대로 강우 시나리오별 침수심 지도를 제작하고, 강우 시나리오와 침수심을 기준으로 위험정도에 따라 Red zone, Orange zone, Yellow zone, Green zone으로 영향권을 설정하였다. 실질적으로 각 영향권에 적합한 도시계획 차원에서의 방재대책 수립이 가능하도록 노출특성과 취약성 분석을 실시하였다. 노출특성은 영향권에 노출된 토지이용면적(m2)과 거주인구수(명)로 평가하고 취약성은 영향권 내 취약한 건축물 수(지하 또는 노후 건축물), 보호대상시설물 수로 평가하였다. 침수 발생이 예상되는 영향권별 노출특성과 취약성 분석 결과를 토대로 위험이 높은 지역(Red zone)은 공간규모를 축소해 상세 위험도 공간정보 주제도를 개발하였다. 또한 위험도가 높은 지역은 작은 공간 단위로 노출특성과 취약성을 분석해 상세 위험도 주제도를 개발하였다. 본 연구에서 개발한 상세 위험도 공간정보는 지자체가 도시계획 수립단계에서 실질적인 방재대책을 강구하는데 활용할 수 있을 것으로 기대한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.687-699
• /
• 2021

When a vulnerability occurs in a program, it is documented and published through CVE. However, some vulnerabilities do not disclose the details of the vulnerability and in many cases the source code is not published. In the absence of such information, in order to find a vulnerability, you must find the vulnerability at the binary level. This paper aims to find out-of-bounds read vulnerability that occur very frequently among vulnerability. In this paper, we design a memory area using memory access information appearing in binary code. Out-of-bounds Read vulnerability is detected through the designed memory structure. The proposed tool showed better in code coverage and detection efficiency than the existing tools.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.281-293
• /
• 2023

Industrial control systems (ICS) are increasingly targeted by security incidents as attackers' knowledge of ICS characteristics grows and their connectivity to information technology expands. Vulnerabilities related to ICS are growing rapidly, but patching all vulnerabilities in a timely manner is challenging. The common vulnerability assessment system used to patch vulnerabilities has limitations as it does not consider weaponization after discovery. To address this, this study defines criteria for classifying attacker skill levels based on open information including operating technology and vulnerability information in ICS. The study also proposes a method to evaluate vulnerability severity that reflects actual risk and urgency by incorporating the corresponding attribute in the existing severity score calculation. Case studies based on actual accidents involving vulnerabilities were conducted to confirm the effectiveness of the evaluation method in the ICS environment.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.246-250
• /
• 2008

This paper presents the design of network vulnerability analysis system which can integrate various vulnerability assessment tools to improve the preciseness of the vulnerability scan result. Manual checking method performed by a security expert is the most precise and safe way. But this is not appropriate for the large-scale network which has a lot of systems and network devices. Therefore automatic scanning tool is recommended for fast and convenient use. The scanning targets may be different according to the kind of vulnerability scanners, or otherwise even for the same scanning target, the scanning items and the scanning results may be different by each vulnerability scanner, Accordingly, there are the cases in which various scanners, instead of a single scanner, are simultaneously utilized with the purpose of complementing each other. However, in the case of simultaneously utilizing various scanners on the large-scale network, the integrative analysis and relevance analysis on vulnerability information by a security manager becomes time-consumable or impossible. The network vulnerability analysis system suggested in this paper provides interface which allows various vulnerability assessment tools to easily be integrated, common policy which can be applied for various tools at the same time, and automated integrative process.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Journal of KIISE
• /
• v.43 no.2
• /
• pp.212-221
• /
• 2016

Android apps suffer from intent vulnerabilities in that they abnormally stop execution when Android components such as, activity, service, and broadcast receiver, take malformed intents. This paper proposes a method to prevent intent vulnerabilities by allowing programmers to write a specification on intents that a component expects to have, and by checking intents against the specification in runtime. By declaring intent specifications, we can solve the problem that one may miss writing conditional statements, which check the validity of intents, or one may mix those statements with another regular code, so making it difficult to maintain them. We perform an experiment by applying the proposed method to 7 Android apps, and confirm that many of abnormal termination of the apps because of malformed intents can be avoided by the intent specification based runtime assertion.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.4
• /
• pp.470-476
• /
• 2019

The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.