• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.1
• /
• pp.418-424
• /
• 2014

In this paper, we propose a boundary input method for video surveillance systems. Since intrusion of a moving object is decided by comparition of its position and the surveillance boundary, the boundary input method is a basic function in video surveillance. Previous methods are difficult to adapt to the change of surveillance environments such as the size of surveillance area, the number of cameras, and the position of cameras because those build up the surveillance boundary using the captured image in the center of each camera. In our approach, the whole surveillance boundary is once defined in the form of polygon based on the satellite map and transformed into each camera environment. Its characteristics is that the boundary input is independent from the surveillance environment. Given the position of a moving object, the time complexity of its intrusion detection shows O(n), where n is the number of polygon vertices. To verify our method, we implemented a 3D simulation and assured that the input boundary can be reused in each camera without any redefinition.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.6
• /
• pp.625-630
• /
• 2010

With regard to the examples of establishing various sorts of information security, it can be seen that there are gradual, developmental procedures including Firewall and VPN (Virtual Private Network), IDS (Intrusion Detection System), or ESM(Enterprise Security Management). Each of the security solutions and equipments analyzes both defense and attack for information security with the criteria of classifying the problems of security policies by TCP/IP layers or resulted from attack patterns, attack types, or invasion through specialized security technology. The direction of this study is to examine latency time vulnerable to invasion which occurs when L2-stratum or lower grade equipments or policies are applied to the existing network through TCP/IP layer's L3-stratum or higher grade security policies or equipments and analyze security holes which may generate due to the IP preoccupation in the process of establishing policies to limit particular IP area regarding the policies for security equipments to figure out technological problems lying in it.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.2B
• /
• pp.91-97
• /
• 2006

As increasing the network bandwidth, the threat of a network also increases with emerging various new services. For a high-performance network security, It is generally used that high-speed packet classification methods which employ hardware like TCAM. There needs an method using these devices efficiently because they are expensive and their capacity is not sufficient. In this paper, we propose an efficient packet classification using a Ternary-CAM(TCAM) which is widely used device for high-speed packet classification in which we have applied Snort rule set for the well-known intrusion detection system. In order to save the size of an expensive TCAM, we have eliminated duplicated IP addresses and port numbers in the rule according to the partitioning of a table in the TCAM, and we have represented negation and range rules with reduced TCAM size. We also keep advantages of low TCAM capacity consumption and reduce the number of TCAM lookups by decreasing the TCAM partitioning using combining port numbers. According to simulation results on our TCAM partitioning, the size of a TCAM can be reduced by upto 98$\%$ and the performance does not degrade significantly for high-speed packet classification with a large amount of rules.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.659-666
• /
• 2012

Recently, cloud computing service has become a rising issue in terms of utilizing sources more efficiently and saving costs. However, the service still has some limitations to be popularized because it lacks the verification towards security safety. In particular, the possibility to induce Denial of service is increasing as it is used as Zombie PC with exposure to security weakness of Guest OS's. This paper suggests how cloud system, which is implemented by Xen, detects intrusion caused by Denial of service using hypercall. Through the experiment, the method suggested by K-means and EM shows that two data, collected for 2 mins, 5 mins, 10mins and 20mins each, are distinguished 90% when collected for 2mins and 5mins while collected over 10mins are distinguished 100% successfully.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.125-135
• /
• 2009

Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.69-81
• /
• 2006

The Computer Forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. Many researches about Computer Forensics have been done so far. But those researches have focussed on how to collect the forensic evidence for both analysis and poofs after receiving the intrusion or infringement reports of hosts from computer users or network administrators. In this paper, we describe how to collect the forensic evidence of good quality from observable and protective hosts at the time of infringement occurrence by malicious users. By correlating the event logs of Intrusion Detection Systems(IDSes) and hosts with the configuration information of hosts periodically, we calculate the value of infringement severity that implies the real infringement possibility of the hosts. Based on this severity value, we selectively collect the evidence for proofs at the time of infringement occurrence. As a result, we show that we can minimize the information damage of the evidence for both analysis and proofs, and reduce the amount of data which are used to analyze the degree of infringement severity.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.3-10
• /
• 2015

Recent massive data breaches or major security incidents show that threats posed by insiders have greatly increased over time. Especially, authorized insiders can cause more serious problems than external hackers can. Therefore there is a growing need to introduce a system that can monitor the insider threats in real time and prevent data breaches or security incidents in early-stage. In this paper, we propose a EITMS(Enterprise Insider-Threats Management System). EITMS detects the abnormal behaviors of authorized insiders based on the normal patterns made from their roles, duties and private activities. And, in order to prevent breaches and incidents in early-stage, a scoring system that can visualize the insider threats is also included.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.121-130
• /
• 2020

This paper suggests evaluating the military closed network data as an image which is generated by Generative Adversarial Network (GAN), applying an image evaluation method such as the InceptionV3 model-based Inception Score (IS) and Frechet Inception Distance (FID). We employed the famous image classification models instead of the InceptionV3, added layers to those models, and converted the network data to an image in diverse ways. Experimental results show that the Densenet121 model with one added Dense Layer achieves the best performance in data converted using the arctangent algorithm and 8 * 8 size of the image.

• Annual Conference of KIPS
• /
• 2002.11b
• /
• pp.1163-1166
• /
• 2002

일반적인 운영체제에 보안 기능을 강화하기 위하여 접근 통제, 침입 탐지 그리고 감사 및 추적 등과 같은 새로운 보안 기능이 계속해서 추가되고 있다. 추가된 보안 기능에 의해서 어느 정도 시스템 성능에 변화가 생기는지는 보안 운영체제를 도입하려는 사용자들에게 중요한 선택 기준이 되고 있다. 그러나 현재 개발되고 있는 다양한 보안 운영체제들이 어느 정도의 성능을 보여주고 있는지에 대한 분석 자료는 거의 없다. 본 논문에서는 잘 알려진 보안 운영체제를 대상으로 성능 측정 결과를 보이고 있으며, 오버헤드가 발생하는 주요 원인에 대해서 분석을 하고 있다. 분석에 사용된 보안 운영체제는 공개 소스에 기반한 SELinux 이며, 보안 운영체제를 분석하는데 사용한 벤치마크 툴은 유닉스 성능 분석에 널리 활용되고 있는 Imbench 이다. 본 논문에서 제시하는 실험결과는 보안 운영체제를 도입하려는 사용자들과 보안 운영체제를 개발하는 개발자들에게 유용한 정보로 사용될 수 있다.