• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.81-90
• /
• 2003

The presence of the intrusion is judged by intrusion detection system based on the audit log and the Performance of this system depends on how correctly and effectively it has been described about the intrusion pattern with audit log. In this paper, the relativity concerning intrusion is demonstrated among the information those are ‘System call, Network packet and Syslog’ and the related pattern of the state-transition-based method and those rule-based pattern is identified. By applying this correlation to them, the accuracy rate of detection was able to be improved. Especially, the availability of detection with correlation pattern through Covert Channel detection test has been substantiated.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.9
• /
• pp.85-91
• /
• 2014

Encryption is a method to convert information to no-sense code in order to prevent data from being lost or altered by use of illegal means. Audit logging creates audit log of users' activities, exceptions, and information security events, and then conserves it for a certain period for investigation and access-control auditing. Our paper suggests that confidentiality and integrity of information should be guaranteed when transmitting and storing important information in encryption. Encryption should consider both one-way encryption and two-way one and that encryption key should assure security. Also, all history related to electronic financial transactions should be logged and kept. And, it should be considered to check the details of application access log and major information. In this paper, we take a real example of encryption and log audit for safe data transmission and periodic check.

• Journal of Internet Computing and Services
• /
• v.11 no.6
• /
• pp.73-86
• /
• 2010

In proportion to the rapid increase in the number of Web users, web attack techniques are also getting more sophisticated. Therefore, we need not only to detect Web attack based on the log analysis but also to extract web attack events from audit information such as Web firewall, Web IDS and system logs for detecting abnormal Web behaviors. In this paper, web attack detection system was designed and implemented based on integrated web audit data for detecting diverse web attack by generating integrated log information generated from W3C form of IIS log and web firewall/IDS log. The proposed system analyzes multiple web sessions and determines its correlation between the sessions and web attack efficiently. Therefore, proposed system has advantages on extracting the latest web attack events efficiently by designing and implementing the multiple web session and log correlation analysis actively.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.33-41
• /
• 2015

A safe Linux system for security enhancement should have an audit ability that prohibits an illegal access and alternation of data as well as trace ability of illegal activities. In addition, construction of the log management and monitoring system is a necessity to clearly categorize the responsibility of the system manager or administrator and the users' activities. In this paper, the Linux system's Security Log is analyzed to utilize it on prohibition and detection of an illegal protrusion converting the analyzed security log into a database. The proposed analysis allows a safe management of the security log. This system will contribute to the enhancement of the system reliability by allowing quick response to the system malfunctions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.275-278
• /
• 2013

Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

• Korean journal of food and cookery science
• /
• v.28 no.5
• /
• pp.515-530
• /
• 2012

This research aims to audit foodservice sanitation management practices and to assess microbiological quality of foods and their food contact environments in kindergartens. Sanitation auditing was conducted in 10 kindergartens in Seoul, Gyeonggi, and Incheon areas to assess the levels of safety practices. Results revealed that the surveyed kindergartens scored 41.4 out of 100 points, on average. The average scores of each category were 6.4/11 (58.1%) for facilities sanitation, 4.2/12 (35.0%) for equipment sanitation, 2.4/10 (24.0%) for personal hygiene, 5.1/10 (51.0%) for food ingredients management, 6.0/17 (35.3%) for production process, 5.4/10 (54.0%) for environmental sanitation, 2.0/6 (33.3%) for kitchen utensils sanitation, and 2.2/6 (96.7%) for safety management. Microbiological quality of raw, prepared foods, personal sanitation (hands), environmental sanitation, and drinking water were assessed. Total plate counts (TPC) of the following menus exceeded the critical limit: seasoned leek (5 log CFU/g), cucumber (5.0 log CFU/g), panbroiled fish paste (TNTC at $10^4$), tangpyeongchae (5.3 log CFU/g), egg rolls (6.1 log CFU/g), panbroiled sausage (TNTC at $10^4$), and soft tofu pot stew (TNTC at $10^4$). Coliform which exceeded the standard limit were detected from seasoned leek (2 log CFU/g), cucumber (2.5 log CFU/g), panbroiled fish paste (2.0 log CFU/g), egg roll (3.8 log CFU/g), tangpyeongchae (4.0 log CFU/g), panbroiled sausage (2.3 log CFU/g), and soft tofu pot stew (3.7 log CFU/g). For seasoned foods (muchim), S. aureus ranged 2.2~2.9 log CFU/g. In food workers' hands, microbial profiles ranged 3.8~7.9 log CFU/hand for TPC, ND~4.5 log CFU/hand for coliforms, ND~4.7 log CFU/hand for S. aureus, and ND~5.3 log CFU/hand for Enterobacteriaceae. Microbiological profiles of food contact surface of knives, cutting boards, dish-clothes, and trays showed possibilities of cross-contamination. General bacteria were 2.1~4.5 logCFU/ml in 4 purified water samples and E. coli were found in the kitchen of one kindergarten. These results suggested that environmental sanitation management practices need more strict improvement: effective sanitation education methods and practices were strongly required, and more strict sanitation management for cooking utensils and equipment were required.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.11
• /
• pp.351-356
• /
• 2020

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.3-13
• /
• 2017

As security log plays important roles in various fields, the integrity of log data become more and more important. Especially, the stored log data is an immediate target of the intruder to erase his trace in the system penetrated. Several theoretical schemes to guarantee the forward secure integrity have been proposed, even though they cannot provide the integrity of the log data after the system is penetrated. Authentication tags of these methods are based on the linear-hash chain. In this case, it is difficult to run partial validation and to accelerate generating and validating authentication tags. In this paper, we propose a log authentication mechanism, based on Mekle Tree, which is easy to do partial validation and able to apply multi threading.