• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.49-62
• /
• 2008

AV (Atomic Vulnerability) is a conceptual definition representing a vulnerability in a systematic way, AVs are defined with respect to its type, location, and result. It is important information for meaning based vulnerability analysis method. Therefore the existing vulnerability can be expressed using multiple AVs, CVE (common vulnerability exposures) which is the most well-known vulnerability information describes the vulnerability exploiting mechanism using natural language. Therefore, for the AV-based analysis, it is necessary to search specific keyword from CVE's description and classify it using keyword and determination method. This paper introduces software design and implementation result, which can be used for atomic vulnerability analysis. The contribution of this work is in design and implementation of software which converts informal vulnerability description into formal AV based vulnerability definition.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.41-52
• /
• 2020

This paper implements a priority algorithm for active response to security event risk, and implements an event scheduler that performs efficient event processing based on this. According to the standards that have global standards such as CVE and CVSS, standards for scoring when security events are executed are prepared and standardized so that priorities can be more objectively set. So, based on this, we build a security event database and use it to perform scheduling. In addition, by developing and applying the security event scheduling priority algorithm according to the situation of security events in Korea, it will contribute to securing the reliability of information protection and industrial development of domestic or ganizations and companies.

• Proceedings of the KIEE Conference
• /
• 2001.04a
• /
• pp.15-18
• /
• 2001

SMES consists of superconducting magnet, power converter and cryostat and HTS current lead. The prototype cryostat with HTS current leads and refrigerators was designed and manufactured for micro-SMES. HTS current lead with cryocooler was measured the temperature rise under dc current. The cryostat was evaluated the helium boil-off and mechanical stress during transfer and vibration test. These results will be applied to develope the micro-SMES system.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.740-750
• /
• 2018

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

• Journal of Medicine and Life Science
• /
• v.18 no.1
• /
• pp.1-10
• /
• 2021

Omega-3 fatty acids (eicosapentaenoic acid [EPA] and docosahexaenoic acid [DHA]) may be beneficial for the primary and secondary prevention of cardiovascular events (CVEs), especially in patients with myocardial infarction or heart failure with reduced ejection fraction. For this purpose, one to two seafood meals per week is preferentially recommended. Omega-3 fatty acids with a high-dose EPA formula (4 g/day) may be more effective than EPA+DHA mixed supplements for the secondary prevention of CVE. Krill oil also contains omega-3 fatty acids, but at a much lower dose compared to fish oil. Supplemental vitamins and minerals have not shown the preventive effects on CVE in prospective, and randomized clinical trials, except for one Chinese study showing the stroke prevention effects of folic acid. The clinical benefit of chelation therapy in reducing CVEs is uncertain.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.221-224
• /
• 2021

본 논문은 WebAssembly 가 도입된 2017 년부터 현재 2021 년까지 발생한 보안 취약점을 분석하고 분류하여, WebAssembly 에 대한 개발자들의 이해도를 높이고 WebAssembly 도입에 생길 수 있는 문제점들을 정리한다. 특히 CVE-2018-6092(Integer Overflow), CVE-2018-6036(Underflow) 사례들을 제공된 PoC 를 통하여 재현하고, PoC 코드, 원인 코드와 대처 코드까지 분석한다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2023.11a
• /
• pp.327-328
• /
• 2023

본 논문은 테러 위협 증가에 따른 국내 테러대응체계 개선방안에 대해 국내·외 사례분석을 통하여 국내 상황에 맞는 국내 테러대응체계의 실질적인 개선방안을 제시하는데 그 목적이 있다. 국내·외 논문, 간행물 및 서적 등을 바탕으로 문헌 분석 연구를 진행하였으며, 연구와 관련한 자료와 사례 등은 대테러센터, 국가정보원, 대통령경호처, 외교부, 행정안전부, 여성가족부 등 각 부처의 자료와 인터넷 그리고 신문자료 등을 활용하여 분석하였다. 이를 통해 도출한 국내 테러대응체계의 문제점은 총 다섯 가지이다. 첫 째, 최신 글로벌 테러정세와 동떨어진 국내 테러방지법과 관련 법제도의 미비 둘 째, 복잡하고 산개된 대테러조직 개편의 필요, 셋 째, 비전통적 위협에 대한 대책 마련 시급, 넷 째, 다문화 사회 속 폭력적 극단주의 대응(CVE) 개발 및 시행 필요, 다섯 째, 대테러분야 전문성 미흡이 있으며, 이와 같은 문제점을 토대로 총 다섯 가지 개선방안을 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.243-253
• /
• 2022

Recently, cyber attacks on national infrastructure facilities have continued to occur. As a result, the vulnerabilities of ICS-CERTs have more than doubled from last year, and the vulnerabilities to industrial control systems such as nuclear facilities are increasing day by day. Most control system operators formulate vulnerability countermeasures based on the vulnerability information sources of industrial control systems provided by ICS-CERT in the United States. However, it is difficult to apply this to the security of domestic control systems because ICS-CERT does not contain all relevant vulnerability information and does not provide vulnerabilities to domestic manufacturer's products. In this research, we will utilize publicly available vulnerability-related information such as CVE, CWE, ICS-CERT, and CPE to discover vulnerabilities that may exist in control system assets and may occur in the future. I proposed a plan that can predict possible vulnerabilities and applied it to information on major domestic control systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.667-680
• /
• 2024

If the software is not updated after the vulnerability is disclosed, it can continue to be attacked. As a result, the importance of N-day detection is increasing as attacks that exploit vulnerabilities increase. However, there is a problem that it is difficult to find specific version information in the published vulnerability database, or that the wrong version or software is outputted. There is also a limitation in that the connection between the published vulnerability databases is not good. In order to overcome these limitations, this paper proposes a method of building information including comprehensive vulnerability information such as CVE, CPE, and Exploit Database into an integrated database. Furthermore, by developing a website for searching for vulnerabilities based on an integrated database built as a result of this study, it is effective in detecting and utilizing vulnerabilities in specific software versions and Windows operating systems.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.36 no.6
• /
• pp.391-398
• /
• 2023

In this paper, a penalized maximum likelihood estimation (PMLE) method that applies a penalty to increase the accuracy of a basis-screening-based Kriging model (BSKM) is introduced. The maximum order and set of basis functions used in the BSKM are determined according to their importance. In this regard, the cross-validation error (CVE) for the basis functions is employed as an indicator of importance. When constructing the Kriging model (KM), the maximum order of basis functions is determined, the importance of each basis function is evaluated according to the corresponding maximum order, and finally the optimal set of basis functions is determined. This optimal set is created by adding basis functions one by one in order of importance until the CVE of the KM is minimized. In this process, the KM must be generated repeatedly. Simultaneously, hyper-parameters representing correlations between datasets must be calculated through the maximum likelihood evaluation method. Given that the optimal set of basis functions depends on such hyper-parameters, it has a significant impact on the accuracy of the KM. The PMLE method is applied to accurately calculate hyper-parameters. It was confirmed that the accuracy of a BSKM can be improved by applying it to Branin-Hoo problem.