• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.914-934
• /
• 2016

In the mobile distributed environment, an entity may move across domains with great frequency. How to utilize the trust information in the previous domains and quickly establish trust relationships with others in the current domain remains a challenging issue. The classic trust models do not support cross-domain and the existing cross-domain trust models are not in a fully distributed way. This paper improves the outstanding Certified Reputation (CR) model and proposes a Lightweight Cross-domain Trust (LCT) model for the mobile distributed environment in a fully distributed way. The trust certifications, in which the trust ratings contain various trust aspects with different interest preference weights, are collected and provided by the trustees. Furthermore, three factors are comprehensively considered to ease the issue of collusion attacks and make the trust certifications more accurate. Finally, a cross-domain scenario is deployed and implemented, and the comprehensive experiments and analysis are conducted. The results demonstrate that our LCT model obviously outperforms the Bayesian Network (BN) model and the CR model in our cross-domain scenario, and significantly improves the successful interaction rates of the honest entities without increasing the risks of interacting with the malicious entities.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.3
• /
• pp.1100-1118
• /
• 2021

In a wide range of ML applications, the training data contains privacy-sensitive information that should be kept secure. Training the ML systems by privacy-sensitive data makes the ML model inherent to the data. As the structure of the model has been fine-tuned by training data, the model can be abused for accessing the data by the estimation in a reverse process called model inversion attack (MIA). Although, MIA has been applied to shallow neural network models of recognizers in literature and its threat in privacy violation has been approved, in the case of a deep learning (DL) model, its efficiency was under question. It was due to the complexity of a DL model structure, big number of DL model parameters, the huge size of training data, big number of registered users to a DL model and thereof big number of class labels. This research work first analyses the possibility of MIA on a deep learning model of a recognition system, namely a face recognizer. Second, despite the conventional MIA under the white box scenario of having partial access to the users' non-sensitive information in addition to the model structure, the MIA is implemented on a deep face recognition system by just having the model structure and parameters but not any user information. In this aspect, it is under a semi-white box scenario or in other words a gray-box scenario. The experimental results in targeting five registered users of a CNN-based face recognition system approve the possibility of regeneration of users' face images even for a deep model by MIA under a gray box scenario. Although, for some images the evaluation recognition score is low and the generated images are not easily recognizable, but for some other images the score is high and facial features of the targeted identities are observable. The objective and subjective evaluations demonstrate that privacy cyber-attack by MIA on a deep recognition system not only is feasible but also is a serious threat with increasing alert state in the future as there is considerable potential for integration more advanced ML techniques to MIA.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.01a
• /
• pp.267-269
• /
• 2015

본 논문에서는 고성능 컴퓨팅 시스템의 성능 향상을 위한 효율적인 동적 작업부하 균등화 정책을 제안한다. 이 정책은 시스템 자원인 CPU와 메모리를 효율적으로 사용하여 고성능 컴퓨팅 시스템의 처리량을 최대화하고, 각 작업의 수행시간을 최소화한다. 또한 이 정책은 수행중인 작업의 메모리 요구량과 각 노드의 부하 상태를 파악하여 작업을 동적으로 할당한다. 이때 작업을 할당 받은 노드가 과부하 상태가 되면 다른 노드로 작업을 이주시켜 각 노드의 작업부하를 균등하게 유지함으로써 작업의 대기시간을 줄이고, 각 작업의 수행시간을 단축한다. 본 논문에서는 시뮬레이션을 통하여 제안하는 동적 작업부하 균등화 정책이 기존의 메모리 기반의 작업부하 균등화 정책에 비해 고성능 컴퓨팅 시스템의 성능 향상 면에서 우수함을 보인다.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2006.06a
• /
• pp.629-655
• /
• 2006

A business process specification (BPS) plays the role of a contracted business scenario in the execution of the B2B business process instances. XML-based specification languages, such as BPSS, WS-BPEL, etc., are usually adopted for the specifications. However, composing complex XML-based specifications are not easy for humans. As an alternative, graphical modeling languages such as UML and BPMN can be employed. This paper presents an UML-based modeling method for graphically specifying ebXML BPSS instances (namely, business process specifications). UML diagrams, directly matching with ebXML BPSS, can be reused for understanding and generating ebXML BPSS instances. We discuss the value of tile method by developing a business reference library in the area of supply chain management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• Korean Journal of Comparative Education
• /
• v.24 no.5
• /
• pp.53-70
• /
• 2014

This study was performed in order to suggest the future model of Asian universities that could be used in the planning of the global competitive strategy. Futurologists forecasted the future of higher education using Harman Fan Scenario as like this. First, most current universities will be 'the satellite university' until 2015. Second, they also will replace 'the bookless university' until 2020. Third, they will be 'no calendar university' until 2025. And then they may be 'all have access university' until 2030. After 2030, futurologists prospected that almost universities based on off-line campus will be disappeared into the history. The analysis method of Harman fan scenario and applied scenarios were also used to "A study on the future scenario of Korean university". The predictive model and the alternative models were explored in a view point of students, enterprise, and government. Individuality with educational excellence are standardized for learner, profit and effectiveness are applied for enterpriser, and equality with welfare are adapted for national leader. Asian universities need to focus on bringing up the practical ability based on conscious and emotional education instead of knowledge based on memory. Also they need to enforce the specialized education that can create new jobs through convergence of interdisciplinary. Especially, Asian nations need to explore, to find the strengthen area of their universities compared with USA. And these area should be specialized. The convergency strategy between oriental medicine and informatics is a meaningful sample. Based on this point, a predicted with 3 alternative scenarios in a view point of equality were suggested for the future of Asian universities.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.12
• /
• pp.2325-2332
• /
• 2017

Consulting projects such as diagnosis of vulnerabilities of major information and telecommunication infrastructure are increasing, mandatory public information infrastructure assessment (PIA) for public institutions and ISMS (Information Security Management System) The demand for information protection consulting is continuously increasing as the field obeys the law, but the lack of information security consultant is not improving. One reason is that information security consultants are not being developed to meet the increasing demand for information protection consulting. In this paper, we present the case of information protection consulting as a scenario for studying and educating the duty of information security consultant by studying overseas case and domestic case based on standardization and standardization. We propose a problem-based learning (PBL) training method. In addition, we analyze the effectiveness of the PBL - based learning method.

• Journal of Korea Game Society
• /
• v.3 no.1
• /
• pp.74-85
• /
• 2003

If the game characters in the cyber world speak the same dialogues as in the real world, it will give game players more fun and realism. And game players are more and more immersed into the cyber space. However, we observed that only simple and primitive dialogues are used at the market places in most MMORPGS. We introduce personality psychology theory for generating the personality of NPC in MMORPG. And we suggest how to make a conversation between PC (Playable Character) and NPC (Non - Playable Character) according to 'Extroversion - Introversion dimension' and 'Neuroticism dimension'. And we implement the personality dialogue generation program, which is composed of two parts. One is for generating personality, and the other for making dialogue. Personality generator can set a NPC's personality automatically, and Dialogue Maker can control the dialogue styles, quantities, and characteristics of NPC. Thus, the program implemented in this paper can help game designer and scenario writer to make game characters easily. The approach in this paper can be applied to generate various game characters and used to represent agents and avatars of real-time animation.