• Korean Security Journal
• /
• no.44
• /
• pp.225-250
• /
• 2015

The purpose of this study is to explore the relative influences of juvenile delinquency using variables from Hirschi's social bonding theory, Agnew's general strain theory, Gottfredson and Hirschi's self-control theory, and Akers' social learning theory. The data derived from a sample of 2,018 high school students taken from National Youth Policy Institute in 2013. Multiple OLS regression analysis indicated that social learning theory has the greatest impact on dependent variables than other theories. The results of regression analyses also explore the notion that without the social bond, general strain, and self-control variables, there is very little loss of explained variance when these variables are removed from the full equation. However, when the social learning factors are eliminated from the full equation, the change in $R^2$ is dramatic. This result supported the idea that social learning variables had the strongest effect on the juvenile delinquency of Korean adolescents. The most important implication of this study is that it is the first study to test four major theoretical models for juvenile delinquency in Korea. It also makes a number of important contributions toward the further utilization of social learning in investigating juvenile delinquency for Korean high school students.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.4
• /
• pp.362-369
• /
• 2014

A railway SCADA system is a control systems that provide the trains with the electricity. A railway SCADA system sends commands to the RTUs(remote terminal unit) and then it gathers status information of the field devices in the RTUs or controls field devices connected with the RTUs. The RTU can controls input output modules directly, gathers the status information of the field devices connected with it, and send the information to the control center. In this way, a railway SCADA system monitors and controls the electricity power for running trains. The cyber attackers may use some vulnerabilities in the railway SCADA system software to attack critical infrastructures. The vulnerabilities might be created in the railway software development process. Therefore it need to detect and remove the vulnerabilities in the control system. In this paper we propose a new control protocol fuzzing method to detect the vulnerabilities in the DNP3 protocol based application running on VxWorks in RTU(Remote Terminal Unit) that is a component of the centralized traffic control system for railway. Debug-channel based fuzzing method is required to obtain process status information from the VxWorks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.897-909
• /
• 2014

With the development of the Internet, the number of cyber threats is continuously increasing and their techniques are also evolving for the purpose of attacking our crucial systems. Since attackers are able to easily make exploit codes, i.e., malware, using dedicated generation tools, the number of malware is rapidly increasing. However, it is not easy to analyze all of malware due to an extremely large number of malware. Because of this, many researchers have proposed the malware classification methods that aim to identify unforeseen malware from the well-known malware. The existing malware classification methods used malicious information obtained from the static and the dynamic malware analysis as the criterion of calculating the similarity between malwares. Also, most of them used API functions and their sequences that are divided into a certain length. Thus, the accuracy of the malware classification heavily depends on the length of divided API sequences. In this paper, we propose an extraction method of optimized API sequence length and combination that can be used for improving the performance of the malware classification.

• Journal of Korean Society of Disaster and Security
• /
• v.12 no.2
• /
• pp.47-56
• /
• 2019

Recently, in order to overcome the difficulty of entering a fire source due to the occurrence of a large amount of smoke in the event of a fire in a parking lot, it has used that a method of discharge smoke using air supply, exhaust fans and jet fans installed for ventilation of parking lots. In this study, the variation of flow in the smoke layer was observed using CCTV under two conditions, in which only the air supply fan operates and the manned fan operates together, and the temperature around the plume was compared to Albert eq. to assess its suitability as a parking lot ventilation performance evaluation method. As a result, it was found that the smoke layer could be disturbed if the Jet Fan was operated at the same time, which could lead to the possibility of an initial evacuation disturbance. However, the additional operation of the Jet Fan has been confirmed by the observation CCTV that the emission performance is improved, which is believed to help conduct the suppression operation. The temperature around the plume was measured and compared to Alpert eq, and was analyzed to be about $2^{\circ}C$ lower at the center axis of the plume and $9.0^{\circ}C$ higher at 8 m in the direction of the discharge of smoke. The results of temperature measurements around the plume were lower than the maximum temperature expected in AS 4391 and did not exceed the expected temperature risk caused by the experiment. As with these results, the temperature risk from the progression of hot smoke tests is foreseeable, so it will be available as one of the general evaluation methods for assessing smoke control performance in a parking lot without relevant criteria.

• Journal of Korean Society of Disaster and Security
• /
• v.11 no.2
• /
• pp.9-15
• /
• 2018

From natural disasters such as floods, heavy rains, and strong winds and social disasters such as 911 U.S. terrorism and cyber attacks that could have a fatal impact on corporate continuity, it is necessary to introduce and implement a Business Continuity Management System (BCMS) within a firm to maintain continuity of business and to change the organizational structure for an emergency state in order to operate and manage it systematically and efficiently. therefore, this study analyzed and verified the impact of introducing a Business Continuity Management System (BCMS) on the change in the recognition structure of an organization in four categories, including personal recognition, organizational culture, organizational structure, and organizational strategy, in order to analyse the impact and effect of introducing a Business Continuity Management System (BCMS) on the change in the recognition structure of each category. through this study, we believe that the introduction of a Business Continuity Management System (BCMS) within a firm could effectively change the organization's perception of an emergency state and help it maintain its continuity as well as improve its value.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.61-75
• /
• 2011

Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.28 no.6
• /
• pp.1086-1091
• /
• 2022

The International Maritime Organization is establishing international agreements on maritime safety and security to prepare for the introduction of autonomous ships. In Korea, the industry is focusing on autonomous navigation system technology development, and to reduce accidents involving coastal ships, research on autonomous ship technology application plans for coastal ships is in progress. Interest in autonomously operated ships is increasing worldwide, and maritime demonstrations for verification of developed technologies are being pursued. In this study, a basic investigation was conducted on the design of a demonstration ship and an onshore platform (remote support center) using digital twin technology for application to coastal ships. To apply digital twin technology, an 8-m small battery-powered electric propulsion ship was selected as the target. The basic design of the twin-integrated platform was developed. The ship navigation and operation data were stored on a server system, and remote-control commands of the electric propulsion ship was achieved through communication between the ship and the onshore platform. Ship performance management, operation and operation optimization, and predictive control are possible using this digital twin technology. This safe and economical digital twin technology is applicable to ships responding to crisis scenarios.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.2
• /
• pp.99-110
• /
• 2023

This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.3
• /
• pp.111-118
• /
• 2023

Cyber attacks are increasing worldwide, and attacks on personal privacy such as CCTV and IP camera hacking are also increasing. If you search for IP camera hacking methods in spaces such as YouTube, SNS, and the dark web, you can easily get data and hacking programs are also on sale. If you use an IP camera that has vulnerabilities used by hacking programs, you easily get hacked even if you change your password regularly or use a complex password including special characters, uppercase and lowercase letters, and numbers. Although news and media have raised concerns about the security of IP cameras and suggested measures to prevent damage, hacking incidents continue to occur. In order to prevent such hacking damage, it is necessary to identify the cause of the hacking incident and take concrete measures. First, we analyzed weak account settings and web server vulnerabilities of IP cameras, which are the causes of IP camera hacking, and suggested solutions. In addition, as a specific countermeasure against hacking, it is proposed to add a function to receive a notification when an IP camera is connected and a function to save the connection history. If there is such a function, the fact of damage can be recognized immediately, and important data can be left in arresting criminals. Therefore, in this paper, we propose a method to increase the safety from hacking by using the connection notification function and logging function of the IP camera.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.1
• /
• pp.317-326
• /
• 2024

Biometric recognition is a technology that determines whether a person is identified by extracting information on a person's biometric and behavioral characteristics with a specific device. Cyber threats such as forgery, duplication, and hacking of biometric characteristics are increasing in the field of biometrics. In response, the security system is strengthened and complex, and it is becoming difficult for individuals to use. To this end, multiple biometric models are being studied. Existing studies have suggested feature fusion methods, but comparisons between feature fusion methods are insufficient. Therefore, in this paper, we compared and evaluated the fusion method of multiple biometric models using fingerprint, face, and iris images. VGG-16, ResNet-50, EfficientNet-B1, EfficientNet-B4, EfficientNet-B7, and Inception-v3 were used for feature extraction, and the fusion methods of 'Sensor-Level', 'Feature-Level', 'Score-Level', and 'Rank-Level' were compared and evaluated for feature fusion. As a result of the comparative evaluation, the EfficientNet-B7 model showed 98.51% accuracy and high stability in the 'Feature-Level' fusion method. However, because the EfficietnNet-B7 model is large in size, model lightweight studies are needed for biocharacteristic fusion.