• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.157-167
• /
• 2020

The big data and artificial intelligence technology, which has provided the foundation for the recent 4th industrial revolution, has become a major driving force in business innovation across industries. In the field of information security, we are trying to develop and improve an intelligent security system by applying these techniques to large-scale log data, which has been difficult to find effective utilization methods before. The quality of security log big data, which is the basis of information security AI learning, is an important input factor that determines the performance of intelligent security system. However, the difference and complexity of log data by various product has a problem that requires excessive time and effort in preprocessing big data with poor data quality. In this study, we research and analyze the cases related to log data collection of various firewall. By proposing firewall log data collection format standard, we hope to contribute to the development of intelligent security systems based on security log big data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.620-636
• /
• 2015

Survivability is a necessary property of network system in disturbed environment. Recovery ability is a key actor of survivability. This paper concludes network survivability into a novel composite metric, i.e. Network Recovery Degree (NRD). In order to measure this metric in quantity, a concept of Source-Destination Pair (SD Pair), is created to abstract end-to-end activity based on end nodes in network, and the quality of SD Pair is also used to describe network performance, such as connectivity, quality of service, link degree, and so on. After that, a Survivability Test method in large scale Network based on SD pairs, called STNSD, is provided. How to select SD Pairs effectively in large scale network is also provided. We set up simulation environment to validate the test method in a severe destroy scenario and evaluate the method scalability in different large scale network scenarios. Experiment and analysis shows that the metric NRD correctly reflects the effort of different survivability strategy, and the proposed test method STNSD has good scalability and can be used to test and evaluate quantitative survivability in large scale network.

• Journal of Multimedia Information System
• /
• v.7 no.1
• /
• pp.55-72
• /
• 2020

As the IT service environment grows, it is critical in terms of IT service quality to minimize the occurrence of failures due to changes in applications and to diagnose and recover in a short period of time how failure will affect the business. Thus, the Defense Acquisition Program Administration (DAPA) has been building and operating ITSMs to implement IT service management in a leading manner. Information Technology Service Management (ITSM) is divided into events, obstacles, changes, versions and setup management to ensure flexibility and stability in service delivery. It is also operated separately from service level, availability, capacity, financial and IT service continuity management to ensure service quality and cost efficiency. Based on ITSM military service history, this study looks at the impact of quality of service on value, satisfaction, and trust. The results of the analysis are highly valuable for future ITSM implementation and operation.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1586-1589
• /
• 2005

GUMF (Global User Management Framework) that is proposed in this research can be applied to next generation network such as BcN (Broadband convergence Network), it is QoS guaranteed security framework for user that can solve present Internet's security vulnerability. GUMF offers anonymity for user of service and use the user's real-name or ID for management of service and it is technology that can realize secure QoS. GUMF needs management framework, UMS (User Management System), VNC (Virtual Network Controller) etc. UMS consists of root UMS in country dimension and Local UMS in each site dimension. VNC is network security equipment including VPN, QoS and security functions etc., and it achieves the QoSS (Quality of Security Service) and CLS(Communication Level Switching) functions. GUMF can offer safety in bandwidth consumption attacks such as worm propagation and DoS/DDoS, IP spoofing attack, and current most attack such as abusing of private information because it can offer the different QoS guaranteed network according to user's grades. User's grades are divided by 4 levels from Level 0 to Level 3, and user's security service level is decided according to level of the private information. Level 3 users that offer bio-information can receive secure network service that privacy is guaranteed. Therefore, GUMF that is proposed in this research can offer profit model to ISP and NSP, and can be utilized by strategy for secure u-Korea realization.

• Information Systems Review
• /
• v.3 no.1
• /
• pp.19-30
• /
• 2001

With the e-business paradigm emerging, the website became a critical resource for most corporations. However, the amount of value creation through internet is still in question. This paper shows the result of an exploratory study on website assessment, following the tradition of Technology Acceptance Model (TAM). We viewed the intended usage as the value of the website and added such factors as playfulness, commitment, system quality, and information security as external variables of the model. Website types, visiting purposes, and the user system quality were included as moderators. The website value could differ depending on website types, purposes of the use and system quality. In the case of internet shopping malls, playfulness, compatibility, website quality were identified as key influencers, while for stock trading users, however, commitment and security factors are more important. In terms of user purposes, information search requires both the compatibility and the website quality. Also the website quality was strongly affected by the user system quality. In other words, any investment of upgrading the website system quality can be meaningless unless the user system quality is improved as well. For each variable considered, empirical results are discussed and practical implications are provided.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.173-185
• /
• 2020

It is very important to evaluate training because it can systematically grasp the current status of training. Evaluation includes getting ongoing feedback from the learner, trainer and learner's supervisor, to improve the quality of the training and identify if the learner achieved the goals of the training. It also provides a justification for the implementation of training. Nonetheless, there is a lack of studies that attempt to evaluate information security training programs. In this study, we utilize the Philips model to evaluate the public training programs for the people who are in charge of the information security duties in the public sector and propose the training improvement plans. Research result has shown that it is necessary to evaluate the level of the trainees in advance and conduct training programs according to the information security skill level. In addition, it needs to conduct training according to duties such as information security management, information security operate and maintain. The limitation of this study is that each education program was not assessed individually because this study had developed an evaluation tool that could be used comprehensively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.6
• /
• pp.1619-1637
• /
• 2024

In today's highly digitized landscape, securing digital communication is paramount due to threats like hacking, unauthorized data access, and network policy violations. The response to these challenges has been the development of cryptography applications, though many existing techniques face issues of complexity, efficiency, and limitations. Notably, sophisticated intruders can easily discern encrypted data during transmission, casting doubt on overall security. In contrast to encryption, steganography offers the unique advantage of concealing data without easy detection, although it, too, grapples with challenges. The primary hurdles in image steganography revolve around the quality and payload capacity of the cover image, which are persistently compromised. This article introduces a pioneering approach that integrates image steganography and encryption, presenting the BitPatternStego method. This novel technique addresses prevalent issues in image steganography, such as stego-image quality and payload, by concealing secret data within image pixels with identical bit patterns as their characters. Consequently, concerns regarding the quality and payload capacity of steganographic images become obsolete. Moreover, the BitPatternStego method boasts the capability to generate millions of keys for the same secret message, offering a robust and versatile solution to the evolving landscape of digital security challenges.

• Journal of Information Processing Systems
• /
• v.5 no.4
• /
• pp.197-206
• /
• 2009

We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.117-127
• /
• 2008

The backwardness of Domestic security management system tend to depend on foreign security companies which have advanced technology. The appearance risk to flow out confidential affairs of domestic enterprises and public organizations to foreign countries. In this regard, this paper is implement and designed automatic security analysis system for secure public network. This system is to offer enhanced security quality of public organizations and reducing the dependence on foreign companies. And maintains security analysis technique for public network.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.153-168
• /
• 2013

Information security has been a major concern in organizations. The longstanding question of how to improve employees security behaviors and reduce human errors remains unanswered and requires further exploration in the information security domain. To do this, we propose a risk compensation theory-based model and examine the model. Research results shows that the relationships between information security countermeasures and information security compliance intention of employees are moderated by system vulnerability. However, the finding is contrary to the previously held risk compensation assumption and deserve further study. In addition, system quality does not play a moderator role in the relationship. Conclusions and implications are discussed.