• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1181-1191
• /
• 2021

The pandemic has rapidly developed a non-face-to-face environment. However, the sudden transition to a non-face-to-face environment has led to new security issues in various areas. One of the new security issues is the security threat of insiders, and the zero trust security model is drawing attention again as a technology to defend against it.. Software Defined Perimeter (SDP) technology consists of various security factors, of which device validation is a technology that can realize zerotrust by monitoring insider usage behavior. But the current SDP specification does not provide a technology that can perform device validation.. Therefore, this paper proposes a device validation technology using SVDD-based abnormal behavior detection technology through user behavior monitoring in an SDP environment and presents a way to perform the device validation technology in the SDP environment by conducting performance evaluation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.2
• /
• pp.659-679
• /
• 2015

Distributed applications are composed of multiple nodes, which exchange information with individual nodes through message passing. Compared with traditional applications, distributed applications have more complex behavior patterns because a large number of interactions and concurrent behaviors exist among their distributed nodes. Thus, it is difficult to detect anomalous behaviors and determine the location and scope of abnormal nodes, and some attacks and misuse cannot be detected. To address this problem, we introduce a method for detecting anomalous behaviors based on process algebra. We specify the architecture of the behavior detection model and the detection algorithm. The anomalous behavior detection and analysis demonstrate that our method is a good discriminator between normal and anomalous behavior characteristics of distributed applications. Performance evaluation shows that the proposed method enhances efficiency without security degradation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.135-144
• /
• 2014

Since anti-forensics have been developed in order to avoid digital forensic investigation, the forensic methods for analyzing anti-forensic behaviors have been studied in various aspects. Among the factors for user activity analysis, "Iconcache.db" files, which have the icon information of applications, provides meaningful information for digital forensic investigation. This paper illustrates the features of IconCache.db files and suggests the countermeasures against anti-forensics utilizing them.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.523-538
• /
• 2018

Keystroke dynamics user authentication is a behavior-based authentication method which analyzes patterns in how a user enters passwords and PINs to authenticate the user. Even if a password or PIN is revealed to another user, it analyzes the input pattern to authenticate the user; hence, it can compensate for the drawbacks of knowledge-based (what you know) authentication. However, users' input patterns are not always fixed, and each user's touch method is different. Therefore, there are limitations to extracting the same features for all users to create a user's pattern and perform authentication. In this study, we perform experiments to examine the changes in user authentication performance when using feature vectors customized for each user versus using all features. User customized features show a mean improvement of over 6% in error equal rate, as compared to when all features are used.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.53-60
• /
• 2017

The purpose of this study is to provide empirical and quantitative analysis on user's perceived privacy, security, and user satisfaction when providing visualization information about objects and service provider behaviors that users can not perceive in internet service process. Through previous research, we have examined the importance of privacy and security factors as a key factor to be considered for the characteristics of the Internet of things and the Internet of things. In addition, service blueprint, which is one of the service design methodologies to examine the flow of service usage in providing Internet service of things, was examined. In the flow of things internet service utilization, it is found that the things that are out of the user's cognitive area and the behavior of the service provider take up a large part. Therefore, the hypothesis that the trust of the Internet service security and the satisfaction of the user experience can be improved by providing the security visualization information about the behavior of the object and the invisible service provider in the non-contact aspect of the user and the object. In order to verify the hypothesis, we conducted experiments and questionnaires on the use of virtual objects' internet environment and conducted statistical analysis based on them. As a result, it was analyzed that visual information feedback on non - contact and invisible objects and service provider's behaviors had a positive effect on user's perceived privacy, security, and satisfaction. In addition, we conclude that it can be used as a service design evaluation tool to eliminate psychological anxiety about security and to improve satisfaction in internet service design. We hope that this research will be a great help for the research on application method of service design method in Internet environment of objects.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.627-637
• /
• 2015

As game item trading becomes more popular with the rapid growth of online game market, the market for trading game items by cash has increased up to KRW 1.6 trillion. Thanks to this active market, it has been easy to turn these items and game money into real money. As a result, some malicious users have often attempted to steal other players' rare and valuable game items by using their account. Therefore, this study proposes a detection model through analysis on these account thieves' behavior in the Massive Multiuser Online Role Playing Game(MMORPG). In case of online game identity theft, the thieves engage in economic activities only with a goal of stealing game items and game money. In this pattern are found particular sequences such as item production, item sales and acquisition of game money. Based on this pattern, this study proposes a detection model. This detection model-based classification revealed 86 percent of accuracy. In addition, trading patterns when online game identity was stolen were analyzed in this study.

• Asia pacific journal of information systems
• /
• v.24 no.1
• /
• pp.65-91
• /
• 2014

Our study adopted ELM (Elaboration Likelihood Model) to measure the impact of central and peripheral cues on e-healthcare website behavior and its consequence on perceived loyalty of users. While most of ELM studies did not elaborate the antecedent of both central and peripheral cues, we measured the antecedents of those information processing routes to clarify how technical and quality factors (i.e. information organization, security concern, and website attractiveness) develop the nature of either central or peripheral route. We found that information organization was the main antecedent of information quality presented on the website. Second, the results revealed that website security has a positive effect on website credibility. Third, we also found that website attractiveness was positively associated with website credibility. Fourth, consistent with elaboration likelihood model, the empirical findings suggested that information quality (central cue) and website credibility (peripheral cue) were strong predictors of behavior intention to use health website. Our findings also suggested that behavior intention to use health website significantly influenced perceived loyalty.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.365-371
• /
• 2021

With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.215-219
• /
• 2014

C programming language has undefined behaviors, which cause unintended execution of a program. When a programmer adds sanity checks without caring about undefined behaviors, compilers may misunderstand and invalidate the sanity checks. Thus, we propose an automated system to detect invalidated sanity checks by marking sanity checks in source code and checking the marks in binary code.

• Asia pacific journal of information systems
• /
• v.33 no.3
• /
• pp.603-623
• /
• 2023

While prior work has conducted individuals' password security behavior, there is a relatively neglect to examine individuals' affect and feelings of password fatigue in password change context. Therefore, this study explicated individuals' affective response to the feelings of password fatigue by drawing on several theoretical lens. Survey data collected from 267 users were used to test the model using partial least square analysis. This study found that feelings of password fatigue positively affected the negative password fatigue-induced affect, and also both the feelings of password fatigue and the negative password fatigue-induced affect were negatively related to attitude toward changing passwords, which in turn, leads to the intention to change passwords. Furthermore, this study found that shadow work recognition negatively moderated the relationship between attitude and behavioral intention. This study could offer a new theoretical perspective to understand an individual's security behavior and provide empirical evidences for practitioners in charge of IT security in organizations.