• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.491-500
• /
• 2013

With the advent of big data and increased costs of SSD(HDD), domestic and foreign Internet cafes and organizations have adopted NDS(No Disk System) solution recently. NDS is a storage virtualization solution based on a kind of cloud computing. It manages Operating System and applications in the central server, which were originally managed by individual computers. This research will illustrate the way to analyze user's behaviors under NDS circumstance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.69-78
• /
• 2004

The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

• The Journal of Information Systems
• /
• v.32 no.3
• /
• pp.85-116
• /
• 2023

Purpose The importance of data as a key resource of the intelligence revolution is being highlighted, among all those phenomena MyData is attracting attention as a key concept by organizations and individuals that eventually leads the data economy. In this regard, this study was started to contribute to the successful settlement and continuous growth of the domestic MyData industry, which has just entered the system. Design/methodology/approach To develop and test all proposed casual relationships within the research model, we used the Value-Attitude-Behavior(VAB) model as a basic framework. A total of 385 copies were used for the final analysis, and for SPSS 25.0, MS-Excel 2016, and AMOS 24.0 to summarize respondent demographic characteristics, measurement model, and structural model. Findings Findings show that all proposed hypotheses were supported with the exception of the moderating effect of organizational information transparency between data controllability and perceived value, and between data controllability and attitude toward MyData service.

• Informatization Policy
• /
• v.25 no.3
• /
• pp.95-115
• /
• 2018

This study aims to examine organization members' intention to violate security policies based on the Person-Environment Fit Model. This study investigated the effect of the relationship between organizational security environment and the individual security value on the intention of organizational security policy violation. The security environments are classified into the organizational information security culture and peers' behavior of security compliance, while the personal values are classified into reconstructing the conduct, distorting the consequence, and devaluing the organization as presented in the moral disengagement theory. Based on the concept of the moral disengagement theory, we measured the individual security values as a second order factor. This study found that the information security culture had a statistically significant impact on devaluing the organization, but did not have as much impact on reconstructing the conduct and distorting the consequence. Peers' behavior of security compliance had a significant impact on reconstructing the conduct, distorting the consequence and devaluing the organization, all of which also had relevant impact on the organizational members' intention of security policy violation.This study measured a persons' perception on security policy breach by presenting scenarios of password sharing that is common in many organizations. This study is expected to make practical contributions, as it deals with challenges that many organizations are actually faced with.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.189-190
• /
• 2016

요즘 사이버 공격이 많이 발생함에 따라 기존의 디지털 포렌식 뿐만 아니라 네트워크 트래픽을 수집해서 사이버 공격을 분석하는 네트워크 포렌식에 대한 연구가 많이 수행되고 있다. 그러나 네트워크 포렌식을 수행하기 위해서는 여러가지 어려움이 존재한다. 이러한 문제를 해결하기 위하여 우리는 이 논문에서 네트워크 악성행위를 분석하기 위한 시스템 및 방법을 제안한다.

• The Journal of Korean Association of Computer Education
• /
• v.18 no.6
• /
• pp.33-42
• /
• 2015

Based on the Construal Level Theory, this study aims to investigate how information security vaccine users' selection intentions differ from each other according to the selection time of information security vaccine, advertisement message types, and information security knowledge levels. For the foregoing, this study conducted an experiment by applying an experimental design of 2(knowledge level: high/low) ${\times}2$(temporal distances: short distance/long distance) ${\times}2$(advertisement message types: how(concrete)/why(abstract)) on computer security vaccine softwares. As a result, this study confirmed that the selection intentions about information security vaccines differed from each other according to the temporal distance and advertisement message type, and also varied according to the information security knowledge level. In conclusion, this study provides an implication that the consideration of well-timed persuasive message is especially important for the users at the high level of knowledge. Also, this research implies the necessity of development of abstract thinking ability based on temporal distance for the users at the low level of knowledge.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.939-946
• /
• 2013

This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1035-1049
• /
• 2014

This paper presents a new method to detect attack patterns in security-critical systems, based on a new notion of Behavior Ontology. Generally security-critical systems are large and complex, and they are subject to be attacked in every possible way. Therefore it is very complicated to detect various attacks through a semantic structure designed to detect such attacks. This paper handles the complication with Behavior Ontology, where patterns of attacks in the systems are defined as a sequences of actions on the class ontology of the systems. We define the patterns of attacks as sequences of actions, and the attack patterns can then be abstracted in a hierarchical order, forming a lattice, based on the inclusion relations. Once the behavior ontology for the attack patterns is defined, the attacks in the target systems can be detected both semantically and hierarchically in the ontology structure. When compared to other attack models, the behavior ontology analysis proposed in this paper is found to be very effective and efficient in terms of time and space.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.735-744
• /
• 2016

Recently, personal information leakage incidents with increased usage of mobile services are increasing. Personal information leakage incidents can have a significant impact on an individual's mobile banking services. Accordingly, we examine relationships among individual's psychological characteristics, intention and behavior regarding compliance in an individual's perception on personal information leakage incidents in mobile banking contexts. In this study, for explaining our research model and understanding with personal psychology and behavior in mobile banking contexts, we adopted two theories, theory of interpersonal behavior and stimulus-response theory. We collected the 55 data using online surveyor and then analyzed structural equation model in order to find causal relationships among research variables. The results of this study should be useful to the mobile banking services companies in promoting service users to follow the information privacy policies.

• Knowledge Management Research
• /
• v.19 no.1
• /
• pp.1-18
• /
• 2018

As the online space becomes more active, interest in protecting personal information is increasing. From this point of view, it is important to prevent personal information from being leaked in advance. As a precaution, it is suggested that users change their password periodically to protect their personal information effectively. Currently, various online services provide a request message that prompts users to periodically change their password. These messages are expressed as positive-centric or negative-centric. This message can be seen as a powerful way to trigger users' behavior. In this context, this study suggests that message framing type can be applied to the password change request message, and to investigate the difference between the positive-centric message and the negative-centric message. In addition, this study concluded that the effect of message type may be different depending on the degree of psychological ownership of the individual on the online service. As a result, users with high psychological ownership in online service were more effective when positive-centric message was presented than negative-centric message. On the other hand, users with low psychological ownership in online service were more effective when negative-centric message was presented than positive-centric message.