• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.947-955
• /
• 2013

Most of the enterprise information is stored in the database. Therefore, in order to investigate the company's criminal behavior, forensic analysis is important for the database and delete record is a need to develop recovery techniques. This paper is explained structure of the oracle database tablespace file and analyzed system tables that stored table information. Further, we suggests a method of recovery for deleted record in oracle tablespace.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.3-8
• /
• 2022

Security threats occur from the outside, but more often from the inside. In particular, since the internal user knows about the information service, the security threat damage caused by the internal user is greater. In this environment, the actions of all users accessing information services should be monitored and recorded in real-time. However, the current operating system records only the logs of system and application execution, so there is a limit to monitoring user behavior in real-time. In such a security environment, damage may occur due to user's unauthorized actions. To solve this problem, this study proposes an architecture that monitors user behavior in real-time in a Linux environment. As a result of verifying the function to confirm the effectiveness of the proposed architecture, the console input values and output angles of all users who have access to the operating system are monitored in real-time and stored. Although the performance of the proposed architecture is somewhat slower than the identification and authentication functions provided by the operating system, it was confirmed that the performance was not at a level that users would recognize, and thus it was judged to be sufficiently effective. However, since this study focuses on monitoring the console behavior, it is impossible to monitor the behavior of user applications running in the background, so additional research is needed.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.245-251
• /
• 2021

This work aims to focus on the current features and characteristics of Human Element and Artificial intelligence (AI), ask some questions about future information security, and whether we can avoid human errors by improving machine learning and AI or invest in human knowledge more and work them both together in the best way possible? This work represents several related research results on human behavior towards information security, specified with elements and factors like knowledge and attitude, and how much are they invested for ISA (information security awareness), then presenting some of the latest studies on AI and their contributions to further improvements, making the field more securely advanced, we aim to open a new type of thinking in the cybersecurity field and we wish our suggestions of utilizing each point of strengths in both human attributions in software security and the existence of a well-built AI are going to make better future software security.

• Management & Information Systems Review
• /
• v.35 no.2
• /
• pp.99-118
• /
• 2016

With the development of Internet and popularization of smartphones over recent years, social network services are experiencing rapid growth. On top of this, smartphone gaming market is showing a rapid growth and the use of mobile social games is on the significant rise. The occurrence of game data manipulation targeting these services and personal information leakage is highlighting the importance of social gaming security. This study is intended to propose development plans effective and efficient in social game services by figuring out factors putting effects on security dependent behavior of social game users in Korea and carrying out a practical study on the casual relationship between factors influencing security dependent behavior through recognized behavioral control and attitudes for privacy infringement of these factors. To do this, proposed was a study model in which the HBM(Health Belief Model) allowing the social game user to influence security dependent behavior was expanded and applied as a major variable. To verify the study model of this study practically, a survey was conducted among university students in Seoul-based K University and S University who had experienced using social game services. According to the study findings, firstly, the perceived seriousness turned out to provide positive influence to trust. But, the perceived seriousness turned out not to put positive effects on self-efficacy. Secondly, the perceived probability turned out not to put positive effects on self-efficacy and trust. Thirdly, the perceived gain turned out to put positive effects on self-efficacy and trust. Fourthly, the perceived disorder turned out not to put positive effects on self-efficacy and trust. Fifthly, self-efficacy turned out to put positive effects on trust. But, self-efficacy turned out not to put positive effects on security dependent behavior. Sixthly, trust turned out not to put positive effects on security dependent behavior. This study is intended to make a strategic proposal so that social game users can raise awareness of their level of security perception and security willingness through this.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.11-28
• /
• 2000

In these days it is rapidly increasing that multi-user, multi-layered commercial software developments for companies or public institutions. Security services are necessary for most of systems and the access control service is the essential of security services. Current access control methods that are used as access control policies are classified as Discretionary Access Control Mandatory Access Control and Role Based Access Control. However there are some inefficiencies when those methods are applied to current multi-user, multi-layered systems. Therefore it is required that a new access control method that takes complex system resources into account from the side of policy. In this paper extending previous Role Based of 'Behavior' and a basic model of the method. And we simply implement the method on the mobile agent based workflow management system that is a representative example of multi-user. multi-layered softwares and shows implementation results to tap possibilities of real-world application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1361-1376
• /
• 2015

Recently, the size of the mobile game market and the number of mobile game users are growing. Also, as the mobile game's life cycle is increasing at the same time, auto program issue reappears which has been appeared in PC online games. Gamers usually tend to ignore warning messages from antivirus programs and even worse they delete antivirus program to execute auto programs. Therefore, mobile game users are easily compromised if the auto program performs malicious behaviors not only for the original features. In this paper, we analyze whether seven auto programs of "clash of clans" which has a lot more users for a long time perform malicious behaviors or not. We forecast the possible security threats in near future and proposed countermeasures based on this analysis. By analyzing auto programs of highly popular mobile game of today, we can acquire the knowledge on auto program's recent trend such as their development platform, operating mode, etc. This analysis will help security analysts predict auto program's evolving trends and block potential threats in advance.

• Information Systems Review
• /
• v.20 no.1
• /
• pp.99-114
• /
• 2018

Technical measures for computer security are essential, but they are not a sufficient condition for security. Therefore, a personal approach to user's security behavior should be developed. Personality, which is a human aspect, is a behavioral characteristic that characterizes each individual and facilitates prediction of how an individual will behave in certain situations. Protection motivation theory has been used extensively in the security research on human behavior. The present study discusses how protection motivation was formed from personality traits. Thus, organizations can refer the result of this study for their HRD and HRM concerns.

• Information Systems Review
• /
• v.20 no.3
• /
• pp.51-71
• /
• 2018

Many studies in the field of information security reveal the need to increase awareness. However, although awareness of information security has been raised to a considerable extent, actual security behavior has been shown to fall short of that. Therefore, we wanted to identify the role of psychological factors in making information security decisions by conducting a experimental study. The results show that there are differences in perception of information security risks according to the probabilistic distance and the degree of relative optimism due to social distance. In relation to their relative optimism and intention of information security, they reduced the level of perceived risk compared to those close to them and found that their influence varied according to their probabilistic distance. This study has made valuable attempt in terms of methodology and it is meaningful that the psychological factor is taken into consideration for the information protection behavior, so that the range of relative optimism that actually affects the perception of risk is narrowed. It is expected to contribute to the improvement of information security level of information technology users and protection of information assets by empirically identifying necessity of various approaches to decision making process for information security.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.165-170
• /
• 2021

Discrete event systems interact with the external environment to decide which action plan is adequate. Some of these interactions are not predictable in the modelling phase and require consequently an adaptation of the system to the metamorphosed behavior of the environment. One of the challenging issues is to guarantee safety behavior when failures tend to derive the system from normal status. In this paper we propose a framework to combine diagnose technique with adaptive control to avoid unsafe sate an maintain the normal behavior as long as possible.