• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.869-872
• /
• 2012

전 세계적으로 스마트폰의 대중화와 보급률이 증가함에 따라 모바일 악성코드 확산으로 인한 피해가 늘어나고 있다. 많은 플랫폼들 중 최근 사용량이 증가하고 있는 안드로이드 마켓에는 악성코드 검증 절차가 없기 때문에 악성코드 배포에 용이한 환경을 가지고 있다. 또한 개발자가 생성한 자가 서명 인증서를 사용하기 때문에 개발자의 신원을 확인하기 어렵고, 유통 중에 발생할 수 있는 어플리케이션의 변조 유무를 확인하기 어렵다는 등의 취약점이 존재한다. 이러한 취약점들을 고려한 이중 코드서명 기법이 제안되었으나 기존 환경을 유지하려는 제약사항 때문에 취약점들을 보완하는 것에 한계가 있었다. 본 연구에는 안드로이드가 기반하고 있는 자바 코드서명 방식을 개선함으로써 기존연구가 해결하지 못한 취약점을 해결하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.855-861
• /
• 2017

Gordon & Loeb[1] suggested that the optimal level of investment decision of an enterprise is the point that the marginal benefit(MB) of information security investment is equal to the marginal cost(MC). However, many companies suffering from information security incidents are not aware of the fact that they are experiencing information security accidents and can not measure how much they are affected. In this paper, I propose a model of information security investment decision making under the incomplete information situation by modifying the Gordon & Loeb[1] model and compare the differences in investment level. Under the incomplete information situation the expected return from the information security investment tends to be lower than that of actual information security investment, and the level of investment is also less. This shows that if a third party such as the government gives accurate information such as the rate of incidents of information security accidents and the amount of damages, companies can expand their investment in information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.135-148
• /
• 2008

The expansion of the internet has made web applications become a part of everyday lift. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases with potentially sensitive information. Therefore, much research has been done to detect and prevent these attacks and it resulted in a decline of SQL Injection attacks. However, there are still methods to bypass them and these methods are too complex to implement in real web applications. This paper proposes a simple and effective SQL Query attribute value removal method which uses Static and Dynamic Analysis and evaluates the efficiency through various experiments.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.181-186
• /
• 2021

Ensuring national security in cyberspace is becoming an increasingly important issue, given the growing number of cybercrimes due to adaptation to new security and protection technologies. The purpose of this article is to study the features of counteracting, preventing, and detecting crimes in the virtual space of Ukraine on the example of cases and analysis of the State Center for Cyber Defense and Countering Cyber Threats CERT-UA and the Cyber Police Department of the National Police of Ukraine. The research methodology is based on the method of analysis and study of cases of crime detection in the virtual environment of the State Center for Cyber Defense and Countering Cyber Threats CERT-UA and the Cyber Police Department of the National Police of Ukraine. The results show that the consistent development of the legal framework in 2016-2020 and the development of a cyber-defense strategy for 2021-2025 had a positive impact on the institution-building and detection of cybercrime in Ukraine. Establishing cooperation with developed countries (USA) has helped to combat cybercrime by facilitating investigations by US law enforcement agencies. This means that international experience is effective for developing countries as a way to quickly understand the threats and risks of cybercrime. In Ukraine, the main number of incidents concerns the distribution of malicious software in the public sector. In the private sector, cyber police are largely confronted with the misappropriation of citizens' income through Internet technology. The practical value of this study is to systematize the experience of overcoming cybercrime on the example of cases of crime detection in a virtual environment.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.374-382
• /
• 2018

The aim of this study was to identify how information media about patient safety incidents influences nursing students' knowledge, perception, and confidence in performance toward patient safety. A total of 337 nursing students agreed to participate in this study. Data were collected from the participants between June 4 and June 12, 2018. Data were analyzed using descriptive statistics, t-test, one-way ANOVA, and Pearson's correlation coefficient with SPSS 21.0. Participants' scores for knowledge, perception, and performance confidence toward patient safety were $6.43{\pm}1.92$, $41.02{\pm}4.35$, and $39.61{\pm}5.89$, respectively. Patient safety knowledge was significantly different according to age, grade, and patient safety education experience. Patient safety perception was significantly different according to satisfaction with the major, patient safety performance confidence showed statistically significant differences according to grade, patient safety education experience, and major satisfaction. Information media exposure to patient safety incidents on TV and knowledge (r=.32, p<.000) and performance confidence (r=.21, p<.000) toward patient safety had positive correlations. Information media exposure to patient safety incidents on the internet and knowledge (r=.34, p<.000), perception (r=.12, p=.028), and performance confidence (r=.24, p<.000) toward patient safety also had positive correlations. This study provides basic data for nursing education and program development for patient safety management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.12
• /
• pp.1595-1603
• /
• 2020

Online defamation incidents such as Internet news comments on portal sites, SNS, and community sites are increasing in recent years. Bias and hate expressions threaten online service users in various forms, such as invasion of privacy and personal attacks, and defamation issues. In the past few years, academia and industry have been approaching in various ways to solve this problem The purpose of this study is to build a dataset and experiment with deep learning classification modeling for detecting various bias expressions as well as hate expressions. The dataset was annotated 7 labels that 10 personnel cross-checked. In this study, each of the 7 classes in a dataset of about 137,111 Korean internet news comments is binary classified and analyzed through deep learning techniques. The Proposed technique used in this study is multi-channel CNN model with attention. As a result of the experiment, the weighted average f1 score was 70.32% of performance.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.55-60
• /
• 2023

The IoT environment is very vulnerable to security threats, and if an intrusion occurs, it can cause great damage. In order to strengthen the security of the IoT environment, a curriculum that considers the characteristics of the IoT environment is needed. In this paper, we propose a curriculum model for cyber incident response in the Internet of Things environment. The proposed curriculum model was designed as a model for security threats in the IoT environment, types of intrusion incidents, and incident response procedures. The proposed curriculum model is expected to contribute to improving security awareness in the IoT environment and fostering cyber incident response experts in the IoT field. The proposed curriculum model strengthens the security of the IoT environment and is expected to be safe through security incident response in the IoT.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.4
• /
• pp.167-176
• /
• 2024

The Personal Information Protection Commission was launched in August 2020 as an integrated control tower for personal information protection, but several problems have been pointed out in the personal information protection operation system. First, despite the fact that Korea's personal information protection system has an integrated legal system that regulates both the public and private sectors, it has been pointed out that it is difficult to carry out smooth personal information protection functions due to incomplete integration of protection functions, such as the Financial Services Commission being in charge of personal credit information protection and the Korea Communications Commission being in charge of personal location information protection. Next, despite the increasing number of public sector personal information leakage incidents, there is a lack of personnel with expertise and specialized support organizations to efficiently investigate them, and there is a concern that the lack of an efficient response system to personal information infringement by global IT companies in Korea in the era of digital commerce may weaken the protection of citizens' personal information. In order to solve these problems, I reviewed overseas cases and literature and proposed the following measures. First, it is necessary to centralize the personal information protection supervision function for credit information and location information to the Personal Information Protection Commission. Second, it is necessary to secure expertise by securing specialized personnel and establishing specialized institutions to respond to public sector personal information leakage incidents. Third, it is necessary to revitalize the domestic agency designation system and establish an international cooperation system to protect people's personal information in the digital commerce era. I believe that these measures to develop the personal information protection system will lead to more systematic personal information protection.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.41-46
• /
• 2014

As the radioactive-related incidents have been occurred frequently such as Fukushima nuclear exposure incident, it is always considered radioactivity normal levels in radiation exposure as a most risk components at several government agencies. In this paper, the data were analyzed by information in the data beyond range of the attributes. The clustering analysis method is used by EM and SimpleKMeans algorithm. The experimental results about US Radioactive associated data is depending on the method of data analysis. It can be seen that the method of the algorithm is different depending on local value of the normal range. The governments need to pay attention to increase the investigation frequency.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.17-23
• /
• 2018

The rapid development of mobile technology has increased the use of mobile devices, and the possibility of security incidents is also increasing. The leakage of information through photos is the most representative. Previous methods for preventing this are disadvantageous in that they can not take pictures for other purposes. In this paper, we design and implement a system to prevent information leakage through photos using object recognition and beacon. The system inspects pictures through object recognition based on deep learning and verifies whether security policies are violated. In addition, the location of the mobile device is identified through the beacon and the appropriate rules are applied. Web applications for administrator allow you to set rules for taking photos by location. As soon as a user takes a photo, they apply appropriate rules to the location to automatically detect photos that do not conform to security policies.