• Proceedings of the Korea Contents Association Conference
• /
• 2018.05a
• /
• pp.537-538
• /
• 2018

이 논문에서는 CDP (Continuous Data Protection)에서 연속적인 데이터 보존 및 복원을 위한 파일시스템 변경 로그 레코드 색인 방법을 제안한다. 제안하는 파일시스템 변경 로그 레코드 색인 방법은 CDP에서 특정 시점의 파일들에 대한 복원 속도를 향상시키는 것이 목적이다. 제안하는 방법은 각 파일들을 논리적인 청크 (chunk) 단위로 나누고 각 청크에 대해서 일정 시간대별로 비트를 할당하여 파일의 변경을 추적하는 비트맵 (bitmap) 기반의 색인이다. 제안하는 비트맵 기반의 색인 방법은 멀티 레벨로 구성하여 비트맵 연산의 횟수를 줄일 수 있도록 한다. 이 논문에서는 제안하는 비트맵 기반의 색인 방법의 효율성을 입증하기 위해서 시뮬레이션을 수행한다.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.675-689
• /
• 2021

Nowadays, cloud computing is being adopted for more organizations. However, since cloud computing has a virtualized, volatile, scalable and multi-tenancy distributed nature, it is challenging task to perform attack detection in the cloud following conventional processes. This work proposes a solution which aims to collect web server logs by using Flume and filter them through Spark Streaming in order to only consider suspicious data or data related to denial-of-service attacks and reduce the data that will be stored in Hadoop Distributed File System for posterior analysis with the frequent pattern (FP)-Growth algorithm. With the proposed system, we can address some of the difficulties in security for cloud environment, facilitating the data collection, reducing detection time and consequently enabling an almost real-time attack detection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.675-677
• /
• 2007

클러스터 시스템의 응용 분야가 다양화되고 복잡해짐에 따라, 대규모 클러스터 시스템을 보다 효율적으로 사용하기 위해서 실제 사용자의 이용 패턴을 예측할 수 있는 워크로드 분석의 필요성이 높아지고 있다. 워크로드 분석으로는 다양한 작업이 진행되는데 특히 파일 단위의 동적 접근 분석도 이에 포함된다. 본 논문에서는 실험용 병렬 파일 시스템으로 많이 보급된 PVFS2 에 파일 단위접근 기록을 가능케하는 방안을 모색하고 이 기능의 활용 가능성을 살펴 보았다.

• Journal of Global Scholars of Marketing Science
• /
• v.13
• /
• pp.209-229
• /
• 2004

Although the site evaluation factors that affect the navigation pattern are well documented, the attempt to explore the difference in the relationship between navigation pattern and site evaluation factors by post hoc segmentation approach has been relatively rare. For this purpose, this study constructs the structure equation model using web-evaluation data and log file of a community site with 300,000 members. And then it applies the structure equation model to each segment. Each segment is identified by mixture model. Mixture model is to unmix the sample, to identify the segments, and to estimate the parameters of the density function underlying the observed data within each segment. The study examines the opportunity to increase GFI, using mixture model which supposes heterogeneous groups in the users, not through specification search by modification index from structure equation model. This study finds out that AGFI increases from 0.819 at total sample to 0.927, 0.930, 0.928, 0.929 for each 4 segments in the case of the community site. The results confirm that segment level approach is more effective than model modification when model is robust in terms of theoretical background. Furthermore, we can identify a heterogeneous navigation pattern and site evaluation variation in the community website at segment level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.885-894
• /
• 2016

As smartphones become more common, anybody can take pictures and record videos easily nowadays. Video files taken from smartphones can be used as important clues and evidence. While you analyze video files taken from smartphones, there are some occasions where you need to prove that a video file was recorded by a specific smartphone. To do this, you can utilize various fingerprint techniques mentioned in existing research. But you might face the situation where you have to strengthen the result of fingerprinting or fingerprint technique can't be used. Therefore forensic investigation of the smartphone must be done before fingerprinting and the database of metadata of video files should be established. The artifacts in a smartphone after video recording and the database mentioned above are discussed in this paper.

• Journal of Digital Contents Society
• /
• v.15 no.5
• /
• pp.631-642
• /
• 2014

The main memory DBMS is operated which the contents of the table that resides on a disk at the same time as the drive is in the memory. However, because the main memory DBMS stores the data and transaction log file using the disk file system, there are a limit to the speed at which the CPU accesses the memory. In this paper, I evaluated the performance through analysis of the application side difference the technology that has been implemented in Altibase system of main memory DBMS and Sybase of disk-based DBMS. When the application performance of main memory DBMS is in comparison with the disk-based DBMS, the performance of main memory DBMS was outperformed 1.24~3.36 times in the single soccer game, and was outperformed 1.29~7.9 times in the soccer game / special soccer. The result of sale transaction response time showed a fast response time of 1.78 ~ 6.09 times.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.4 s.32
• /
• pp.157-165
• /
• 2004

The paper suggests that web-server security management system will be able to detect the web service attack accurately and swiftly which is keeping on increasing at the moment and reduce the possibility of the false positive detection. This system gathers the results of many unit security modules at the real time and enhances the correctness of the detection through the correlation analysis procedure. The unit security module consists of Network based Intrusion Detection System module. File Integrity Check module. System Log Analysis module, and Web Log Analysis and there is the Correlation Analysis module that analyzes the correlations on the spot as a result of each unit security module processing. The suggested system provides the feasible framework of the range extension of correlation analysis and the addition of unit security module, as well as the correctness of the attack detection. In addition, the attack detection system module among the suggested systems has the faster detection time by means of restructuring Snort with multi thread base system. WSM will be improved through shortening the processing time of many unit security modules with heavy traffic.

• Journal of Advanced Navigation Technology
• /
• v.14 no.5
• /
• pp.767-774
• /
• 2010

Due to advantages of NAND flash memory such as non-volatility, low access latency, low energy consumption, light weight, small size and shock resistance, it has become a better alternative over traditional magnetic disk drives, and has been widely used. Traditional DBMSs including mobile DBMSs may run on flash memory without any modification by using Flash Translation Layer (FTL), which emulates a random access block device to hide the characteristics of flash memory such as "erase-before-update". However, most existing FTLs are optimized for file systems, not for DBMSs, and traditional DBMSs are not aware of them. Also, traditional DBMSs do not consider the characteristics of flash memory. In this paper, we propose a flash-conscious storage system for DBMSs that utilizes flash memory as a main storage medium, and carefully put the characteristics of flash memory into considerations. The proposed flash-conscious storage system exploits log records to avoid costly update operations. It is shown that the proposed storage system outperforms the state.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.223-232
• /
• 2017

Previous research on data recovery in Microsoft SQL Server has focused on restoring data based on in the transaction log that might have deleted records exist. However, there was a limit that was not applicable if the related transaction log did not exist or the physical database file was not connected to Server. Since the suspect in the crime scene may delete the data records using a different deletion statements besides "delete", we need to check the remaining data and a recovery possibility of the deleted record. In this paper, we examined the changes "Page Allocation information" of the table, "Unallocation deleted data", "Row Offset Array" in the page according to "delete", "truncate" and "drop" events. Finally it confirmed the possibility of data recovery and availability of management tools in Microsoft SQL Server digital forensic investigation.