• Journal of Korea Society of Digital Industry and Information Management
• /
• 제6권3호
• /
• pp.49-57
• /
• 2010

We extended a general attack tree to apply cyber attack model for network vulnerability analysis. We defined an extended cyber attack tree (E-CAT) which extends the general attack tree by associating each node of the tree with a transition of attack that could have contributed to the cyber attack. The E-CAT resolved the limitation that a general attack tree can not express complex and sophisticate attacks. Firstly, the Boolean expression can simply express attack scenario with symbols and codes. Secondary, An Attack Generation Probability is used to select attack method in an attack tree. A CONDITION-composition can express new and modified attack transition which a aeneral attack tree can not express. The E-CAT is possible to have attack's flexibility and improve attack success rate when it is applied to cyber attack model.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• 제10권2호
• /
• pp.345-350
• /
• 2009

In this paper, it is reviewed vulnerability of security in S-MAC communication protocol of sensor network, and analyzed in the respect of power efficiency, which is consumed at each stage of communication procedure in according to vulnerability of denial of service. Therefore, from research results, it can be induced the need of authentication scheme, which is considered reliability, efficiency and security of normal S-MAC communication.

• Proceedings of the KIEE Conference
• /
• 대한전기학회 2006년도 추계학술대회 논문집 전력기술부문
• /
• pp.12-14
• /
• 2006

This paper presents an vulnerability index for hidden failure of protective relays in transmission system. The bad influence can be quantized by an vulnerability index. When there is mis-operation, no-operation or mis-setting, power flow can be quantized by an index. According to the index, relays can be resetting. So the wide area blackout can be prevented.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2015년도 제51차 동계학술대회논문집 23권1호
• /
• pp.273-276
• /
• 2015

홈 네트워크는 가정 내에서 여러 기기들을 유 무선으로 연결 후 네트워크를 구성하여 서로 데이터를 공유한다. 가정 내 기기들은 컴퓨팅 기능이 저하되기 때문에 보안취약점을 이용한 사이버 범죄에 노출되어 있다. 따라서 사이버 범죄 및 개인정보의 유출을 방지하기 위해 유 무선 보안취약점 및 대응방안을 파악할 필요가 있다. 본 논문은 홈 네트워크의 보안 개선을 위해 미들웨어의 보안기능 및 홈 네트워크의 보안취약요인을 분석하고, 보안취약점 개선 방안을 제안한다.

• International Journal of Computer Science & Network Security
• /
• 제22권1호
• /
• pp.234-240
• /
• 2022

One of the most discussed topics is cyber security when it comes to web application and how to protect it and protect databases. One of the most widely used and widespread techniques is SQLI, and it is used by hackers and hackers. In this research, we touched on the concept of SQLI and what are its different types, and then we detected a SQLI vulnerability in a website using SQLMAP. Finally, we mentioned different ways to avoid and protect against SQLI.

• The Journal of Information Technology
• /
• 제12권2호
• /
• pp.1-12
• /
• 2009

China first started its mobile phone services in 1987, and the number of users has exponentially increased so that it reached 700 millions in January 2009. Currently China's 2G(GSM) users is 650 millions. These 2G (GSM) services have an advantage of the capability to use the mobile phone with a SIM (Subscriber Identity Modul) card, one kind of smart cards, inserted into it. However, due to the security vulnerability of SIM cards being used within China's 2G (GSM) services, SIM cards cloning. Problems concerning mobile phone surveillance towards a designated person by illegal cloning ESN and IMSI have recently risen to be a massive social issue within Korea as well. These studies have experimented the possibility of SIM cards clone in various mobile communication corporations using 2G (GSM) in China, and hence discovered the security vulnerability such as the incoming outgoing, SMS service and additional services on mobile phones using clone SIM cards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제7권3호
• /
• pp.117-128
• /
• 1997

When computer systems with mandatory access control mechanism are interconnected each other for enforcing the MHS(Message Handling System) security on the multilevel secure distributed network environment, illegal information flow may occurs due to the unexpected cascade vulnerability problem. In this paper, new MHS security policy and security property functions are proposed for preventing the cascade vulnerability.

• The Journal of Society for e-Business Studies
• /
• 제24권2호
• /
• pp.15-27
• /
• 2019

In the past, the control system was a closed network that was not connected to the external network. However, in recent years, many cases have been opened to the outside for the convenience of management. Are connected to the Internet, and the number of operating control systems is increasing. As a result, it is obvious that hackers are able to make various attack attempts targeting the control system due to external open, and they are exposed to various security threats and are targeted for attack. Industrial control systems that are open to the outside have most of the remote management ports for web services or remote management, and the expansion of web services through web programs inherits the common web vulnerability as the control system is no exception. In this study, we classify and compare existing web vulnerability items in order to derive the most commonly tried web hacking attacks against control system from the attacker's point of view. I tried to confirm.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• 제11권12호
• /
• pp.4760-4765
• /
• 2010

Time out-medium access control (T-MAC) protocol is one of the well-known MAC protocols designed for wireless sensor networks (WSN), and is proposed to enhance the poor performance of the S-MAC protocol. In this paper, we are reviewed about security vulnerability in T-MAC, and analyzed the power which is consumed at each stage of T-MAC protocol according to vulnerability of denial of service (DoS) and replay problem. From our analytical results, it can be considered the need of power efficient authentication scheme which provides the reliability, efficiency, and security for a general T-MAC communication. This is the case study of possible DoS vulnerability and its power consumption in T-MAC.

• Journal of Internet of Things and Convergence
• /
• 제6권3호
• /
• pp.31-37
• /
• 2020

The cloud computing industry is regarded as a key element of the ICT industry and an important industry that will be a watershed for the future development of ICT industry. Korea has established the 1st~2nd cloud computing development basic plan to induce the growth of the cloud industry. However, the domestic information security guide provides technical vulnerability analysis criteria for Unix and Windows servers, DBMS, network equipment, and security equipment, but fails to provide vulnerability analysis criteria for hypervisors that are key elements of cloud computing. Organizations that have deployed cloud systems will be able to assist in vulnerability analysis using the criteria presented in this paper.