• Proceedings of the KAIS Fall Conference
• /
• 2004.06a
• /
• pp.224-227
• /
• 2004

본 연구는 플라스틱 사출 금형 견적 산출 전문가 시스템에 관한 내용이다. 일반적으로 경험에 의한 견적 산출은 프라스틱 사출 금형 제조 회사의 경험이 많은 엔지니어가 직접 작성하게 된다. 이렇게 되면, 시간은 많이 소요되지 않지만, 객관성과 과학성이 결여된 견적이 산출된다. 때때로, 고객과 제조회사 간의 분쟁이 발생하게 되는 원인이 되기도 한다. 이러한 문제를 극복하기 위해, 본 연구로 개발된 시스템이 대안이 될 것이다. 윈도우 환경의 Visual Basic과 SQL 데이터 베이스를 사용한다. 이 시스템에서 얻어진 결과는 제조 현장에서 설계들에게 효과적인 지침이 될 것이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.405-406
• /
• 2019

ICS 해커들의 주요 목적은 재정적 이득, 기업간첩, 테러리스트 활동, 국가간의 사이버전쟁, 잘못된 윤리적 해킹 등의 이유들이 있다. 이에 따른 해킹 경로로는 산업제어 시스템이 공용 인터넷에 노출되는 경우, 기기 초기 설정을 방치, 장기간의 비밀번호 미 변경, 포트스캐닝, 구글 해킹 등이 있다. 이에 따른 대표적인 해킹방식 5 가지가 있는데 첫째, Shodan 을 이용한 일종의 검색해킹, 둘째, ZAP 툴을 이용하여 전수공격을 하는 패스워드 퍼징, 셋째, 목표 사이트의 취약점을 이용하여 인증을 우회하는 공격인 SQL Injection, 넷째, Modbus 툴을 이용한 해당 시설의 전압을 변경하는 네트워크 공격, 다섯째, zbgoodfind 툴을 통한 원격장치공격이 있다.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.45-52
• /
• 2020

Traditional methods of detecting security vulnerabilities in source-code require a lot of time and effort. If there is good data, the issue could be solved by using the data with machine learning. Thus, this paper proposes a source-code vulnerability detection method based on machine learning. Our method employs the code2vec model that has been used to propose the names of methods, and uses as a data set, Juliet Test Suite that is a collection of common security vulnerabilities. The evaluation shows that our method has high precision of 97.3% and recall rates of 98.6%. And the result of detecting vulnerabilities in open source project shows hopeful potential. In addition, it is expected that further progress can be made through studies covering with vulnerabilities and languages not addressed here.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.3
• /
• pp.100-107
• /
• 2015

Recently as the manufacturers want competitiveness in dynamically changing environment, they are trying a lot of efforts to be efficient with their production systems, which may be achieved by diminishing unplanned operation stops. The operation stops and maintenance cost are known to be significantly decreased by adopting proper maintenance strategy. Therefore, the manufacturers were more getting interested in scheduling of exact maintenance scheduling to keep smooth operation and prevent unexpected stops. In this paper, we proposedan integrated maintenance approach in injection molding manufacturing line. It consists of predictive and preventive maintenance approach. The predictive maintenance uses the statistical process control technique with the real-time data and the preventive maintenance is based on the checking period of machine components or equipment. For the predictive maintenance approach, firstly, we identified components or equipment that are required maintenance, and then machine parameters that are related with the identified components or equipment. Second, we performed regression analysis to select the machine parameters that affect the quality of the manufactured products and are significant to the quality of the products. By this analysis, we can exclude the insignificant parameters from monitoring parameters and focus on the significant parameters. Third, we developed the statistical prediction models for the selected machine parameters. Current models include regression, exponential smoothing and so on. We used these models to decide abnormal patternand to schedule maintenance. Finally, for other components or equipment which is not covered by predictive approach, we adoptedpreventive maintenance approach. To show feasibility we developed an integrated maintenance support system in LabView Watchdog Agent and SQL Server environment and validated our proposed methodology with experimental data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.2
• /
• pp.263-277
• /
• 2021

Taint analysis techniques are popularly used to detect web vulnerabilities originating from unverified user input data, such as Cross-Site Scripting (XSS) and SQL Injection, in web applications written in JavaScript. To detect such vulnerabilities, it would be necessary to trace variables affected by user-submitted inputs. However, because of the dynamic nature of JavaScript, it has been a challenging issue to identify those variables without running the web application code. Therefore, most existing taint analysis tools have been developed based on dynamic taint analysis, which requires the overhead of running the target application. In this paper, we propose a novel static taint analysis technique using symbol information obtained from the TypeScript (a superset of JavaScript) compiler to accurately track data flow and detect security vulnerabilities in TypeScript code. Our proposed technique allows developers to annotate variables that can contain unverified user input data, and uses the annotation information to trace variables and data affected by user input data. Since our proposed technique can seamlessly be incorporated into the TypeScript compiler, developers can find vulnerabilities during the development process, unlike existing analysis tools performed as a separate tool. To show the feasibility of the proposed method, we implemented a prototype and evaluated its performance with 8 web applications with known security vulnerabilities. We found that our prototype implementation could detect all known security vulnerabilities correctly.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.5
• /
• pp.319-324
• /
• 2014

Web applications make life more convenient. Many web applications have several kinds of user input (e.g. personal information, a user's comment of commercial goods, etc.) for the activities. On the other hand, there are a range of vulnerabilities in the input functions of Web applications. Malicious actions can be attempted using the free accessibility of many web applications. Attacks by the exploitation of these input vulnerabilities can be achieved by injecting malicious web code; it enables one to perform a variety of illegal actions, such as SQL Injection Attacks (SQLIAs) and Cross Site Scripting (XSS). These actions come down to theft, replacing personal information, or phishing. The existing solutions use a parser for the code, are limited to fixed and very small patterns, and are difficult to adapt to variations. A machine learning method can give leverage to cover a far broader range of malicious web code and is easy to adapt to variations and changes. Therefore, this paper suggests the adaptable classification of malicious web code by machine learning approaches for detecting the exploitation user inputs. The approach usually identifies the "looks-like malicious" code for real malicious code. More detailed classification using sequence information is also introduced. The precision for the "looks-like malicious code" is 99% and for the precise classification with sequence is 90%.

• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.51-57
• /
• 2013

RSA is the most widely used public key algorithms. Payment via the SSL communications, and user authentication using RSA secure shopping mall that can protect the user's valuable information in the process of building. SSL-based electronic signature technology and encryption protocols for this technology are electronic documents are delivered to the other party through a separate encryption process, the information sender to enter information on a web browser (user) and the recipient (the Web server of the site Manager), except you will not be able to decrypt the contents. Therefore, the information is encrypted during the transfer of electronic documents even if hackers trying to Sniffing because its contents can never understand. Of internet shopping mall in the user authentication 'and' Communications' SSL secure shopping mall built with the goal of the methodology are presented.