• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.484-510
• /
• 2017

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

• Journal of the Korea Society for Simulation
• /
• v.23 no.2
• /
• pp.25-33
• /
• 2014

In this study, the border security problem of the ROK Army is examined by applying the agent-based modeling and simulation (ABMS) concept as well as its platform, MANA. Based on the approximately optimized behavior of the infiltrator obtained using genetic algorithm (GA), we evaluate the GOP border security system which consists of human resources, surveillance, as well as command and control (C2) systems. We use four measures of effectiveness (MOEs) to evaluate its performance, and we apply a near optimal latin hypercube (NOLH) design to deal with the large number of factors of interest in our model. By using a NOLH design, our simulation runs are implemented efficiently. We hope the results of this study provide valuable data for deciding the configuration of the border security system structure and the number of soldiers assigned in the platoon.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.321-330
• /
• 2019

Prevention of corporate confidentiality leakage by insiders in enterprises is an essential task for the survival of enterprises. In order to prevent information leakage by insiders, companies have adopted security solutions, but there is a limit to effectively detect abnormal behavior of insiders with access privileges. In this study, we use the Unsupervised Learning algorithm of the machine learning technique to effectively and efficiently cluster the normal and abnormal access logs of the worker's work screen in the manufacturing information system, which includes the company's product manufacturing history and quality information. We propose an optimal feature selection model for anomaly detection by studying clustering methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.53-64
• /
• 2006

Worm analysis report currently produced by anti-virus companies closely resemble those of virus report and do not properly characterize the specific attributes of worms. In this paper, we propose formalized presentation method based on time-based behavioral sequences to more accurately characterize worms. we define a format based on the behavior and communication patterns that occur between an infected host and a target host. we also propose a method for presently worm analysis data with that format. We also compare our framework with analysis data provided by Symantec.

• Asia pacific journal of information systems
• /
• v.31 no.2
• /
• pp.236-256
• /
• 2021

Online financial technology products are an important consumer finance innovation. While a large body of previous research has focused on initial adoption and consumer willingness to use these products, little research explores the continued use of these products beyond the initial adoption phase. In particular, special attention should be paid to how users' trust and perceptions of privacy and security affect continued use behavior. This paper integrates the expectation confirmation model of information system continuance (ECM-ISC), the information system success model (ISSM) and the security and trust literatures to investigate continued use of online financial technology. To test the research model, we collected 398 valid questionnaires from Ant Credit Pay users. The research results show that system and service quality positively impact users' expectation confirmation, while information quality has no significant impact. Expectation confirmation and perceived usefulness positively affect user satisfaction. Moreover, the user's perception of privacy and security plays a vital role in user satisfaction. Satisfaction and perceived trust jointly promote users' continuance behaviors. Findings of this study indicates the importance of the information system success factors and security factors due to their influence on the continued use of Fintech products. This conclusion has implications for enterprises in improving the product qualities and enhancing the degree of security to meet user needs.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• The Korean Journal of Health Service Management
• /
• v.7 no.2
• /
• pp.93-100
• /
• 2013

This study sought to explore the relationships between health behavior, oral health behavior and community periodontal index away the adult in korea. The date of 'The fifth korean national health and nutrition examination survey 2010' was analyzed for this study. The questionnaire was measured regarding health behavior, oral health behavior, community periodontal index and socio-economic characteristics. For statistical analysis, the SPSS 19.0 for Windows was used. We determined frequencies, percentage and determining statistical significance using multiple regression analysis. General characteristics showed differences in community periodontal index associated with residence, gender, age, income level, education, division of basic livelihood security. Health behavior showed differences in community periodontal index associated with smoking, AUDIT. Oral health behaviors showed differences in community periodontal index associated with dental care treatment, utilization of dental hospitals, dental check up, tooth brushing, use oral health supplies. In conclusion, in order to reduce community periodontal index of the adult, the importance and needs of periodontal status should be emphasized. periodontal status related education and program for the adult should be operated.

• Korean Security Journal
• /
• no.41
• /
• pp.263-292
• /
• 2014

This study is an attempt to introduce an effective human resource management way by analyzing the relationship of personality type of Security Agents and coping strategy for job stress and the job satisfaction. To achieve this purpose, this study surveyed users of the Gyeonggi and Chungnam in based on cluster sampling method. A total of 283 samples were used for this study, except 17 erroneous samples dropped. For the data process of the questionnaire, each answer content was coded and an element analysis, credibility analysis, frequency analysis, co-relationship analysis and regression analysis were performed using the SPSS version 18.0 of Angel for Windows. Through the data analysis following the research methods above, the conclusion was acquired as follows: First, the nature of the security personnel Factors affecting job stress. Second, the nature of the security personnel Factors affect coping behavior.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.41-48
• /
• 2016

In this paper we propose a new method of security visualization, VisFlow, using traffic flows to solve the problems of existing traffic flows based visualization techniques that were a loss of end-to-end semantics of communication, reflection problem by symmetrical address coordinates space, and intuitive loss problem in mass of traffic. VisFlow, a simple and effective security visualization interface, can do a real-time analysis and monitoring the situation in the managed network with visualizing a variety of network behavior not seen in the individual traffic data that can be shaped into patterns. This is a way to increase the intuitiveness and usability by identifying the role of nodes and by visualizing the highlighted or simplified information based on their importance in 2D/3D space. In addition, it monitor the network security situation as a way to increase the informational effectively using the asymmetrical connecting line based on IP addresses between pairs of nodes. Administrator can do a real-time analysis and monitoring the situation in the managed network using VisFlow, it makes to effectively investigate the massive traffic data and is easy to intuitively understand the entire network situation.

• Proceedings of the KIEE Conference
• /
• 2006.11a
• /
• pp.21-23
• /
• 2006

As a general rule for evaluating dependability of a system, reliability is commonly considered which barely rays attention to the system behavior, however the estimation is based on the assumption of a fault-frost system, which may be impracticable and inaccurate especially for complicated system. This paper introduces a security and dependability integrated approach to analyze the availability of a fault-active system both from dependability and security points of view. Two fault modes involved are discussed about the impairment to the system reliance. The approach can be well applied to estimate and quantify the attribute of system robustness with the help of Markov chain process, which is good at solving status related problem. The comparison result between dual system and IEC61850-based almighty backup system is shown to sup-port the suggested approach.