• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.368-371
• /
• 2014

최근 디지털계측제어시스템은 사이버위협에 매우 취약하여 사이버공격에 의해 발전소 안전에 부정적인 영향을 받을 수 있는 실정이다. 따라서 디지털계측제어시스템에 대해 주기적인 사이버보안 위험 평가가 필요하다. 이에 따라 본 논문에서는 테스트베드 구축을 통해 특정 시점에서의 사이버 위협의 침해 가능성 분석, 또는 자체적으로 사이버보안성을 평가할 수 있는 방법에 대해 제안한다. 동 연구에서 제안하는 사이버보안 위험 평가는 자산분석, 테스트베드 구축, 취약점 분석, 위협평가, 위험도분석 및 평가 총 5단계로 구성되며 각 단계의 사이버보안 활동 수행을 통해 디지털계측제어계통의 사이버보안수준이 향상될 것으로 사료된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3756-3777
• /
• 2019

Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.

• Nuclear Engineering and Technology
• /
• v.54 no.3
• /
• pp.948-958
• /
• 2022

Since reliability and security of man-machine system increasingly depend on reliability of human, human reliability analysis (HRA) has attracted a lot of attention in many fields especially in nuclear engineering. Dependence assessment among human tasks is a important part in HRA which contributes to an appropriate evaluation result. Most of methods in HRA are based on experts' opinions which are subjective and uncertain. Also, the dependence influencing factors are usually considered to be constant, which is unrealistic. In this paper, a new model based on Dempster-Shafer evidence theory (DSET) and fuzzy number is proposed to handle the dependence between two tasks in HRA under uncertain and dynamic situations. First, the dependence influencing factors are identified and the judgments on the factors are represented as basic belief assignments (BBAs). Second, the BBAs of the factors that varying with time are reconstructed based on the correction BBA derived from time value. Then, BBAs of all factors are combined to gain the fused BBA. Finally, conditional human error probability (CHEP) is derived based on the fused BBA. The proposed method can deal with uncertainties in the judgments and dynamics of the dependence influencing factors. A case study is illustrated to show the effectiveness and the flexibility of the proposed method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.647-654
• /
• 2016

In the defense industry, national security takes priority over economic sense and this has translated into high cost and long-term research and development. However, the exponential growth of technology and rapid changes in the security situation in recent years have resulted in a call for the development of systems at a low cost within a short period of time. In order to implement a modularization strategy in the field of defense, the introduction of line replaceable units in OO systems needs to be prioritized. This study selects six criteria following a literature review and prioritizes 11 modules for OO systems using the project evaluation method, Grey Relational Analysis (GRA). Based on the GRA results, the grey relational grades were derived as 0.83, 0.81 and 0.80 for the M11 (Main board), M8 (EMI module), M3 (Single board computer) modules, respectively. The cost and time of development is expected to be reduced in accordance with the grey relational grade. The results of this research could be utilized for decision making on adopting modularization in similar system development or product improvement programs (PIPs).

• Journal of Legislation Research
• /
• no.41
• /
• pp.7-42
• /
• 2011

The social welfare law concerning the children, the elderly and the disabled has been sufficiently in the center of the discussion in the academic as well as practical arena. One can find however rarely academic proposals about the way of understanding, spheres affiliated with this legal system, and systematic characteristics. So these problems stay now vague. This article aims to approach to these points of issue. First, it tries to reveal the physical, psychological and psychic characteristics of these group of people. These situation are not to be effectively protected by norms and measures provided by other instruments of social security, i.e. social insurances and social assistances. Second, based upon these functional limits inherent to these instruments of social security the own system of the social welfare law is explored in this article. The discussing points are as follows; 1. the concept of social welfare law, 2. as core principles; realization of the personality and freedom based upon self-determination right, universalism and equality. 3. rearrangements of the legal provisions to bring harmony with the legal purpose and function of social welfare law. Finally, it is pointed that the evaluation of the relevant legislation is essential, since in this area the difference between the norm purpose and the reality could be immense.

• Journal of the Korean Society for Library and Information Science
• /
• v.48 no.2
• /
• pp.25-44
• /
• 2014

This research evaluates the accessibility of the mobile applications for the South Korean libraries based on the accessibility guideline from the Ministry of Security and Public Administration. In order to enhance the credibility of the evaluation, this current research covers both the accessibility for the visually impaired and the accessibility for the people without disabilities. The research found four main results. First, we found that only 21 libraries (31%) provide alternative texts. Out of the 21 libraries, only one provide alternative texts across all sections of the mobile applications, including the main page, data search, information assistance, etc. Second, most of the mobile applications provide contents in texts, and the subtitles, sign language, blinking and background music provided as required or recommended standard by the guideline lack correlation. Third, alternative texts, focus movement, accessibility of operating system, button motion control, spacing between control and alarm functions must follow the standard guideline for the people with disabilities to use the mobile applications. Fourth, follow-up research on the development of accessibility standard for library mobile application is necessary in order to enable people with disabilities to freely use the library mobile applications.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.683-688
• /
• 2004

NAT is a very useful IP address translation technique that allows two connected networks using different and incompatible IP address schemes. But it is impractical to use NAT for an application which uses the encrypted IP packet, embedding IP addresses inside of data payloads, to guarantee End-to-End Security such as IPSec. In addition to rewriting the source/destination IP addresses in the packet, NAT must modify IP checksum every time, which could lead to considerable performance decrease of the overall system in the process of the address translation. RSIP is an alternative to solve these disadvantages of NAT and the address shortage problems. Both NAT and RSIP divide networks into inside and outside addressing realms. NAT translates addresses between internal network and external network, but RSIP uses a borrowed external address for outside communications. RSIP server assigns a routable public address to a RSIP client temporarily to communicate with public net-work outside of the private network. In this paper, RSIP gateway for intranet environment is designed and its performance is evaluated. From the results of performance evaluation, we knew that RSIP is operated less sensitive to the data traffic. Also, the experiment shows that RSIP performs better than NAT when the transmission data grows larger.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.257-263
• /
• 2011

Conventional middleware is software providing services between clients and servers efficiently, but it is not applicable to RFID systems because of low consistency due to the absence of context awareness function, and problems in the management of meaning, security system, etc. Accordingly, we need a quality selection process and a quality evaluation method for selecting RFID middleware based on new criteria. This Paper proposed a new selection process based on international standard ISO/IEC 14598, and extracted and selected optimal quality factors through the proposed process. The selected quality factors were mapped to the quality characteristics of standard quality model ISO/IEC 9126, and to quality factors of RFID middleware of SUN, Microsoft, EPCglobal, IBM, etc. The results of these works showed that the quality factors extracted and selected through the proposed process were fair and adequate for evaluating the quality of RFID middleware.

• The Korean Journal of Archival Studies
• /
• no.25
• /
• pp.3-46
• /
• 2010

Digital records management is one whole system in which many social and technical elements are interacting. To maintain the trustworthiness, the repository needs periodical audit and certification. Thus, individual electronic records management agency needs toolkit that can be used to self-evaluate their trustworthiness continuously, and self-assess their atmosphere and system to recognize deficiencies. The purpose of this study is development of self-certification toolkit for repositories, which synthesized and analysed such four international standard and best practices as OAIS Reference Model(ISO 14721), TRAC, DRAMBORA, and the assessment report conducted and published by TNA/UKDA, as well as MoRe2 and current national laws and standards. As this paper describes and demonstrate the development process and the framework of this self-certification toolkit, other electronic records management agencies could follow the process and develop their own toolkit reflecting their situation, and utilize the self-assessment results in-house. As a result of this research, 12 areas for assessment were set, which include (organizational) operation management, classification system and master data management, acquisition, registration and description, storage and preservation, disposal, services, providing finding aids, system management, access control and security, monitoring/audit trail/statistics, and risk management. In each 12 area, the process map or functional charts were drawn and business functions were analyzed, and 54 'evaluation criteria', consisted of main business functional unit in each area were drawn. Under each 'evaluation criteria', 208 'specific evaluation criteria', which supposed to be implementable, measurable, and provable for self-evaluation in each area, were drawn. The audit and certification toolkit developed by this research could be used by digital repositories to conduct periodical self-assessment of the organization, which would be used to supplement any found deficiencies and be used to reflect the organizational development strategy.

• The Journal of the Korea Contents Association
• /
• v.9 no.7
• /
• pp.268-275
• /
• 2009

Today, in order to cope with the changing security environments and the citizen demand actively and efficiently, the Korean police is attempting a great change inside and outside such as the practical application of decentralized police system. Police's corruption is serious in various statistical data that present from lower part that is show. compares to continuous upright improvement effort and evaluation of the inside of the police system. the citizens recognition against it is evaluated lowly. The difference of recognition on police potential integrity between members of the police organization, the citizen and the external agency points the insufficiency of police improvement, deficiency of effective system and policy, organization culture as causes.