• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• Proceedings of the KSR Conference
• /
• 2007.11a
• /
• pp.1428-1432
• /
• 2007

One of the most important targets of transportation is to transport human and commodities to the destination safely. Railway has low risk, compared with land, ocean and flight route and it assures high security as well as high speed driving, since it runs on regular track. However, train accident may result in tragic accident due to small carelessness, so special event recorder is preferably used in order for clarity of responsibility in case of accident, maintenance of signal device and defect analysis. JRU(Juridical Recorder Unit) for ATC/ATS/ATP can be more advanced event recorder. Event recorder of KTX-I which is running now is installed one by one on each leading car and last car, and operation plan of event recorder in case of single trainset is suggested. But regarding train operation of multi-coupled trainset operation such as KTX-II, more detailed study is required for event recorder revitalization and record data process method. Therefore, this research aims at operation plan used in existing event recorder, and suggests effective operation and management plan of event recorder in multi-coupled trainset such as new High Speed Train.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.55-62
• /
• 2018

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

• Korean Security Journal
• /
• no.18
• /
• pp.73-99
• /
• 2009

There are three assassination and treatening cases in this thesis introduced as analysis data. They are shooting accidents of the U.S.A's President Reagun (1981,3.30), and the President Park Jeong Hee of South Korea(1974.8.15), assassination of the Prime Minister Lavin of Israel (1995.11.4) In March 30, 1981, there was an accident where criminal, Hinckley, fired ball cartridges right before the President Reagan got into the car to move to White House after completing the announcement of Hilton Hotel of Washington. As a result, the chest of president was shot and public information secretary and safeguard were wounded. In August, 15, pm 10:23, where the 29th 8.15 independent anniversay event was being celebrated by the people at the National theater in Jangchungdong, Seoul, the criminal Moon Sekwang fired ball cartridges, he failed to assassinate the President Park Jeong Hee of Korea, but shot the First lady Yuk Young Soo. She was wounded right part of head and died. In November 4, Saturday, pm 22:00 the Prime Minster Lavin had finished the supporting event of Middle Asia's Peace project and was taking on the car when he was killed by the criminal Amir's shooting, The accidents left very important lesson from the aspect of security analysis and it has been frequently used as a material for the education and training of safeguard organization. In Korea, as well as Presidential Security Service, national security departments have selected it as an important model for the subjects such as 'Security Analysis, 'Security Practice' and 'Security Methodology'. In the performance of security duty, security skill is the most important matter. Moreover, it has a close relationship with politics, society and culture. The purpose of this study is to analyze and reevaluate the case, which has been treated as a usual model from the aspect of security analysis, beyond its introduction. Attempted assassination of President Reagan was evaluated as a positive success example because of its rapid response of adjacent guards to evacuate Reagan, who is a guard target, within 10 seconds after the shot. When comparing it to President Kennedy Assassination of 1963, it was evaluated that guards were significantly specialized. In the study, however, it was possible to found many problems such as carelessness of guard, who is in charge of external area of event place, idle attitude for frequently used event place, confusion of wireless communication, risk of wireless security disclose, insufficient provision of compulsory record file, insufficient profiling of dangerous person and unsecured hospital and first-aid room.

• Management & Information Systems Review
• /
• v.27
• /
• pp.149-172
• /
• 2008

Since the 9/11 terror attack, the event which caused supply chain disruption, supply chain security has becomes more important than ever before. Furthermore, such company's logistics strategies conflicting supply chain security as increased global sourcing, JIT manufacturing are increasing supply chain vulnerability. It could burden for global companies to strengthen supply chain security because not only it requires additional investment cost but also changes of companiy's global logistics strategy. However, on the other hand, supply chain visibility and resilience can be improved through supply chain security. In addition, it allows companies to stabilize supply chain structure as well as rapid and flexible response to market demand. The key issue is balancing between efficiency and supply chain security. To do this, identifying risk elements under the supply chain and assessing vulnerability of each supply chain components should be performed before developing efficient supply chain security management system without obstructing supply chain efficiency.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.37
• /
• pp.217-250
• /
• 2008

The International Ship and Port Facility Security (ISPS) Code which was developed as the main response of the shipping sector to the miserable event of 11 September 2001 came into effect on 1 July 2004. The ISPS Code designed to detect and eliminate security threats affecting ships and port facilities used in international trade will significantly impact not only on the management and operation of the shipping industry but also on maritime law despite the fact that it is the regulatory framework of public law. It is expected that implementing the ISPS Code will contribute to reinforcement of maritime security on the one hand. However, on the other hand, more intensified security inspection and control measures of port states will also cause delay and additional costs which cause uncertainty in allocating security risk and cost between the contracting parties. Therefore, it is desire to insert new security clause dealing with main security issues or adapt existing clauses to new shipping environments to minimize disputes.

• Korean Security Journal
• /
• no.36
• /
• pp.387-416
• /
• 2013

This study's purpose is to present the improvement of effectiveness of security activity for international conference which can be held hereafter. On the basis of security activity problems originating in G20 summit meeding that had been held in Seoul in 2010. I made up questions three times to on the members of the police, military, fire figher and national intelligence service who had experienced in Seoul G20 summit meeding and recognition of possible problem and possibility of improvement on each item of questions was analyzed by Delphi Method. Also interviews with 4 security experts selected from each security agency were conducted to present improvement in each part of problem. The results obtained from the face to face interview with four experts of security-enforcement agency about the role of event site activity stage for international conference are as followings; First, 'security protocol section' protocol and security are needed mutual win-win enough to be compared with adaptative relationship, thereby being demanded the closer cooperation and information exchange. Second, 'situation management section' there is a need of reinforcing the cooperative system between situation rooms of each agency in order to possibly operate all of the security manpower integrally, which are dispersed by function and by event site, in addition to the swift and organic information exchange between wide-area local government and all the security agencies focusing on a preparation planning group. Third, 'security manpower resource management section' there is a need of encouragement and interest in the leadership in order to devise system that all of the security manpower can concentrate on event and to be possibly satisfied the given conditions. Fourth, 'local government cooperative support section' the wide-area local government of a hosting city as international city operates several kinds of the facilities for international conference, supports operation of conference, achieves a ripple effect of event such as tourism, maximizes service of accomodations, and performs the primary responsibility for the maintenance of the traffic facilities, thereby needing to execute special inspection under the responsibility of Si-Do governors.

• Journal of National Security and Military Science
• /
• s.3
• /
• pp.197-242
• /
• 2005

Active catalog is a kind of digital content that enables consumers to test the functions and features of products from their PCs as if they were using it in real life, by simulating the actions and responses of the product. This new type of interactive digital content can be used extensively to make sales personnel training manuals, sales tools, user manuals and user trouble shooting documents. With active catalogs, companies will be able to compare different designs, show actions according to different functions, and evaluate user reaction to new products without having to produce a single physical prototype or mock-up. At the same time, consumers will be able to understand and 'operate' the product and make well-informed purchase decisions. In this paper, we present a visual event-driven modeling tool, PlayMo, for creating active catalogs, analyze the advantages of using PlayMo, describe the event-driven method used by PlayMo and also introduce two enhanced characteristics of the Event Flow Chart with which the events in PlayMo are structured. Interactive digital content by using the PlayMo3D makes easy, simple and effective design for e-learning, e-catalogue, e-marketing/sales, e-prototyping, customer support, etc. Through its application-ready 3D function visualization solution, engineers and designers can rapidly turn a CAD design model into a 3D interactive virtual product, and the effective function prototyping job can be also completed within a minute.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4191-4203
• /
• 2015

WebView is a vital component in smartphone platforms like Android, Windows and iOS that enables smartphone applications (apps) to embed a simple yet powerful web browser inside them. WebView not only provides the same functionalities as web browser, it, more importantly, enables a rich interaction between apps and webpages loaded inside the WebView. However, the design and the features of WebView lays path to tamper the sandbox protection mechanism implemented by browsers. As a consequence, malicious attacks can be launched either against the apps or by the apps through the exploitation of WebView APIs. This paper presents a critical attack called Supplementary Event-Listener Injection (SEI) attack which adds auxiliary event listeners, for executing malicious activities, on the HTML elements in the webpage loaded by the WebView via JavaScript Injection. This paper also proposes an automated static analysis system for analyzing WebView embedded apps to classify the kind of vulnerability possessed by them and a solution for the mitigation of the attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.477-486
• /
• 2022

This study aims to present a method using event sourcing patterns and blockchain as a way to cope with vulnerabilities in memory manipulation at the client level. To verify the plan, the method of running the memory operation application was analyzed, and the performance was compared and analyzed when the memory operation prevention plan was applied by fabricating a test application. As a result of the analysis, the usage of memory increased compared to the method of XOR operation by storing major data in one memory, but it was possible to prevent the operation of the memory operation program without significantly affecting the performance of the game.