• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Korean Security Journal
• /
• no.13
• /
• pp.207-234
• /
• 2007

This study examines the roles of government and reasons of defeat on 9.11 terror, iraq war between 2001 and 2003. The administration functions critical role of national security. And punctual, accurate information supply capability helps policymaker's decision-making. Hence, information of punctuality and accuracy should be given to policymakers. And without two above written factors, it will result in failing. Information concoction on policymaker's pressure, biased informant, inaccurate information and lack of assembly means under the extensive organization and technologized spying means, Fail to keep information objectivity, leads to information failure. In the context of a series of facts, we shall cover the position of government and reasons of calamities. Two incidents deem as information failure by national security service, but concoction of Iraqi mass destruction weaponry is believed as bush administration's deception on account of political gains. For fully functional government role, governing body should reinforce all aspects of gathering, analyzing, and making use of information more objectively in the first place. In particular, information concoction involving policymakers post massive stumbling block to organized outcome. The thesis presents a prospective view of government position under the U.S. secret agent over 9.11 terror and Iraq war.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.10
• /
• pp.602-608
• /
• 2020

Development of Internet technology and the spread of various smart devices provide a convenient computing environment for people, which is becoming common thanks to the Internet of Things (IoT). However, attacks by hackers have caused various problems, such as leaking personal information or violating privacy. In the IoT environment, various smart devices are connected, and network attacks that are used in the PC environment are occurring frequently in the IoT. In fact, security incidents such as conducting DDoS attacks by hacking IP cameras, leaking personal information, and monitoring unspecified numbers of personal files without consent are occurring. Although attacks in the existing Internet environment are PC-oriented, we can now confirm that smart devices such as IP cameras and tablets can be targets of network attacks. Through performance evaluation, the proposed protocol shows 11% more energy efficiency on servers than RSA, eight times greater energy efficiency on clients than Kerberos, and increased efficiency as the number of devices increases. In addition, it is possible to respond to a variety of security threats that might occur against the network. It is expected that efficient operations will be possible if the proposed protocol is applied to the IoT environment.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.26 no.1
• /
• pp.39-46
• /
• 2020

Accident prevention is more important than follow-up, which is based on Heinrich's law. The marine incident system is a very meaningful system that can prevent similar accidents, and was introduced in 2010 in Korea in accordance with the enforcement of the Code for the Investigation of Marine Casualties and Incidents (CI Code). Based on the CI Code, ship owners or ship operators are required to notify the Central Chief Inspector using the designated notification form in the event of a marine incident, but the number of voluntary notifications is still small. In this regard, this study intends to provide a direction for improvement by conducting an in-depth analysis focusing on the lack of notification procedures and forms of the marine incident system. To this end, we analyzed related regulations, cases of excellent overseas shipping countries such as the United Kingdom and Singapore, cases of similar domestic transportation systems such as aviation and railways, and marine incident notification procedures and forms of leading shipping companies. Major improvements in the notification process include the transition of the marine incidents to voluntary reporting, the expansion of the reporting subjects, and the identification of the security of the informer's identity. The main contents of the notification form revision include the use of the term "reporting" instead of "notification," the content of the identity guarantee in the notification form, and the increase in statistical value through the expansion of optional entries.

• Korean Security Journal
• /
• no.34
• /
• pp.139-160
• /
• 2013

Growth of minors learning space that the school is a place where many students live. Students, but in the living space of these minors values of change and chaos that occurs in addition to school safety incidents typically occur many accidents and potential for accidents to occur. Tinking of these potential events. Indifferent about the safety of schools and teachers with the much more conscious of the safety of the students lean due to being generated. Body and life, and damage to property due to these events. Accidents due to wear and sometimes liability and indemnity issues surrounding tarnished with the image of the school and teachers look forward to hearing from parents about the school deterioration, resulting in an unfavorable impact. Therefor in this essay, we are presenting case analysis may occur or re-occur. Prevent accidents that can identify and Countermeasures against accidents that occur within the school.

• Korean Security Journal
• /
• no.51
• /
• pp.153-170
• /
• 2017

The purpose of this study is to rediscover the operation of anti-terrorism system focusing on the system approach and crisis management approach for counter terrorism in Korea. According to the results of this study, it is required to establish a link between open systems and integrative system focusing on functional linkage of counter-terrorism systems, and cooperative measures with private sectors in the dimension of governance activation. Further, it is necessary to prepare legal foundations for the cooperation with private sectors and then promote open consciousness transformation through the partnership with private security for anti-terrorism activities. In addition, in its preventive stage, it is required to prepare legal systems related to biochemical terrorism for stronger regulations through crisis-managerial approach. Next, in its preparatory stage, it is necessary to prepare education and enact named Terror Prevention Day for increasing terror safety consciousness, and then extend citizen reporting reward systems to enable citizens to participate and become interested voluntarily in terror prevention. Also, it is essential to establish the substantial training system for preparing for terror occurrence. Moreover, in its response stage, it is urgent to construct networks between related institutions to manage field and spot responses with integrative management systems through information sharing. Furthermore, in its restoration stage, it is indispensible to prepare long-term management systems for injured persons and families of the deceased from terror incidents.

• Korean Security Journal
• /
• no.18
• /
• pp.1-20
• /
• 2009

Nowadays most nations around the world including Korea have experienced absolute shortages of available urban space. To solve various problems of the city, each nation constantly tends to extend the underground space. However there is a serious problem in making use of the underground space. Especially new terrorism coming into existence after 9.11 terror turns into the so-called ‘soft target’ which has something to do with public transportation facilities available to most people. Good examples are like these: poisonous gas attacks in Tokyo subway in 1995, Daegu subway station fire in 2003, serial bomb blast of London subway in 2005. In spite of being a concern on incidents related to the underground space it is inevitable to utilize the underground space and the tendency is growing. But Korea lags badly behind in foreign countries in this field and so seeking measures is urgently needed. Therefore the aim of this study is to note visible damages stemmed from the domestic and foreign underground space and propose more effective and adequate measures. Safety measures of terrorism are associated to minimize damage out of terrorism and they are as follows. In the first place, preparing protective equipment for saving a life from fire attacks and poisonous gas is needed urgently. In the second place, counterpart management on the spot and systematic security training should be established in order to minimize injury. In the third place, fire escapes must be provided for a rapid evacuation of potential unspecified individuals. In the fourth place, building up a network of related institutions is required for a systematic omnidirectional counterpart. Finally the Korean government ought to take fast and appropriate actions for the injured and bereaved family of the terror incident.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1351-1364
• /
• 2019

When SCADA is exposed to cyber threats and attacks, serious disasters can occur throughout society. This is because various security threats have not been considered when building SCADA. The bigger problem is that it is difficult to patch vulnerabilities quickly because of its availability. Digital forensics procedures and techniques need to be used to analyze and investigate vulnerabilities in SCADA systems in order to respond quickly against cyber threats and to prevent incidents. This paper addresses SCADA forensics taxonomy and research trends for effective digital forensics investigation on SCADA system. As a result, we have not been able to find any research that goes far beyond traditional digital forensics on procedures and methodologies. But it is meaningful to develop an approach methodology using the characteristics of the SCADA system, or an exclusive tool for SCADA. Analysis techniques mainly focused on PLC and SCADA network protocol. It is because the cyber threats and attacks targeting SCADA are mostly related to PLC or network protocol. Such research seems to continue in the future. Unfortunately, there is lack of discussion about the 'Evidence Capability' such as the preservation or integrity of the evidence extracting from SCADA system in the past researches.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.