• 한국산업정보학회논문지
• /
• 제26권5호
• /
• pp.69-77
• /
• 2021

본 논문에서는 기업의 IT시스템에 대한 위협에 대응하고자 하는 기업의 자산을 지켜주는데 매우 중요한 영역인 보안관제 위협정보를 확인하고자 한다. 보안관제는 보안 장비에서 발생한 이벤트, 로그를 중심으로 실시간 분석하여 위협을 판정하고 대응한다. 보안관제 업무에 있어서 우선적으로 위협정보를 평판정보와 분석정보로 구분하여 우선순위를 도출하고자 한다. 평판정보는 Hash, URL, IP, Domain으로 구성하였으며, 분석정보는 E-mail, CMD-Line, CVE, 공격동향정보로 구성하여 분석하였다. 연구결과, 평판정보의 우선순위가 상대적으로 높았으며 위협정보에 대한 정확성과 대응성을 높이는 것에 의의가 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권8호
• /
• pp.3888-3910
• /
• 2018

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables' influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.

• 전력전자학회논문지
• /
• 제22권3호
• /
• pp.223-230
• /
• 2017

A low-cost BLDC motor with hall sensor is used to drive the position control of a facility security monitoring system in this paper. Low measurable frequency of the hall sensor signal in low-speed regions results in difficulty in obtaining accurate speed detection and position control. To improve system control performance, we propose a variable gain of position controller and stop mode control scheme according to the motor speed and error position with pre-set deceleration time. The proposed stop mode control scheme is activated around the stop position to forcibly move the BLDC motor to the stop position in low speed. In the proposed stop mode, the motor current is controlled by the actual speed with the reference rotating angle. The control performance of the proposed position control is verified through experiments at the actual rail guided facility security monitoring system.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 2003년도 학술회의 논문집 정보 및 제어부문 B
• /
• pp.868-870
• /
• 2003

In this paper, I have implemented the security system using shell script that periodically checking the security elements of unix system for security it transmit to a monitoring server and monitoring many clients. Agent of client executing by crontab scheduler, Environment of server to receive data use restricted TFTP in SunOS. And then, Because of using shell script, apply shell to system with flexible, control performance, and can meet on a sudden situation.

• 융합보안논문지
• /
• 제19권4호
• /
• pp.143-150
• /
• 2019

최근 ICT기술이 발전함에 따라 사이버공격 또한 지능화, 고도화 되고 있다. 이러한 사이버공격에 대응하기 위해서는 24시간 365일 보안관제체계를 유지해야 하며, 이를 위해 보안관제는 필수적인 교대근무를 해야 한다. 보안관제요원은 24시간동안 교대근무를 통해 사이버공격에 맞서 실시간으로 대응할 수 있어야 하나 2018년 근로기준법 개정에 따라 인력과 보안관제 근무체계에 영향을 주게 되었다. 따라서 본 논문에서는 주 52시간 근무시간 단축에 따른 효율적인 보안관제 근무체계를 제안한다.

• 융합보안논문지
• /
• 제11권5호
• /
• pp.3-12
• /
• 2011

국가정보원 자료에 의하면, 산업기술 유출로 인한 피해액은 수십 조원에 이르고 있고, 피해유형은 내부자 유출, 공동 연구, 해킹, 불법유출, 위장합작 등으로 나눌 수 있으나 그 중 80%가 물리적인 보안과 연계된 내부자 유출로 나타나고 있다. IT와 비IT의 융합이 가속화되고 영역간의 경계 및 구분이 불명확해지면서 정보보호산업은 점차 지식정보보안산업으로 확대되는 개인정보보호중심으로 지속적으로 성장해왔으나, 향후 정보보호산업은 IT 보안기술 및 제품간 융합, IT 보안과 물리 보안간 융합, IT 융합산업보안으로 집중된다. 본 논문에서는 기업 정보유출 방지를 위해서 논리적 보안과 물리적 보안이 모두 동일 수준에서 관리되어야 하며, 특히, 물리적인 보안시스템(출입통제시스템, 영상보안시스템 등)과 IT 통합보안관제시스템의 융합으로 외부 공격 및 내부자 유출의 예방, 차단, 분석의 시너지효과를 극대화 할 수 있는 융합보안관제시스템 개선 모델을 제안한다.

• Journal of information and communication convergence engineering
• /
• 제18권1호
• /
• pp.16-21
• /
• 2020

Owing to the convergence of the communication network with the control system and public network, security threats, such as information leakage and falsification, have become possible through various routes. If we examine closely at the security type of the current control system, the operation of the security system focuses on the threats made from outside to inside, so the study on the detection system of the security threats conducted by insiders is inadequate. Thus, this study, based on "Spotting the Adversary with Windows Event Log Monitoring," published by the National Security Agency, found that event logs can be utilized for the detection and maneuver of threats conducted by insiders, by analyzing the validity of detecting insider threats to the control system with the list of important event logs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권2호
• /
• pp.515-528
• /
• 2012

The aim of this article is to provide a study on the issue of inventory inaccuracy and to show the manner in which RFID technology can improve the inventory management performance. The objective of inventory control is to monitor the stock flow of merchandises in order to understand the operating profit and loss. A proper mechanism of inventory control could be made to help the profitability. As RFID is applied to inventory control, it can improve efficiency, enhance accuracy and achieve security. In this paper, we introduce the evolution of different mechanisms of inventory control with RFID system-counting method, collect-all method, and continuous monitoring method. As for improving the accuracy of inventory check during business hours, continuous monitoring is the solution. We introduce the infrastructure of the RFID inventory management system based on M2M architecture can make the inventory be efficiently monitored with instant warnings.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권2호
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• 한국컴퓨터정보학회논문지
• /
• 제20권8호
• /
• pp.35-43
• /
• 2015

Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.