• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2125-2128
• /
• 2003

알려진 공격 방법에 대해서는 다양한 방법으로 공격을 탐지하여 적절한 대응을 할 수 있는 반면 알려지지 않은 방법에 의한 공격은 침입탐지 시스템에서 공격 자체를 인식하지 못하므로 적절한 대응을 할 수 없게 된다. 따라서 비정상행위에 대한 탐지를 위해 데이터마이닝 기술을 이용하여 새로운 유형의 공격을 추출하고자 하였다. 특히 대용량의 데이터에 공통적으로 나타나는 순차적인 패턴을 찾는 순차분석 기법 중 PrefixSpan알고리즘을 적용하여 비정상 행위 공격을 탐지할 수 있는 방법을 제시하였다.

• Proceedings of the KIEE Conference
• /
• 2002.11b
• /
• pp.381-383
• /
• 2002

This paper proposes a MATLAB program for solving security-constrained optimal power flow using linear programming. Security-constrained optimal power flow can find an optimal generation satisfying bus voltage limits, line flow limits, reactive generation limits, even if contingency occurs. Sensitivity matrixes are obtained based on power flow solutions with and without single line contingency. This program is tested for an IEEE 14bus system with 5 generators Results shows good ability of finding optimal solution in case of a single line contingency.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.79-87
• /
• 2017

The U.S. security regulation is under the influence of each state's law; however, they are mostly similar. Among many states which has the longest history of security regulation in the U.S., state of New York has been shown security regulation for a long time. The state of New York has been emphasized the importance of security significantly because it is economically, culturally, and internationally important place at the same time. New York's state law of security business includes: 1. private investigators and bail enforcement agents and watch, guard or patrol agencies license law. 2. Security guard act of 1992~,3. Title 19 New York State's code of rules and regulation (NYCRR). The law of New York City's private security could inspire Korean private security law in many ways. First, administration of professional law and variety of licensure could be an inspiration to the Korean security services. Second, there are intimate partnership between police and private security in the U.S. New York police's private security partnership has been started since 1986 by Area Police/Private Security Liaison (APPL program) and there are about 1,300 of security companies participating. This program provides not only the simple partnership but also giving essential information for promoting public safety.

• Journal of Information Processing Systems
• /
• v.16 no.3
• /
• pp.699-717
• /
• 2020

Propagation time on permissionless blockchain plays a significant role in terms of stability and performance in the decentralized systems. A large number of activities are disseminated to the whole nodes in the decentralized peer-to-peer network, thus causing propagation delay. The stability of the system is our concern in the first place. The propagation delay opens up opportunities for attackers to apply their protocol. Either by accelerating or decelerating the propagation time directly without proper calculation, it brings numerous negative impacts to the entire blockchain system. In this paper, we thoroughly review and elaborate on several parameters related to the propagation time in such a system. We describe our findings in terms of data communication, transaction propagation, and the possibility of an interference attack that caused an extra propagation time. Furthermore, we present the influence of block size, consensus, and blockchain scalability, including the relation of parameters. In the last session, we remark several points associated with the propagation time and use cases to avoid dilemmas in the light of the experiments and literary works.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.47
• /
• pp.263-298
• /
• 2010

The global trading system is vulnerable to terrorist exploitation while the international trade is an essential element for the economic development. Customs has a unique role in the international trade to provide increased security while ensuring facilitation of the legitimate flow of goods and the role of Customs has become more and more indispensable these days. In response to this trend, the World Customs Organization(WCO), the organization of more than 170 Customs administrations all over the world, adopted an international framework("SAFE Framework") in 2005, which includes the Authorized Economic Operator(AEO) concept, whereby a party involved in the international movement of goods would be approved by Customs as complying with the supply chain security standards, and given benefits, such as simplified Customs procedure and less Customs intervention. In this stream, the Japanese government has developed and promoted AEO Program in close cooperation with the business sector, aiming at ensuring security while facilitating legitimate trade. For that purpose, Japan Customs, as a main entity in the field of international trade, has developed comprehensive AEO program with combination of programs for importers, exporters, warehouse operators, Customs brokers and logistics operators, such as forwarders and carriers, which are consistent with the "SAFE Framework" developed by the WCO. The purpose of this paper aims to analyse the introduction plans of AEO program for the trade security and trade facilitation with Japanese AEO system.

• Nuclear Engineering and Technology
• /
• v.55 no.1
• /
• pp.25-36
• /
• 2023

Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1071-1082
• /
• 2021

COVID-19 has changed a lot in our daily lives, where school classes and remote classes have been combined or converted to remote classes. Many students spent more time online, and cyberbullying, such as indiscriminate disclosure of their personal information, bullying of their classmates online, increased. In this paper, we propose an online education program as a countermeasure against cyberbullying. This program is designed for elementary, middle, and high school students and can also be used for informatics or ethics classes in the 2015 curriculum. The proposed program is divided into four major themes: 'Cyberbullying,' 'Information Security,' 'Cyber Crime,' and 'Language Violence,' and is divided into a total of ten topics according to its connection. It was organized to teach the topics evenly by grade. Also, the program's feasibility was verified by experts on the selection of educational contents and organizing of contents. In the future, it will be necessary to apply for this program and conduct an effectiveness analysis to measure whether it has effectively contributed to the decrease in cyberbullying rates among students and the improvement of coping skills.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.299-309
• /
• 2022

Human factor represents a very challenging issue to organizations. Human factor is responsible for many cybersecurity incidents by noncompliance with the organization security policies. In this paper we conduct a comprehensive review of the literature to identify strategies to address human factor. Security awareness, training and education program is the main strategy to address human factor. Scholars have consistently argued that importance of security awareness to prevent incidents from human behavior.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.477-480
• /
• 2006

IPv6는 IPv4의 주소 부족을 해결하기 위해 1998년 IETF에서 표준화된 프로토콜이다. 현재 IPv4가 수축으로 되어 있는 인터넷을 동시에 IPv6로 전환하는 것은 불가능하므로 IPv4/IPv6 혼재네트워크를 거쳐 IPv6 순수 망으로 전환될 것이다. 본 논문에서는 혼재네트워크에서 IPv4 망과 IPv6 망간의 통신을 가능하게 해주는 IPv6 전환 메커니즘 중 터널링 방식에 대해 기술하고, 보안 취약성을 테스트하기 위해 동일한 보안 취약성에 대해 각각 IPv4 패킷, IPv6 패킷, 터널링된 패킷을 캡쳐할 수 있는 구축방안을 제안한다. 제안된 방식은 IPv4, IPv6, 터널링 패킷에 대한 분석이 가능하므로 IPv6 지원을 계획하는 침입탐지, 침입차단 시스템에 활용이 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.