• Journal of Korea Multimedia Society
• /
• v.19 no.8
• /
• pp.1320-1328
• /
• 2016

In this paper, we propose a novel security system using hand gesture recognition. Proposed system does not create a password as numbers, but instead, it creates unique yet simple pattern created by user's hand movement. Because of the fact that individuals have different range of hand movement, speed, direction, and size while drawing a pattern with their hands, the system will be able to accurately recognize only the authorized user. To evaluate the performance of our system, various patterns were tested and the test showed a satisfying result.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.89-94
• /
• 2018

In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.745-746
• /
• 2016

The design phase is a process that is embodied to be interpreted and implemented in a requirement of the system information in the analysis phase. In the design phase, the design privacy, information security test plan is established, activities are carried out.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.684-687
• /
• 2013

빅데이터 환경은 수많은 데이터의 조합으로 가치를 발견하여 이를 활용하는 것이다. 이러한 환경의 전제조건은 데이터의 공개 및 공유 개방이 될 것이다. 하지만 데이터 공개 시 개인정보와 같은 정보가 포함되어 법적 도덕적인 문제나 공개된 정보의 범죄 활용 등 2차적인 피해가 발생할 수 있어 데이터 공개 시 개인정보에 대한 익명화가 반드시 필요하다. 하지만 익명화된 데이터는 다른 정보와 결합을 통하여 재식별되어 비익명화 될 가능성이 항상 존재한다. 따라서 본 논문에서는 데이터 공개 시 익명화된 데이터를 공개하기 전에 재식별성에 대한 위험을 평가하는 테스트 방법론을 제안한다. 제안하는 방법론은 실제 테스트를 수행하는 3가지 과정 및 테스트 레벨 설정과 익명화 시 고려해야 할 부분으로 이루어져 있다. 제안하는 방법론을 통하여 안전한 데이터 공개 환경이 조성되어 빅데이터 시대에 개인정보에 안전한 데이터 공유와 개방이 이루어질 것으로 기대한다.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• International journal of advanced smart convergence
• /
• v.11 no.4
• /
• pp.10-19
• /
• 2022

AI-based Network Intrusion Detection Systems (AI-NIDS) detect network attacks using machine learning and deep learning models. Recently, unsupervised AI-NIDS methods are getting more attention since there is no need for labeling, which is crucial for building practical NIDS systems. This paper aims to test the impact of designing autoencoder models that can be applied to unsupervised an AI-NIDS in real network systems. We collected security events of legacy network security system and carried out an experiment. We report the results and discuss the findings.

• Asia pacific journal of information systems
• /
• v.30 no.2
• /
• pp.328-352
• /
• 2020

If a firm announces an investment in IT security, how the market value of its competitors reacts to the announcement? We try to shed light on this question through an event study design. To test the relationship, we collected 143 announcements on cybersecurity investment and measured the subsequent impact on 533 competitors' abnormal returns, spanning from 2000 to 2019. Our estimation results present that, on average, the announcements have no observable impact on the market value of announcing firms and competitors as well, which is consistent with findings of a prior study. Interestingly, however, the impact becomes evident when we classify our samples by industries (Finance vs. non-Finance or ICT vs. non-ICT) and firm size (Big vs. Small). We interpret our empirical findings through the lenses of contagion effect and competition effect between announcing firms and their competitors. Key finding of our study is that, for financial service firms, the effect resulting from the announcement on cybersecurity investment transfers to competitors in the same direction (i.e., contagion effect).

• Asia pacific journal of information systems
• /
• v.33 no.3
• /
• pp.603-623
• /
• 2023

While prior work has conducted individuals' password security behavior, there is a relatively neglect to examine individuals' affect and feelings of password fatigue in password change context. Therefore, this study explicated individuals' affective response to the feelings of password fatigue by drawing on several theoretical lens. Survey data collected from 267 users were used to test the model using partial least square analysis. This study found that feelings of password fatigue positively affected the negative password fatigue-induced affect, and also both the feelings of password fatigue and the negative password fatigue-induced affect were negatively related to attitude toward changing passwords, which in turn, leads to the intention to change passwords. Furthermore, this study found that shadow work recognition negatively moderated the relationship between attitude and behavioral intention. This study could offer a new theoretical perspective to understand an individual's security behavior and provide empirical evidences for practitioners in charge of IT security in organizations.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.33-39
• /
• 2008

Software failure time presented in the literature exhibit either constant, monotonic increasing or monotonic decreasing. For data analysis of software reliability model, data scale tools of trend analysis are developed. The methods of trend analysis are arithmetic mean test and Laplace trend test. Trend analysis only offer information of outline content. In this paper, we discuss exponentially weighted moving average chart, in measuring failure time. In control, exponentially weighted moving average chart's uses are efficiency case of analysis with knowing information, Using real software failure time, we are proposed to use exponentially weighted moving average chart and comparative analysis of software failure time.

• Journal of Korean Society of Disaster and Security
• /
• v.10 no.1
• /
• pp.35-42
• /
• 2017

This is a comparative study on the characteristics of excavated soils, which is proceeded using soil strength parameter by literature, geotechnical investigation, standard penetration test by drilling, and downhole test by borehole at six sites in urban areas. The results of these site surveys are used as basic data for the evaluation and development of prediction of ground subsidence risk. Geotechnical properties are estimated with the result of standard penetration test-N value and literature. The dynamic geotechnical characteristics are also estimated with top-down seismic exploration at borehole.