• The Korean Journal of Applied Statistics
• /
• v.29 no.7
• /
• pp.1173-1183
• /
• 2016

In this paper, we proposed an information security risk index to diagnose users' malware infection situations (such as computer virus and adware) by gathering data from KT network systems. To develop the information security risk index, we used the analytic hierarchy process methodology and estimated the risk weights of malware code types using the judgments of experts. The control chart could be used effectively to forecast the information security risk for the proposed information security risk index data.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.71-76
• /
• 2012

As the use of Mashups, web3.0, JavaScript and AJAX(Asynchronous JavaScript XML) widely increases, the new security threats for web vulnerability also increases when the web application services are provided. In order to previously diagnose the vulnerability and prepare the threats, in this paper, the classification of security threats and requirements are presented, and the web vulnerability is analyzed for the domestic web sites using WVS(Web Vulnerability Scanner) automatic evaluation tool. From the results of vulnerability such as XSS(Cross Site Scripting) and SQL Injection, the total alerts are distributed from 0 to 31,177, mean of 411, and standard deviation of 2,563. The results also show that the web sites of 22.5% for total web sites has web vulnerability, and the previous defenses for the security threats are required.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.25-31
• /
• 2012

The SSE-CMM model is how to verify the level of information protection as a process-centric information security products, systems and services to develop the ability to assess the organization's development. The CMM is a model for software developers the ability to assess the development of the entire organization, improving the model's maturity level measuring. However, this method of security engineering process improvement and the ability to asses s the individual rather than organizational level to evaluate the ability of the processes are stopped. In this research project based on their existing research information from the technical point of view is to define the maturity level of protection. How to diagnose an information security vulnerabilities, technical security system, verification, and implementation of technical security shall consist of diagnostic status. The proposed methodology, the scope of the work place and the current state of information systems at the level of vulnerability, status, information protection are implemented to assess the level of satisfaction and function. It is possible that measures to improve information security evaluation based on established reference model as a basis for improving information security by utilizing leverage.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.27-33
• /
• 2015

In this paper, the development level of information security technology for internet of things(Iot), big data and clo ud services is analyzed, and the detail policy is proposed to be leader in area of patents and ICT standard. The conc ept of ICT convergence is defined frist, market and current state of technology for three convergence services is the n analyzed, and finally main function and security target for each technology are presented. The evaluation criteria a nd IPR are analyzed to diagnose the level of patent and standard for the technology. From the results, even though the domestic competence is inferior compared to other advanced country, the efficient policy should be presented by using our capability for the big data and cloud. Furthermore, the technology development for the IoT and cloud is ne eded in advance considering the market-technology influence effects. In addition to, M2M security framework in IoT, data security in big data and reliable networking in cloud should be developed in advance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.632-634
• /
• 2000

최근에 일어나는 해킹 사고의 대부분은 스캐닝 도구를 사용하여 일차적으로 공격하고자 하는 시스템의 취약점 정보를 수집한 다음, 이를 바탕으로 시스템에 대해 공격을 시도하고 있다. 하지만, 대부분의 네트워크 시스템 관리자들은 자신의 시스템의 취약점에 대한 정보 부족과 기술 부족으로 인하여 무방비 상태로 관리하고 있는 실정이다. 그리고 대부분은 스캐닝 도구들은 처음에는 시스템 보안취약점 진단 목적으로 개발되었으나, 해커들에 의해 악용되고 있다. 따라서, 본 논문에서는 보안에 미숙한 관리자도 시스템의 취약점을 쉽게 발견하고 이를 바탕으로 하여 취약점을 보완할 수 있도록 웹 기반에서 시스템 보안 취약점을 진단하는 시스템을 제안하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.823-830
• /
• 2002

Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we propose the model of generalized security policies. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. In the generalization process of security policies. we first diagnose the security status of monitored networks by analyzing security goals, requirements, and security-related information that security agents collect. Next, we decide the security mechanisms and objects for security policies, and then evaluate the properness of them on the basis of security goals, requirements and a policy list. With the generalization process, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.

• Journal of National Security and Military Science
• /
• s.13
• /
• pp.109-136
• /
• 2016

Define the importance and role of the acquisition strategy based on the Defense Acquisition Management System, diagnose and analyze the actual state of document preparation. We analyzed the timing and details of the basic strategy of the project in 2015 and suggested a supplementary plan to improve the efficiency of Military force improvement projects in conjunction with the Defense Planning and Management System. It is necessary to reduce the preparation period including the policy decision making process and then divide it into planning and programming stages to complement the role of acquisition strategy. In order to apply these improvements, the necessary revision of laws and regulations to be reviewed is referred to, enabling continuous research.

• Journal of Multimedia Information System
• /
• v.7 no.1
• /
• pp.55-72
• /
• 2020

As the IT service environment grows, it is critical in terms of IT service quality to minimize the occurrence of failures due to changes in applications and to diagnose and recover in a short period of time how failure will affect the business. Thus, the Defense Acquisition Program Administration (DAPA) has been building and operating ITSMs to implement IT service management in a leading manner. Information Technology Service Management (ITSM) is divided into events, obstacles, changes, versions and setup management to ensure flexibility and stability in service delivery. It is also operated separately from service level, availability, capacity, financial and IT service continuity management to ensure service quality and cost efficiency. Based on ITSM military service history, this study looks at the impact of quality of service on value, satisfaction, and trust. The results of the analysis are highly valuable for future ITSM implementation and operation.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.223-229
• /
• 2021

Classification of different blood cell types is an essential task for human's medical treatment. The white blood cells have different types of cells. Counting total White Blood Cells (WBC) and differential of the WBC types are required by the physicians to diagnose the disease correctly. This paper used transfer learning methods to the pre-trained deep learning models to classify different WBCs. The best pre-trained model was Inception ResNetV2 with Adam optimizer that produced classification accuracy of 98.4% for the dataset comprising four types of WBCs.