• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2781-2800
• /
• 2016

Emerging attacks aim to access proprietary assets and steal data for business or political motives, such as Operation Aurora and Operation Shady RAT. Skilled Intruders would likely remove their traces on targeted hosts, but their network movements, which are continuously recorded by network devices, cannot be easily eliminated by themselves. However, without complete knowledge about both inbound/outbound and internal traffic, it is difficult for security team to unveil hidden traces of intruders. In this paper, we propose an autonomous anomaly detection system based on behavior profiling and relation mining. The single-hop access profiling model employ a novel linear grouping algorithm PSOLGA to create behavior profiles for each individual server application discovered automatically in historical flow analysis. Besides that, the double-hop access relation model utilizes in-memory graph to mine time-sequenced access relations between different server applications. Using the behavior profiles and relation rules, this approach is able to detect possible anomalies and violations in real-time detection. Finally, the experimental results demonstrate that the designed models are promising in terms of accuracy and computational efficiency.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2002.11a
• /
• pp.72-81
• /
• 2002

Management for security product and application is becoming more difficult because they became more specialized. Most of research is focused on combining policies for information security management policy, security standard, and security tools. However, there are no researches for total solution for both application and security policy. Thereby, the purpose of this research is to propose a remote integrated management system based on linux. The system could efficiently manage data update for application and policy update for a server supporting the distinct configuration of each server. By using the remote integrated management system, system manager with poor secure knowledge also could easily manage their system securely.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.11a
• /
• pp.72-81
• /
• 2002

Management for security product and application is becoming more difficult because they became more specialized. Most of research is focused on combining policies for information security management policy, security standard, and security tools. However, there are no researches for total solution for both application and security policy. Thereby, the purpose of this research is to propose a remote integrated management system based on linux. The system could efficiently manage data update for application and policy update for a server supporting the distinct configuration of each server. By using the remote integrated management system, system manager with poor secure knowledge also could easily manage their system securely.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.153-164
• /
• 2004

Under a large-scale client-server service environment, e.g., online games, encrypting data for acquiring information security often causes overload to the server and hence degradation of the service itself. Therefore, for reducing encryption payload, it is necessary to use adequately an efficient encryption scheme with respect to the security requirements of transmission data. In this paper, we propose a packet encryption scheme using multiple cryptosystems to realize such capability, which assigns a different cryptosystem according to the security requirements level. The proposed encryption scheme is applicable to internet services with heavy traffic ratios in which different kinds of data packets are incessantly transmitted between clients and servers. To show its effectiveness and superiority, the performance of the proposed encryption scheme is verified by experiments.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.565-572
• /
• 2001

Recently, due to the open architecture of the internet and wide spread of internet users, the cyber terror threatens to the network\`s weak point are tending grow. Until now, information security solutions are passive on security host and particular security system. This passive information security solution is weak from the attacks through the networks connected worldwide internet systems, and has limitation on the defense against cyber terror attacks. Therefore, network level integrated security function must be provided. In this paper, we consider technology limitations on the information security problems and its environment. Then we present the architecture and functions of policy-based information security services for network level active information security function. This paper also includes design of target system, which provide information security services. Finally, we discuss network level system deployment direction and discuss with Network Security Simulation.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.1
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

• Journal of Internet of Things and Convergence
• /
• v.5 no.2
• /
• pp.103-110
• /
• 2019

In this paper, we suggested how the Internet of Things (IoT) technology could be applied to an internet platform that is used for managing the customer's power grid efficiently. For an internet platform with efficient management, analysis is done by several sections; communication method, and its protocol, and also security element. From this analysis, with currently used sensors, we have presented a development method for the sensor to server data reliable communication solution and data management server with a security solution. Moreover, this paper suggests a communication module that could be used for a power grid management platform, protocol and security algorithm and also a way to build a server for managing those systems and modules.

• Korean Security Journal
• /
• no.3
• /
• pp.273-305
• /
• 2000

The knowledge substitutes the traditional factors of production - land, labor, and capital - and has become one of the most important new resources. The Internet Knowledge Society is where the knowledge is the major source of development and competition. Now more than 350mi11ion computers are connected to internet servers and the internet users are more than 250mi11ion. The purpose of this paper is to propose some key factors for implementing the Police Knowledge Management System(PKMS) based on Intranet. With Information Technology(IT), the police administrative system will be much more efficient. Introducing the If into the system is critical for restructuring the police administrative system. This paper concludes as follows : ■ Knowledge is divided into tacit and explicit one. Knowledge process is divided into acquisition, accumulation, distribution and creation of knowledge. ■ The IntraNet is composed of Web server, FTP server, electric-mail server, and is constructed security system to safety. ■ All policemen are bound to serve as a new knowledge worker. ■ Police organization needs to operate data management system. The organization also needs to the Police Knowledge Management Center(PKMC). And the Police Chief Knowledge Officers(PCKO) needs to be appointed to manage the PKMC. ■ An information and knowledge infrastructure(various databases are the most important factor) should be established within the organization to promote the self-directed management, the interactive communication, and the learning ability of the members.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.