• 정보처리학회논문지C
• /
• 제13C권7호
• /
• pp.851-858
• /
• 2006

위험분석은 조직의 특성을 반영하여 자산분석, 위협분석, 취약성 분석을 통하여 조직의 주요 자산에 대한 위험도를 분석하고 적절한 대응책을 제시하는 것을 목적으로 한다. 하지만, 기존의 TTA 위험분석 방법론은 전체의 개략적인 흐름은 제시하고 있으나, 각 단계에서의 구체적인 행위를 제시하지 못하고 있다. 즉 위협분석 단계에서는 어떠한 기준으로 각 위협을 어떻게 분류하여야 하는가하는 문제와 분류된 위협을 어떤 방식으로 위험도 계산에 반영해야하는가에 대한 구체적인 제시가 미흡한 현실이다. 또한 취약성 분석 단계에서는 발견되는 취약성을 어떠한 항목을 기준으로 분류하여야 하며, 발견되는 각 자산별 취약성을 위험분석의 위험도 산정에 어떤 과정을 통하여 반영해야하는가에 대한 제시 역시 미흡하다. 따라서 본 논문에서는 기존 TTA의 방법론에서 제시하고 있지 않은 위협분석과 취약성 분석 단계에서의 정량적인 평가가 가능한 방법론을 제시한다. 이를 위하여 본 논문에서는 자산 가치 평가에 조직의 비즈니스 프로세스를 기준으로 업무 영역 분류를 통한 유형자산 가치분석과 무형자산 가치분석을 수행하고 이를 바탕으로 취약성을 분석하고 위험도를 계산하였다 이러한 방법은 국내 정보시스템의 현실을 반영하고, 환경적 취약성과 기술적 취약성의 영향력을 반영하여, 조직의 자산별로 수치화된 위험도 산정을 가능하게 한다. 이는 위험분석 평가 대상조직의 자산별 위험도 분석이 가능하게 한다.

• 인터넷정보학회논문지
• /
• 제10권3호
• /
• pp.35-49
• /
• 2009

전자전 환경에서 헬기는 헬기생존체계(aircraft survivability equipment: ASE)의 다양한 센서를 통하여 수집한 데이터를 기반으로 헬기에 대한 위협을 식별한다. 헬기의 성공적인 임무 수행 및 생존을 위하여 헬기에 대한 위협을 반복적으로 확인할 수 있는 시뮬레이터의 구현은 필수적이다. 본 논문에서는 (1) 전장 헬기의 센서가 수신하는 위협요소를 정의하는 위협속성 생성기, (2) 전장환경과 유사한 위협을 정규, 균일, 지수 분포로 생성하는 위협자료 생성기 및 (3) 다양한 전장 시나리오에서 센서들이 수집한 데이터를 통합하여 위협의 방향과 정도를 사용자에게 실시간으로 보여주는 위협 분석 및 통합 표시기를 개발한다. 구현한 전장 헬기의 다중센서 위협 시뮬레이터를 이용하여 생성된 다양한 시나리오에서 다수의 위협에 대한 통합정확도를 측정하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3420-3436
• /
• 2020

Due to the increasing number of malicious software (also known as malware), methods for sharing threat information are being studied by various organizations. The Malware Attribute Enumeration and Characterization (MAEC) format of malware is created by analysts, converted to Structured Threat Information Expression (STIX), and distributed by using Trusted Automated eXchange of Indicator Information (TAXII) protocol. Currently, when sharing malware analysis results, analysts have to manually input them into MAEC. Not many analysis results are shared publicly. In this paper, we propose an automated MAEC conversion technique for sharing analysis results of malicious Android applications. Upon continuous research and study of various static and dynamic analysis techniques of Android Applications, we developed a conversion tool by classifying parts that can be converted automatically through MAEC standard analysis, and parts that can be entered manually by analysts. Also using MAEC-to-STIX conversion, we have discovered that the MAEC file can be converted into STIX. Although other researches have been conducted on automatic conversion techniques of MAEC, they were limited to Windows and Linux only. In further verification of the conversion rate, we confirmed that analysts could improve the efficiency of analysis and establish a faster sharing system to cope with various Android malware using our proposed technique.

• The Journal of Asian Finance, Economics and Business
• /
• 제8권2호
• /
• pp.1017-1023
• /
• 2021

This research aims to determine the effect of customers' threat emotion and price on the decision to purchase a certain smartphone product. This study uses a quantitative method with a type of descriptive and causal research. It employs non-probability sampling with purposive sampling, with 385 respondents to answer the questionnaires. Data analysis techniques used descriptive analysis and multiple linear regression analysis. Based on the results of descriptive analysis of emotion, price and purchasing decisions are in sync with each other. The results of multiple linear regression analysis techniques indicate the threat emotion and brand trust are influential against the positive decision to purchase smartphone products. The magnitude of the influence of emotions and price have simultaneous effect on purchasing decisions and other decision variables, which are not included in this study, also play minor role in determining purchase intention, such as product quality, brand image and others. Partially, threat emotion and brand trust have a positive effect toward purchasing decisions. The magnitude of the highest influence was the one of price, then followed by emotional threats. The findings of this study suggest that psychological and behavioral effects also play important roles in determining customers' purchase decision.

• International Journal of Contents
• /
• 제15권1호
• /
• pp.32-38
• /
• 2019

In an environment where a large number of weapons are operated compared to a large number of ground targets, it is important to monitor and manage the targets to set up a fire plan, and through their multilateral analysis, to equip them with a priority order process for targets having a high threat level through the quantitative calculation of the threat level. Existing studies consider the anti-aircraft and anti-ship targets only, hence, it is impossible to apply the existing algorithm to ground weapon system development. Therefore, we proposed an effective threat evaluation algorithm for multiple ground targets in multi-target and multi-weapon environments. Our algorithm optimizes to multiple ground targets by use of unique ground target features such as proximity degree, sorts of weapons and protected assets, target types, relative importance of the weapons and protected assets, etc. Therefore, it is possible to maximize an engagement effect by deducing an effective threat evaluation model by considering the characteristics of ground targets comprehensively. We carried out performance evaluation and verification through simulations and visualizations, and confirmed high utility and effect of our algorithm.

• 정보보호학회논문지
• /
• 제28권1호
• /
• pp.135-143
• /
• 2018

최근 소니 사에서 PS4(PlayStation4)와 PC 간의 인터넷 연결을 통한 리모트 플레이 서비스를 런칭하였다. 이 서비스는 외부 네트워크와 PS4가 설치된 환경의 네트워크 연결을 가능하게 하였다. 새로운 서비스로 인해 리모트 환경에서 추가적인 보안 위협이 발생할 수 있으며 이를 분석하고 그에 대한 대안을 마련해야 한다. 본 논문에서는 위협 모델링 기법을 이용해 새로이 나타나는 보안 위협을 파악하고 도출한 위협에 대해 비용대비 분석, 유용성 분석을 진행하여 합리적인 보안 대책을 세울 것이다.

• 한국산업정보학회논문지
• /
• 제22권2호
• /
• pp.15-25
• /
• 2017

A System can be more Dependable from some types of Threats if the Dependability Level Against the Threat on the System is Increased. However, The Dependability-performance Tradeoff should be Considered because the Increased Dependability may Degrade the Performance of the System. Therefore, it is Efficient to Temporally Increase the Dependability Level to High only when an Threat is Predicted on the System in a Short time while Maintaining the Level in Low or mid in Normal Situations. In this Paper, we Present a Threat Prevention Strategy for a Networked Node by Dynamically Changing the Dependability Level According to the Threat Situation on its Logically/physically Neighboring Nodes. As case Studies, we Employ our Strategy to an Internet Server Against TCP SYN Flood Attacks and to a Checkpoint and Rollback System Against Transient Faults. Our Performance Analysis Shows that our Strategy can Effectively Relieve the Damage of the Failure without Serious Performance Degradation.

• 정보처리학회 논문지
• /
• 제13권6호
• /
• pp.278-283
• /
• 2024

소프트웨어를 구현할 때 인간의 생명에 위협이 될 수 있는 부작용이 발생할 수 있습니다. 그러므로 소프트웨어가 안전에 미치는 영향을 측정하고 위협을 완화하고 예방하기 위한 대안을 만드는 것이 필요합니다. 위협 요소에 의한 영향도 측정을 위하여 소프트웨어 안전 진단을 수행하기 위한 구성요소가 필요하다. 본 논문은 소프트웨어의 위협 요인을 내부 요인과 외부 요인으로 분류하고 이러한 위협 요인의 영향을 정량적으로 시연하는 것을 목표로 합니다.

• 품질경영학회지
• /
• 제51권4호
• /
• pp.643-662
• /
• 2023

Purpose: The purpose of this study was to understand an individuals' COVID-19 vaccine acceptance intention during the peak of the pandemic by utilizing the coping theory and technology threat avoidance theory (TTAT) as a framework. Specifically, we focused on understanding how inward and outward emotion-focused coping (EFC), such as psychological distancing and emotional support seeking, affect problem-focused behavior (PFC), which is vaccine acceptance. Furthermore, we investigate how the individuals' cognitive appraisal to- ward COVID-19, consisted of perceived threat and perceived avoidability act as an antecedent of EFC. Methods: A PLS-SEM analysis was conducted to find the causal relation between the variables. An online survey was conducted targeting vaccination recipients on April, 2021. Participants were asked about their perception toward the virus, their coping strategy, and vaccine acceptance intention. A total of 186 valid samples were collected and used for the analysis. Furthermore, to analyze the out-of-sample predictive power of the research model and ensure the generalizability of the results, a PLSpredict analysis was conducted. Results: The results of the PLS-SEM analysis show that perceived threat toward COVID-19 significantly affect an individuals' EFC strategy. Furthermore, both types of inward EFC (psychological distancing, wishful thinking) negatively affected vaccine acceptance intention. On the other hand, emotional support seeking, which is a type of outward EFC, positively affected vaccine acceptance. The result of the PLSpredict analysis confirms the generalizability of the PLS-SEM result. Conclusion: The results of our study could be utilized to decrease vaccine hesitancy and prevent global pandemics by accelerating and increasing vaccination. Our study provides several meaningful implications to researchers and practitioners regarding vaccine acceptance and threat coping behavior.

• 디지털산업정보학회논문지
• /
• 제13권4호
• /
• pp.125-139
• /
• 2017

In this paper, we developed a framework to detect and predict insider information leakage by collecting and restoring network traffic. For automated behavior analysis, many meta information and behavior information obtained using network traffic collection are used as machine learning features. By these features, we created and learned behavior model, network model and protocol-specific models. In addition, the ensemble model was developed by digitizing and summing the results of various models. We developed a function to present information leakage candidates and view meta information and behavior information from various perspectives using the visual analysis. This supports to rule-based threat detection and machine learning based threat detection. In the future, we plan to make an ensemble model that applies a regression model to the results of the models, and plan to develop a model with deep learning technology.