• Journal of the Korea Society of Computer and Information
• /
• v.15 no.9
• /
• pp.99-107
• /
• 2010

This paper showed that the integrated system to fortify security was much more efficient than the respective system through the analysis of problems from Firewall and IPS system in the existing security systems. The results of problem analysis revealed that there were the delay of processing time and lack of efficiency in the existing security systems. Accordingly, their performance was evaluated by using the separated Firewall, IPS system, and the integrated system. The result of evaluation shows that the integrated security system this paper suggested is five times faster than the existing one in terms of processing speed of response. This paper demonstrated the excellence of the proposed security system is also more than fivefold in session handling per second and six times process speeding in the CPU processing performance. In addition, several security policies are applied, and it provided a fact that it gave an excellent performance when it comes to protecting from harmful traffic attacks. In conclusion, this paper emphasized that fortifying the integrated security system was more efficient than fortifying the existing one considering in various respects such as cost, management, time, space and so on.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.135-144
• /
• 2009

This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.5
• /
• pp.29-39
• /
• 2017

In this paper, we analyse security threats and security requirements about the designated PC solution which restricts usable PCs that are only an user own PCs or a registered PC for online banking or very important services. Accordingly, causable threats of the designated PC solution are classified a process, a network layer, a software module, and an environment of platform, and we draw security requirements based on analysed security threats. Results of this research are considered utilization of criteria for improving security of the designated PC solution and standards for giving hint of imposition of the designated PC solution.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.107-114
• /
• 2023

The study provides the identification of vulnerabilities in the security issues by Wireless Network. To achieve it the research focus on packet flow analysis, end to end data communication, and the security challenges (Cybercrime, insider threat, attackers, hactivist, malware and Ransomware). To solve this I have used the systematic literature review mechanisms and demonstrative tool namely Wireshark network analyzer. The practical demonstration identifies the packet flow, packet length time, data flow statistics, end- to- end packet flow, reached and lost packets in the network and input/output packet statics graphs. Then, I have developed the proposed model that used to secure the Wireless network solution and prevention vulnerabilities of the network security challenges. And applying the model that used to investigate the security challenges and vulnerabilities of cloud computing services is used to fulfill the network security goals in Wireless network. Finally the research provides the model that investigate the security challenges and vulnerabilities of cloud computing services in wireless networks

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.07a
• /
• pp.110-111
• /
• 2018

모바일 게임 시장의 성장과 함께 보안 위협도 함께 증가하고 있는 것이 현재 상황이다. 게임 앱을 해킹하여 결제를 우회한 뒤 금전적 이익을 가로채거나, 원작 게임의 복제 앱을 만들어 부당이득을 취하는 일이 빈번하게 발생하고 있다. 본 논문에서는 모바일 게임 보안을 위하여 위협 인텔리전스와 같은 기술을 기반으로 모바일 게임에서 악용되고 있는 단순한 공격 유형들을 대상으로 사전에 수집 분석하여 지능형 공격을 차단할 수 있는 방안을 제시한다.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.355-362
• /
• 2021

Through the Korean version of the New Deal 2.0, manufacturing-oriented SMEs are facing a new environmental change called smart factory construction. In addition, SMEs are facing new security threats along with a contactless environment due to COVID-19. However, it is practically impossible to apply the previously researched and developed security management system to protect the core technology of manufacturing-oriented SMEs due to the lack of economic capacity of SMEs. Therefore, through research on security management systems suitable for SMEs, it is necessary to strengthen their business competitiveness and ensure sustainability through proactive responses to security threats faced by SMEs. The security management system presented in this study is a security management system to prevent technology leakage applicable to SMEs by deriving and reflecting the minimum security requirements in consideration of technology protection point of view, smart factory, and remote access in a non-contact environment. It is also designed in a modular form. The proposed security management system is standardized and can be selectively used by SMEs.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.773-777
• /
• 2007

Very various infusion by development of systems that is based on network is spread. Therefore, Evaluation Tool has been an active research area to reduce the risk from intrusion. On this thesis, during threat assesment, we have planned possible an equal-weight applied assesment and considering the characteristics of the organization an assesment which security factor's weight is variably applied to, and respective organizations to examine its security by itself in order to support the easy findings of the vulnerabilities on the management point of view, and to show the advices to practice.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.197-199
• /
• 2022

IoT(Internet of Things) 디바이스가 상호연결됨에 따라 융합환경인 IoBE(Internet of Things Blended Environment)가 발전하고 있다. 그러나 IoBE 내 IoT 디바이스가 상호연결되고, 네트워크가 복잡해짐에 따라 공격 표면도 증가하고 있다. 이를 통해 증가한 공격 표면에서 서로 다른 취약점들이 복합된 보안위협인 BT(Blended Threat)가 나타날 수 있다. 기존에 보안위협 대응을 위한 프레임워크 중 하나로 Cyber Kill Chain이 활용되고 있지만, 이는 공격자가 한 번의 공격을 수행하는 과정을 분석하므로 IoBE에서 발생 가능한 BT에 적용하기 어렵다. 따라서, 본 논문에서는 IoBE 내 BT 기반 공격에 대한 분석이 가능한 IoBE Kill Chain을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.98-100
• /
• 2023

IoT(Internet of Things) 기기를 활용하는 분야가 증가함에 따라 스마트 팩토리, 스마트 그리드 등 융합환경이 발전되었으며, 융합환경이 상호연결되는 IoBE(Internet of Things Blended Environment)가 조성되고 있다. 그러나, IoBE 구성요소가 복잡해짐에 따라 공격 표면이 증가하고, 기존에 알려진 보안위협이 융·복합되어 새로운 형태의 보안위협인 복합위협(BT, Blended Threat)이 발생할 수 있다. BT는 다양한 보안위협이 복합적으로 연계되어 발생함에 따라 예측하여 대응하기에 기존 보안위협보다 상대적으로 어려우며, 이에 대응방안 간의 조합을 통해 보안위협에 유동적으로 대응하는 동적 보안 프레임워크가 필요하다. 따라서, 본 논문에서는 BT에 대한 대응방안 동적 조합 프레임워크를 제안한다.