• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.551-558
• /
• 2016

The recent convergence in ICT industry has created new businesses as well as other opportunities. However, it entails new convergence threat accompanied by security risks. Even though there are security professionals who are dealing with the situation, there is not enough human resource in risk management. Moreover, the amount of research that studies quality of education and training security personnel is not sufficient. This paper explores the curriculum of information security education in the private sector and reasons out fifteen standard curriculums in four professional fields categorized by job classification. In addition, it provides a weighted score table based on the evaluation indicator for the effective security education certificates in the private sector.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.285-296
• /
• 2016

Recently, as the widespread use of Facebook through a smartphone or tablet PC, it has increased the threat that contains the malicious code to post a social attacks and comments that use personal information that has been published of Facebook. To solve these problems, Facebook is, by providing a security function, but would like to address these threats, in setting the security function, the security function of the user's convenience is not considered a properly there is a problem that is not in use. Thus, in this paper, on the basis of the information obtained via the cogTool, on Facebook security features, the user experience by presenting a method that can be quantitatively measured by this, the user convenience It classifies about Facebook security features to decrease.

• Journal of Advanced Navigation Technology
• /
• v.12 no.1
• /
• pp.61-67
• /
• 2008

Each organization installing and operating multimedia system, to achieve the goal of organization, should decide security level, implement security countermeasure, and manage these countermeasures to keep the effects. To decide and manage security level of multimedia system, the first, organizations must be able to decide security level, and then, organizations must establish procedures for building security countermeasures according to security level. For the next step, organizations must be able to select areas where security countermeasures should be applied, and the last, organizations must be able to evaluate and improve the effect of security countermeasures. In this paper, based on the analysis of threat to multimedia system and the consideration for multimedia assets, we propose a method for deciding security level of multimedia system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.175-185
• /
• 2019

The security control is to protect IT system from cyber infringement by deriving valid result values in the process of gathering and analyzing various information. Currently, security control is very effective by using SIEM equipment which enables analysis of systematic and comprehensive viewpoint based on a lot of data, away from analyzing cyber threat information with only fragmentary information. However, It can also be said that cyber attacks are analyzed and coped with the manual work of security personnel. This means that even if there is excellent security equipment, the results will vary depending on the user using. In case of operating a characteristic web service including information provision, This study suggests the basic point of security control through characteristics information analysis, and proposes a model for intensive security control through the type discovery and application which enable a step-wise analysis and an effective filtering. Using this model would effectively detect, analyze and block attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.167-176
• /
• 2024

Chatbot services are used in various fields in connection with AI services. Security research on AI is also in its infancy, but research on practical security in the service implementation stage using it is more insufficient. This paper analyzes the security requirements for chatbot services linked to AI services. First, the paper analyzes the recently published papers and articles on AI security. A general implementation model is established by investigating chatbot services provided in the market. The implementation model includes five components including a chatbot management system and an AI engine Based on the established model, the protection assets and threats specialized in Chatbot services are summarized. Threats are organized around threats specialized in chatbot services through a survey of chatbot service managers in operation. Ten major threats were drawn. It derived the necessary security areas to cope with the organized threats and analyzed the necessary security requirements for each area. This will be used as a security evaluation criterion in the process of reviewing and improving the security level of chatbot service.

• Korean Security Journal
• /
• no.53
• /
• pp.63-79
• /
• 2017

Defence Security Command is the only military intelligence and investigation agency which is in charge of safeguarding military information and investigating specific crimes such as subversion and disloyalty in military. While the presidential security provided by Defence Security Command, along with Presidential Security Service(PSS) and the police, forms one of three pillars sustaining presidential security, its works and activities have been rarely known to the public due to the military confidentiality. This study looks into some data specialized into the presidential security among works of Defense Security Command by using various resources such as biographies of key people, media reports, and public materials. It reviews the presidential security works in a historical sense that the works have developed and changed in accordance with the historical changes of Defense Security Command, which was rooted in Counter-Intelligence Corps (Teukmubudae in Korean) in 1948 and leads to the present. The study findings are as follows. First, when the Korean War broke out in 1950 and since then the South Korea was under the threat of the North Korean armed forces and left wing forces, Counter-Intelligence Corps(Bangcheopdudae in Korean) took the lead in presidential security more than the police who was in charge of it. Secondly, even after the Presidential Security Office has founded in 1963, the role of the military on presidential security has been extended by changing its titles from Counter-Intelligence Corps to Army Security corps to Armed Forces Security Command. It has developed their provision of presidential security based on the experience at the president Rhee regime when they could successfully guard the president Rhee and the important government members. Third, since the re-establishment into Defence Security Command in 1990, it has added more security services and strengthened its legal basis. With the excellent expertise, it played a pivotal role in the G20 and other state-level events. After the establishment of the Moon Jaeinin government, its function has been reduced or abolished by the National Defense Reform Act. However, the presidential security field has been strengthening by improving security capabilities through reinforcing the organization. This strengthening of the security capacity is not only effective in coping with the current confrontation situation with the hostile North Korean regime, but also is important and necessary in conducting constant monitoring of the military movement and security-threat factors within military during the national security events.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.2
• /
• pp.702-723
• /
• 2020

The application of machine learning (ML) in intrusion detection has attracted much attention with the rapid growth of information security threat. As an efficient multi-label classifier, kernel extreme learning machine (KELM) has been gradually used in intrusion detection system. However, the performance of KELM heavily relies on the kernel selection. In this paper, a novel multiple kernel extreme learning machine (MKELM) model combining the ReliefF with nature-inspired methods is proposed for intrusion detection. The MKELM is designed to estimate whether the attack is carried out and the ReliefF is used as a preprocessor of MKELM to select appropriate features. In addition, the nature-inspired methods whose fitness functions are defined based on the kernel alignment are employed to build the optimal composite kernel in the MKELM. The KDD99, NSL and Kyoto datasets are used to evaluate the performance of the model. The experimental results indicate that the optimal composite kernel function can be determined by using any heuristic optimization method, including PSO, GA, GWO, BA and DE. Since the filter-based feature selection method is combined with the multiple kernel learning approach independent of the classifier, the proposed model can have a good performance while saving a lot of training time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.985-991
• /
• 2015

The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately $2^{53}$ attack complexity, much lower than $2^{98}$ insisted in the original article, when the window size is two.