• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.9
• /
• pp.1011-1018
• /
• 2014

Because of the proliferation of web services through web site, web hacking attempts are increasing using vulnerabilities of the web application. In order to improve the security of web applications, we have to find vulnerabilities in web applications and then have to remove. This paper addresses a vulnerability in a web application on existing problems and analyze and propose solutions to the vulnerability. This paper have checked the stability of existing web security solutions and evaluated its suitability through analysis of vulnerability. Also, we have implemented the vulnerability analysis tools for web Proxy system and proposed methods to optimize for resolution of web vulnerabilities.

• The KIPS Transactions:PartD
• /
• v.16D no.6
• /
• pp.921-926
• /
• 2009

Vulnerabilities in software can result in many social and economic problems once it has already been deployed and put to use. Thus, the vulnerabilities should be seriously taken into consideration from the beginning step of software development. A modeling and simulation method for software can be adopted as a testing tool for establishing vulnerability inspection strategies. For verification of usability of this strategy, in this paper, we modeled the behavior of a DNS system using Ptolemy and the simulation was performed. The result shows that a well-known vulnerability of DNS server could be effectively found, which confirms that the modeling and simulation can be used for vulnerability testing.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.273-276
• /
• 2011

Voice over Internet Protocol(VoIP) compared to the traditional PSTN communications costs and because of the ease of use has been widespread use of VoIP. Broadband Convergence Network (BCN) as part of building with private Internet service provider since 2010, all government agencies are turning to the telephone network and VoIP. In this paper, we used the Internet on your phone in the IETF SIP-based IP-PBX is a hacking attack analysis studies. VoIP systems are built the same way as a test bed for IP-PBX hacking attacks and vulnerabilities by analyzing the results yielded. Proposes measures to improve security vulnerabilities to secure VoIP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4933-4956
• /
• 2016

Use-After-Free (UAF) is a common lethal form of software vulnerability. By using tools such as Web Browser Fuzzing, a large amount of samples containing UAF vulnerabilities can be generated. To evaluate the threat level of vulnerability or to patch the vulnerabilities, automatic deduplication and exploitability determination should be carried out for these samples. There are some problems existing in current methods, including inadequate pertinence, lack of depth and precision of analysis, high time cost, and low accuracy. In this paper, in terms of key dangling pointer and crash context, we analyze four properties of similar samples of UAF vulnerability, explore the method of extracting and calculate clustering eigenvalues from these samples, perform clustering by fast search and find of density peaks on a large number of vulnerability samples. Samples were divided into different UAF vulnerability categories according to the clustering results, and the exploitability of these UAF vulnerabilities was determined by observing the shape of class cluster. Experimental results showed that the approach was applicable to the deduplication and exploitability determination of a large amount of UAF vulnerability samples, with high accuracy and low performance cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.557-564
• /
• 2019

As the number and type of software increases, those security vulnerabilities are also increasing. Various types of software may have multiple vulnerabilities and those vulnerabilities as they can cause irrecoverable significant damage must be detected and deleted quickly. Various studies have been carried out to detect the vulnerability of the current software, but it is slow, and prediction accuracy is low. Therefore, in this paper, we describe a method to efficiently predict software vulnerability by using neural network algorithm and compare prediction accuracy with conventional system using machine learning algorithm. As a result of the experiment, the prediction system proposed in this paper showed the highest prediction rate.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.1
• /
• pp.9-16
• /
• 2019

Smartphones are becoming a portable computer. As a result, even the most sensitive financial application services are now available anywhere on the smartphone. Compared to general PCs, smartphones communicate with external devices through various channels such as wireless internet, mobile communication network, Bluetooth, and NFC, and a wide variety of applications are provided. Therefore, if vulnerabilities exist, the possibility of attack damage increases. In this paper, we analyze the vulnerabilities of dynamic virtual keyboards used in login of banking apps of smartphones with various physical constraints and propose countermeasures.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.87-95
• /
• 2019

The damage is increasing due to many encroachment accidents caused by increasingly sophisticated cyber attacks. Many institutions and businesses lack early response to invest a lot of resources in the infrastructure for incident detection. The initial response of an intrusion is to identify the route of attack, and many cyber attacks are targeted at software vulnerabilities. Therefore, analyzing the artifacts of a Windows system against software vulnerabilities and classifying the analyzed data can be utilized for rapid initial response. Therefore, the remaining artifacts upon entry of attacks by software are classified, and artifact grouping is presented for use in analysis of encroachment accidents.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.111-116
• /
• 2018

The Cyber space of the ROK Army is constantly threatened by enemy. In order to reponse to such cyber treats, vulnerabilities of information assets of the ROK Army should be identified and eliminated early. However, the ROK Army currently lacks systematic management of vulnerabilities. Therefore, this paper investigates trends of each country's vulnerability management and the actual situation of the management of the vulnerabilities in the ROK Army, and suggests ways of linking vulnerability database and the ROK Army information asset management system for effective vulnerability management of the ROK Army information assets.

• International Journal of Naval Architecture and Ocean Engineering
• /
• v.12 no.1
• /
• pp.541-551
• /
• 2020

Based on the trend, there have been numerous researches analysing the ship collision risk. However, in this scope, the navigational conditions and external environment are ignored or incompletely considered in training or/and real situation. It has been identified as a significant limitation in the navigational collision risk assessment. Therefore, a novel algorithm of the ship navigational collision risk solving system has been proposed based on basic collision risk and vulnerabilities of marine accidents. The vulnerability can increase the possibility of marine collision accidents. The factors of vulnerabilities including bad weather, tidal currents, accidents prone area, traffic congestion, operator fatigue and fishing boat operating area are involved in the fuzzy reasoning engines to evaluate the navigational conditions and environment. Fuzzy logic is employed to reason basic collision risk using Distance to Closest Point of Approach (DCPA) and Time of Closest Point of Approach (TCPA) and the degree of vulnerability in the specific coastal waterways. Analytical Hierarchy Process (AHP) method is used to obtain the integration of vulnerabilities. In this paper, vulnerability factors have been proposed to improve the collision risk assessment especially for non-SOLAS ships such as coastal operating ships and fishing vessels in practice. Simulation is implemented to validate the practicability of the designed navigational collision risk solving system.