• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.75-80
• /
• 2015

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.49-62
• /
• 2008

AV (Atomic Vulnerability) is a conceptual definition representing a vulnerability in a systematic way, AVs are defined with respect to its type, location, and result. It is important information for meaning based vulnerability analysis method. Therefore the existing vulnerability can be expressed using multiple AVs, CVE (common vulnerability exposures) which is the most well-known vulnerability information describes the vulnerability exploiting mechanism using natural language. Therefore, for the AV-based analysis, it is necessary to search specific keyword from CVE's description and classify it using keyword and determination method. This paper introduces software design and implementation result, which can be used for atomic vulnerability analysis. The contribution of this work is in design and implementation of software which converts informal vulnerability description into formal AV based vulnerability definition.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.740-750
• /
• 2018

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.63 no.3
• /
• pp.13-26
• /
• 2021

Recent drought events in the South Korea and the magnitude of drought losses indicate the continuing vulnerability of the agricultural drought. Various studies have been performed on drought hazard assessment at the regional scales, but until recently, drought management has been response oriented with little attention to mitigation and preparedness. A vulnerability assessment is introduced in order to preemptively respond to agricultural drought and to predict the occurrence of drought. This paper presents a method for spatial, Geographic Information Systems-based assessment of agricultural drought vulnerability in South Korea. It was hypothesized that the key 14 items that define agricultural drought vulnerability were meteorological, agricultural reservoir, social, and adaptability factors. Also, this study is to analyze agricultural drought vulnerability by comparing vulnerability assessment according to weighting method. The weight of the evaluation elements is expressed through the Analytic Hierarchy Process (AHP), which includes subjective elements such as surveys, and the Entropy method using attribute information of the evaluation items. The agricultural drought vulnerability map was created through development of a numerical weighting scheme to evaluate the drought potential of the classes within each factor. This vulnerability assessment is calculated the vulnerability index based on the weight, and analyze the vulnerable map from 2015 to 2019. The identification of agricultural drought vulnerability is an essential step in addressing the issue of drought vulnerability in the South Korea and can lead to mitigation-oriented drought management and supports government policymaking.

• Smart Structures and Systems
• /
• v.4 no.2
• /
• pp.209-220
• /
• 2008

A methodology for the seismic vulnerability assessment of historical monuments is presented in this paper. The ongoing work has been conducted in Tunisia within the framework of the FP6 European Union project (WIND-CHIME) on the use of appropriate modern seismic protective systems in the conservation of Mediterranean historical buildings in earthquake-prone areas. The case study is the five-century-old Zaouia of Sidi Kassem Djilizi, located downtown Tunis, the capital of Tunisia. Ambient vibration tests were conducted on the case study using a number of force-balance accelerometers placed at selected locations. The Enhanced Frequency Domain Decomposition (EFDD) technique was applied to extract the dynamic characteristics of the monument. A 3-D finite element model was developed and updated to obtain reasonable correlation between experimental and numerical modal properties. The set of parameters selected for the updating consists of the modulus of elasticity in each wall element of the finite element model. Seismic vulnerability assessment of the case study was carried out via three-dimensional time-history dynamic analyses of the structure. Dynamic stresses were computed and damage was evaluated according to a masonry specific plane failure criterion. Statistics on the occurrence, location and type of failure provide a general view for the probable damage level and mode. Results indicate a high vulnerability that confirms the need for intervention and retrofit.

• Journal of Korean Society of Rural Planning
• /
• v.25 no.1
• /
• pp.67-74
• /
• 2019

This study is to identify the heat vulnerability area as represented by heat risk factors which could be attributable to heat-related deaths. The heat risk factors were temperature, Older Adults(OA), Economic Disadvantage(ED), Accessibility of Medical Services(AMS), The population Single Person Households(SPH). The factors are follow as; the temperature means to the number of days for decades average daily maximum temperature above $31^{\circ}C$, the Older Adults means to population ages 65 and above, furthermore, the Economic Disadvantage means to the population of Basic Livelihood Security Recipients(BLSR), the Accessibility of Medical Services(AMS) means to 5 minutes away from emergency medical services. The results of the analysis are showed that the top-level of temperature vulnerability areas is Dong, the top-level of vulnerability OA areas is Eup, the top-level of AMS vulnerability is Eup. Moreover, the top-level of vulnerability ED area appears in the Eup and Dong. The result of analysing relative importance to each element, most of the Eup were vulnerable to heat. Since, there are many vulnerable groups such as Economic Disadvantage, Older Adults in the Eup. We can be figured out estimated the number of heat-related deaths was high in the Eup and Dong by the data of emergency activation in the Chungcheongnam-do Fire Department. Therefore, the result of this study could be reasonable.

• Earthquakes and Structures
• /
• v.11 no.4
• /
• pp.629-648
• /
• 2016

This paper deals with 111 buildings built between 1962 and 1987, from various parts of the city of Osijek, for which, through the collection of documentation, a database is created. The aim of this paper is to provide the first steps in assessing seismic risk in Osijek applying method based on vulnerability index. This index uses collected information of parameters of the building: the structural system, the construction year, plan, the height, i.e., the number of stories, the type of foundation, the structural and non-structural elements, the type and the quality of main construction material, the position in the block and built-up area. According to this method defining five damage states, the action is expressed in terms of the macroseismic intensity and the seismic quality of the buildings by means of a vulnerability index. The value of the vulnerability index can be changed depending on the structural systems, quality of construction, etc., by introducing behavior and regional modifiers based on expert judgments. Since there is no available data of damaged buildings under earthquake loading in our country, we will propose behavior modifiers based on values suggested by earlier works and on judgment based on available project documentation of the considered buildings. Depending on the proposed modifiers, the seismic vulnerability of existing buildings in the city of Osijek will be assessed. The resulting vulnerability of the considered residential buildings provides necessary insight for emergency planning and for identification of critical objects vulnerable to seismic loading.

• Journal of Korean Society of Rural Planning
• /
• v.19 no.3
• /
• pp.51-59
• /
• 2013

The objective of this study was to make a map of farmland vulnerability to flood inundation based on morphologic characteristics from the flood-damaged areas. Vulnerability mapping based on the records of flood damages has been conducted in four successive steps; data preparation and preprocessing, identification of morphologic criteria, calculation of inundation vulnerability index using a fuzzy membership function, and evaluation of inundation vulnerability. At the first step, three primary digital data at 30-m resolution were produced as follows: digital elevation model, hill slopes map, and distance from water body map. Secondly zonal statistics were conducted from such three raster data to identify geomorphic features in common. Thirdly inundation vulnerability index was defined as the value of 0 to 1 by applying a fuzzy linear membership function to the accumulation of raster data reclassified as 1 for cells satisfying each geomorphic condition. Lastly inundation vulnerability was suggested to be divided into five stages by 0.25 interval i.e. extremely vulnerable, highly vulnerable, normally vulnerable, less vulnerable, and resilient. For a case study of the Jinju, farmlands of $138.6km^2$, about 18% of the whole area of Jinju, were classified as vulnerable to inundation, and about $6.6km^2$ of farmlands with elevation of below 19 m at sea water level, slope of below 3.5 degrees, and within 115 m distance from water body were exposed to extremely vulnerable to inundation. Comparatively Geumsan-myeon and Sabong-myeon were revealed as the most vulnerable to farmland inundation in the Jinju.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1139-1150
• /
• 2022

With the rapid development of SW Industry, softwares are everywhere in our daily life. The number of vulnerabilities are also increasing with a large amount of newly developed code. Vulnerabilities can be exploited by hackers, resulting the disclosure of privacy and threats to the safety of property and life. In particular, since the large numbers of increasing code, manually analyzed by expert is not enough anymore. Machine learning has shown high performance in object identification or classification task. Vulnerability detection is also suitable for machine learning, as a reuslt, many studies tried to use RNN-based model to detect vulnerability. However, the RNN model is also has limitation that as the code is longer, the earlier can not be learned well. In this paper, we proposed a novel method which applied BERT to detect vulnerability. The accuracy was 97.5%, which increased by 1.5%, and the efficiency also increased by 69% than Vuldeepecker.