• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.6
• /
• pp.833-842
• /
• 2002

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of use of computers. A attack of intruders using a vulnerability of operating system, protocol and application programs. And so, The attack methods is to be high technology and professional. Thus It must be necessity that we necessary a solution to structure, management for framework of information technology. This paper develope intrusion detecting system for separating intruders form critical system and design IDS model and implementation of it.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.391-395
• /
• 2002

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of use of computers. A attach of intruders using a vulnerability of operating system, protocol and application programs. And so, The attack methods is to be high technology and professional. Thus It must be necessity that we necessary a solution to structure, management for framework of information technology. This paper develope intrusion detecting system for separating intruders form critical system and design IDS model and implementation of it.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.5S
• /
• pp.1657-1665
• /
• 2000

Mobile agents based e-commerce system has many advantage than traditional e-commerce-information gathering on goods, price settlement and payment, delivery of the goods purchased, and so on. However, due to the security vulnerability that stems from mobile agent's mobility, mobile agents based e-commerce system has additional security problems. Therefore, in order to do e-commerce securely in th system, first of al the security issues on mobile agents must be addressed. It this paper, we propose a mobile agent transfer protocol that provides confidentiality and integrity of mobile agent in transit and mutual authentication for communicating hosts. We further show the security of the protocol against many possible attacks. Also, we suggest the location management mechanism of mobile agents based on the trust center. This mechanism is capable of finding their locations transparently and detecting mobile agent clones.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.4
• /
• pp.61-68
• /
• 2015

MANET has various vulnerability in wireless network and is more vulnerable in security because central management is not performed. In particular, routing attack may decrease performance of the overall network because the mobile node acts as a router. In this paper, we proposed authentication technique for improving the reliability of the network by increasing the integrity of the routing control packet and blocking effectively attacks that occur frequently in the inside. The proposed technique is consisted of two authentication methods of ZCN and N2N. ZCN authentication method is to elect CA nodes and monitor the role of the CA nodes. N2N authentication method is for an integrity check on the routing packets between nodes. Index key is determined by combining the hop count value to shared key table issued from CA in order to increase the robustness of the internal attack. Also, the overhead of key distribution was reduced by distributing a shared key to nodes certificated from CA. The excellent performance of the proposed method was confirmed through the comparison experiments.

• Economic and Environmental Geology
• /
• v.52 no.6
• /
• pp.573-586
• /
• 2019

A seismic hazard map based on spatial analysis of various sources of geologic seismic information was developed and assessed for regional seismic vulnerability in South Korea. The indicators for assessment were selected in consideration of the geological characteristics affecting the seismic damage. Probabilistic seismic hazard and fault information were used to be associated with the seismic activity hazard and bedrock depth related with the seismic damage hazard was also included. Each indicator was constructed of spatial information using GIS and geostatistical techniques such as ordinary kriging, line density mapping and simple kriging with local varying means. Three spatial information constructed were integrated by assigning weights according to the research purpose, data resolution and accuracy. In the case of probabilistic seismic hazard and fault line density, since the data uncertainty was relatively high, only the trend was intended to be reflected firstly. Finally, the seismic activity hazard was calculated and then integrated with the bedrock depth distribution as seismic damage hazard indicator. As a result, a seismic hazard map was proposed based on the analysis of three spatial data and the southeast and northwest regions of South Korea were assessed as having high seismic hazard. The results of this study are expected to be used as basic data for constructing seismic risk management systems to minimize earthquake disasters.

• Asia pacific journal of information systems
• /
• v.30 no.2
• /
• pp.308-327
• /
• 2020

The importance of information security is increasing, and various efforts are being made to improve users' information security behaviors. Among these various efforts, information security education is mainly aimed at providing users with information security knowledge and improving information security awareness. This study classified the types of information security education into offline and online to examine the effects of each education method on attitudes toward information security (perceived severity, vulnerability, self-efficacy and response-efficacy) and information security behaviors. A survey was conducted for users with information security education experiences. The results obtained by comparing the differences in the path coefficients of personal information security behaviors according to information security education experiences showed that security behaviors were more significant in the online experience group than the offline group. In addition, gender differences were analyzed, and it was found that females had a greater impact on information security attitudes than males. This study also found that among Internet users with online information security education experience, females tend to have more information security behavior than males, but there were contrasting results among users with offline information security education experiences. The results of this study finally address the necessity of reflecting users' personalities in the systematic design of information security education in the future. Furthermore, the results of this study support the need for an appropriate education system that sufficiently understands education types to maximize the effects of information security education.

• Journal of Digital Contents Society
• /
• v.19 no.5
• /
• pp.899-906
• /
• 2018

In the entire process of disaster management, it is very significant to construct related information as well as perform quantitative assessment of damage losses with respect to minimizing the effect of disasters. Many countries have paid much attention not only to studying risk assessment methodologies including constructing inventories, hazard mapping, vulnerability assessment and direct/indirect damage loss estimation, but also to developing risk analysis tools investigated in this paper. We conducted comparison studies of representative earthquake damage risk analysis tools, and the result of this study is able to provide useful information to decision makers and researchers who can contribute to development of effective disaster management.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.107-113
• /
• 2017

Open platform technology in the banking industry is anticipated to impact the market very positively together with the activation of Fin Tech services. The domestic environment of payment services has been rapidly changing into the mobiles and multiple new payment services have been introduced from a variety of vendors. However, the convenience of payment always causes worsening the security, and the accidents on the security have been continued to occur such as leakage of personal information, hacking and so on upon the expansion of the industry and the market size. This study aims to analyze the status of Fin Tech open platforms and various problems of the related standard technologies, and to suggest the possible solutions. Upon the analysis results, it was confirmed that multiple solutions were required to improve the main security protocols of open platforms and to process the security functions diversely. In conclusion, the results of this study will be helpful to determine the direction of the solution on the security issues in the open platform environment of the current industry.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.1
• /
• pp.35-44
• /
• 2021

With the development of information technology, the cybersecurity threat continues as digital-related technologies are applied to the instrumentation and control system of nuclear power plants. The malfunction of the instrumentation and control system can cause economic damage due to shutdown, and furthermore, it can lead to national disasters such as radioactive emissions, so countering cybersecurity threats is an important issue. In general, the study of cybersecurity in instrumentation and control systems is concentrated on safety systems, and diverse protection systems perform protection and reactor shutdown functions, leading to reactor shutdown or, in the worst case, non-stop situations. To accurately analyze cyber threats in the diverse protection system, its linked facilities should be analyzed together. Risk analysis should be conducted by analyzing the potential impact of inter-facility cyberattacks on related facilities and the impact of cybersecurity on each configuration module of the diverse protection system. In this paper, we analyze the linkage of the diverse protection system and discuss the cybersecurity linkage threat by analyzing the availability of equipment, the cyber threat impact of the linked equipment, and the configuration module's cybersecurity vulnerability.