• Earthquakes and Structures
• /
• 제22권4호
• /
• pp.387-399
• /
• 2022

To study the seismic damage of masonry structures and understand the characteristics of the multi-intensity region, according to the Dujiang weir urbanization of China Wenchuan earthquake, the deterioration of 3991 masonry structures was summarized and statistically analysed. First, the seismic damage of multistory masonry structures in this area was investigated. The primary seismic damage of components was as follows: Damage of walls, openings, joints of longitudinal and transverse walls, windows (lower) walls, and tie columns. Many masonry structures with seismic designs were basically intact. Second, according to the main factors of construction, seismic intensity code levels survey, and influence on the seismic capacity, a vulnerability matrix calculation model was proposed to establish a vulnerability prediction matrix, and a comparative analysis was made based on the empirical seismic damage investigation matrix. The vulnerability prediction matrix was established using the proposed vulnerability matrix calculation model. The fitting relationship between the vulnerability prediction matrix and the actual seismic damage investigation matrix was compared and analysed. The relationship curves of the mean damage index for macrointensity and ground motion parameters were drawn through calculation and analysis, respectively. The numerical analysis was performed based on actual ground motion observation records, and fitting models of PGA, PGV, and MSDI were proposed.

• 한국시뮬레이션학회논문지
• /
• 제13권3호
• /
• pp.21-29
• /
• 2004

The major objective of this paper is to analyze network vulnerabilities using the SIMVA (SIMualtion-based Vulnerability Analyzer). SIMVA is capable of monitor network status and analyze vulnerabilities automatically. To do this, we have employed the advanced modeling and simulation concepts such as SES/MB (System Entity Structure / Model Base) framework, DEVS (Discrete Event System Specification) formalism, and experimental frame for developing network security models and simulation-based analysis of vulnerability. SIMVA can analyze static vulnerability as well as dynamic vulnerability consistently and quantitatively. In this paper, we verified and tested the capability of application of SIMVA by slammer worm attack scenario.

• 한국산학기술학회논문지
• /
• 제20권6호
• /
• pp.541-547
• /
• 2019

최근 자동화 되는 해킹 및 분석 기술의 발전으로 인하여 수많은 소프트웨어 보안 취약점이 빠르게 발표되고 있다. 대표적인 취약점 데이터베이스인 NVD(National Vulnerability Database)에는 2010년부터 2015년까지 보안 취약점(CVE: Common Vulnerability Enumeration) 약 8만 건이 등록되었으며, 최근에도 점차 증가하고 있는 추세이다. 보안 취약점은 빠른 속도로 증가하고 있는 반면, 보안 취약점을 분석하고 대응하는 방법은 전문가의 수동 분석에 의존하고 있어 대응 속도가 느리다. 이런 문제점을 해결하기 위해 자동화된 방법으로 보안 취약점을 탐색하고, 패치하여 악의적인 공격자에게 공격 기회를 줄 수 있는 보안 취약점을 사전에 대응 할 수 있는 기술이 필요하다. 본 논문에서는 복잡도 분석을 통해 취약점 탐색 대상 바이너리의 특징을 추출하고, 특징에 적합한 취약점 탐색 전략을 선정하여 취약점을 자동으로 탐색하는 기술을 제안한다. 제안 기술은 AFL, ANGR, Driller 도구와 비교 검증 하였으며 코드 커버리지는 약 6% 향상, 크래시 개수는 약 2.4배 증가, 크래시 발생율 약 11% 향상 효과를 볼 수 있었다.

• Journal of Forest and Environmental Science
• /
• 제28권2호
• /
• pp.106-117
• /
• 2012

In an effort to analyze the impact of climate change, Gangwon provincial forest was divided into three sectors; forest ecology, forest disaster, and forest productivity and analysis of their current status from 2000 to 2009 and vulnerability assessment by climate change has been carried in this study. In case of vulnerability assessment, except for the forest ecology, forest disaster (forest fires and forest pests) and forest productivity sectors were analyzed in current status, the year of 2020, and 2050. It turned out that vulnerability of forest fires in the field of disaster would become worse and forest pests also would make more impact even though there is some variation in different areas. In case of the vulnerability of forest productivity there would be not a big difference in the future compared with current vulnerability. Systematic research on the sensitivity index used for vulnerability assessment is necessary since vulnerability assessment result greatly depends on the use of climate exposure index and adaptive capacity index.

• 상하수도학회지
• /
• 제33권5호
• /
• pp.341-351
• /
• 2019

The purpose of this study was to evaluate vulnerability of drought in small island areas. Vulnerability assessment factors of drought were selected by applying the factor analysis. Ninety Eup/Myon areas in small island were evaluated to vulnerability of drought by entropy method adapting objective weights. Vulnerability consisted of climate exposure, sensitivity, and adaptive capacity. A total of 22 indicators were used to evaluate and analyze vulnerability of drought in small island areas. The results of entropy method showed that winter rainfall, no rainfall days, agricultural population rate, cultivation area rate, water supply rate and groundwater capacity have a significant impact on drought assessment. The overall assessment of vulnerability indicated that Seodo-myeon Ganghwa-gun, Seolcheon-myeon Namhae-gun and Samsan-myeon Ganghwa-gun were the most vulnerable to drought. Especially Ganghwa-gun should be considered policy priority to establish drought measures in the future, because it has a high vulnerability of drought.

• 융합보안논문지
• /
• 제22권1호
• /
• pp.11-17
• /
• 2022

최근 사이버 공격으로 인해 발생한 우크라이나 대규모 정전 사태를 비롯하여 국가 기반시설에 대한 사이버 공격이 지속해서 발생하고 있다. 이에 따라 ICS-CERT 취약점이 작년보다 두 배 이상이 증가하는 등 원자력 시설 등의 산업제어시스템에 대한 취약점이 날로 증가하고 있다. 대부분의 제어시스템 운영자는 미국의 ICS-CERT에서 제공하는 산업제어시스템 취약점정보원을 바탕으로 취약점 대응 방안을 수립한다. 그러나 ICS-CERT는 연관된 모든 취약점 정보를 포함하지 않으며, 국내 제조사 제품에 대한 취약점을 제공하지 않아 이를 국내 제어시스템 보안에 적용하기 어렵다. 따라서 본 연구에서는 ICS-CERT에서 제공하는 제어시스템 취약점 정보(1,843건)를 기준으로 해당 취약점과 관련된 CVE, CWE, CAPEC, CPE 정보를 통합한 취약점 분석 프레임워크를 제시한다. 또한 원자력 시설의 자산을 CPE를 이용하여 식별하고 CVE와 ICS-CERT를 이용하여 취약점을 분석한다. 기존의 방법론으로 취약점 분석 시 임의의 국내 원자력 시설 자산 중 ICS-CERT에는 단 8%의 자산에 대한 취약점 정보를 탐색하였지만, 제안하는 방법론을 이용하면 70% 이상의 자산에 대해 취약점 정보를 탐색할 수 있다.

• Journal of Multimedia Information System
• /
• 제8권4호
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

• 한국CDE학회논문집
• /
• 제22권2호
• /
• pp.101-109
• /
• 2017

In order to reduce the number of casualties by improving the survivability of the combat vehicle, the vulnerability analysis of the combat vehicle is needed. However, the actual test for the vulnerability analysis requires large experimental space and expensive equipment costs long time and large expense. It is needed to develop a new method that can replace the actual test. In the paper, we suggested a new approach to analyzing the vulnerability using the M&S method instead of the actual test. To analyze the vulnerability, the shot line analysis is performed to find out which part is penetrated by the bullet. The component of the parts is simplified to "Single-Target", "Double-Target", "Air gapped-Target" and can be performed the penetration analysis using the ANSYS Explicit Dynamics. The penetration depth and the residual velocity of the bullet are calculated by analyzing penetration of each part of the combat vehicle. The penetration data calculated the penetration analysis can be used to define the damage level of the combat vehicle. The purpose of this paper is to collect penetration data for various targets and bullets. And "7.62mmAP" is used as the bullet, "7075-T6" is used as a target.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권12호
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• 환경영향평가
• /
• 제26권3호
• /
• pp.171-180
• /
• 2017

2012년에 도입된 도시 기후변화 재해취약성 분석은 현재 지침 제정으로 도시방재정책을 위한 제도적 기반으로 활용되고 있다. 그러나 실제 분석시 분석과정의 구조로 인하여 분석 지표의 가중치 불균형 및 지표의 다중 적용과 같은 문제점이 발생하는 등 개선의 여지가 남아 있다. 제도 도입시 전문가를 통해 도시 계획적 연관성이 높은 지표들이 선정되어 있는 상태라 하더라도 이러한 문제점들은 분석구조에 기인하여 지표들의 영향력이 반영되지 못한다는 결과를 낳는다. 따라서 본 연구에서는 도시 기후변화 재해취약성 분석의 구조를 살펴보고, 변수의 가중치를 조정하여 평준화시켰을 때 현 지침상의 분석결과와 차이가 발생하는지를 실증분석을 통해 검증하고자 하였다. 그 결과로 나타난 재해취약 정도가 두 방식에서 차이가 있음을 확인할 수 있었고 상대적으로 가중치 평준화 방식을 적용하였을 때 기존의 방식인 지침을 따를 때보다 재해취약지역이 더 넓게 나타났다. 이러한 차이는 분석의 구조적 틀을 개선하고 분석결과의 세밀한 검토를 통해 분석결과의 신뢰성 확보를 위한 노력이 필요함을 시사한다.