• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1245-1248
• /
• 2004

최근 SCADA 시스템은 국가기반시설의 중요한 시스템으로 인식됨에 따라 사이버상의 침해사고 대응 및 복구대책이 요구되고 있다. 일반적으로 기존에는 SCADA 시스템 설계시 공정 절차에 따라 이식성, 확장성, 가용성, 유연성을 고려하였으나 최근 안전하고 신뢰성있는 시스템 운영을 위하여 보안에 많은 관심을 갖게 되었다. 본 논문에서는 SCADA 시스템에 대한 보안 설계에 필요한 위험분석 절차를 제시함으로써 사이버테러에 의하여 발생될 국가적 재난 재해를 사전에 예방하고자 한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.9
• /
• pp.1011-1018
• /
• 2014

Because of the proliferation of web services through web site, web hacking attempts are increasing using vulnerabilities of the web application. In order to improve the security of web applications, we have to find vulnerabilities in web applications and then have to remove. This paper addresses a vulnerability in a web application on existing problems and analyze and propose solutions to the vulnerability. This paper have checked the stability of existing web security solutions and evaluated its suitability through analysis of vulnerability. Also, we have implemented the vulnerability analysis tools for web Proxy system and proposed methods to optimize for resolution of web vulnerabilities.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.83-89
• /
• 2019

In accordance with information security compliance and security regulations, there is a need to develop regular and real-time concepts for cyber-infringement attacks against network system vulnerabilities in branch and periodic forms. Vulnerability Analysis Analysis It is judged that it will be a countermeasure against new hacking attack in case of concept validation by interworking with TOOL. Vulnerability check module is standardized in event attribute management and ease of operation. Opening in terms of global sharing of vulnerability data, owasp zap / Angry ip Etc. were investigated in the SIEM system with interlocking design implementation method. As a result, it was proved that the inspection events were monitored and transmitted to the SIEM console by the vulnerability module of web and network target. In consideration of this, ESM And SIEM system In this paper, we propose a new vulnerability analysis method based on the existing information security consultation and the results of applying this study. Refer to the integrated interrelationship analysis and reference Vulnerability target Goal Hacking It is judged to be a new active concept against invasion attack.

• Geomechanics and Engineering
• /
• v.18 no.6
• /
• pp.661-668
• /
• 2019

Seismic vulnerability assessment is a useful tool for rational safety analysis and planning of large and complex structural systems; it can deal with the effects of uncertainties on the performance of significant structural systems. In this study, an efficient dynamic reliability approach, probability density evolution methodology (PDEM), is proposed for seismic vulnerability analysis of earth dams. The PDEM provides the failure probability of different limit states for various levels of ground motion intensity as well as the mean value, standard deviation and probability density function of the performance metric of the earth dam. Combining the seismic reliability with three different performance levels related to the displacement of the earth dam, the seismic fragility curves are constructed without them being limited to a specific functional form. Furthermore, considering the seismic fragility analysis is a significant procedure in the seismic probabilistic risk assessment of structures, the seismic vulnerability results obtained by the dynamic reliability approach are combined with the results of probabilistic seismic hazard and seismic loss analysis to present and address the PDEM-based seismic probabilistic risk assessment framework by a simulated case study of an earth dam.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1689-1705
• /
• 2023

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: "white-box testing" and "black-box testing". Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.27 no.6
• /
• pp.485-492
• /
• 2014

In regards to natural disasters, vulnerability analysis is a component of the disaster risk analysis with one of its objectives as a basis for planning priority setting activities. The volcano eruption raises many casualties and property in the surrounding area, especially when the volcano located in densely populated areas. Volcanic eruptions cannot be prevented, but the risk and vulnerability can be reduced which involve careful planning and preparations that anticipate a future crisis. The social vulnerability as social inequalities with those social factors can influence the susceptibility of various groups to harm and govern their ability to respond. This study carried out the methods of Social Vulnerability Index (SoVI) to measure the socially created vulnerability of the people living in Merapi proximal hamlets in Central Java, Indonesia that refers to the socioeconomic and demographic factors that affect the resilience of communities in order to describe and understand the social burdens of risk. Social vulnerability captured here, using a qualitative survey based-data such as interviews to local people with random ages and background to capture the answer vary, also interviews to stakeholders to help define social vulnerability variables. The paper concludes that by constructing the vulnerability index for the hamlets, the study reveals information about the distribution and causes of social vulnerability. The analysis using SoVI confirms that this method works well in ensuring that positive values indicating high social vulnerability and vice versa.

• Journal of Climate Change Research
• /
• v.4 no.4
• /
• pp.331-348
• /
• 2013

The frequency and intensity of abnormal climate caused by climate change is increasing in Korea. Also, the amount of damage from disaster is increasing rapidly. The research on vulnerability assessment analyzes environmentally, socially and economically vulnerable indicators and is ongoing to reduce the intensity of damage and establish adaptation policies for climate change. Therefore, in this study, we assessed vulnerability using weighting value derived by the regression equation. There are 3 evaluation items : vulnerability assessment for farmland erosion to flood, vulnerability assessment for health to heat wave, vulnerability assessment for forest fire to drought. For this study, indicators for each sectors were selected and spatial data for each sectors were established using GIS program. Results showed that vulnerability to heat wave was more affected by climate factors. On the other hand, vulnerability to flood and drought was more affected by social-economic factors. Then, to analysis efficiency of the regression analysis, vulnerability result was compared between the existing vulnerability research with no weighting applied and the vulnerability research with the influence of weighting value derived by the regression. This study showed that the regression analysis is efficient to provide practical and feasible alternatives in terms of planning climate change adaptation policies and it is expected to be utilized for vulnerability assessment in the future.

• Journal of the Korean Data and Information Science Society
• /
• v.26 no.3
• /
• pp.581-592
• /
• 2015

In the GORRAM, the estimation of resource requirements for wartime equipment is based on the ELCON of the USA. The number of vulnerability groups of ELCON are 22, but unfortunately it is hard to determine how the 22 groups are classified. Thus, in this research we collected 505 types of basic items used in wartime and classified those items into new vulnerability groups using AHP and cluster analysis methods. We selected 11 variables through AHP to classify those items with cluster analysis. Next, we decided the number of vulnerability groups through hierarchical clustering and then we classified 505 types of basic items into the new vulnerability groups through K-means clustering.This paper presents new vulnerability groups of 505 types of basic items fitted to Korean weapon systems. Furthermore, our approach can be applied to a new weapon system which needs to be classified into a vulnerability group. We believe that our approach will provide practitioners in the military with a reliable and rational method for classifying wartime equipment and thus consequentially predict the exact estimation of resource requirements in wartime.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.3
• /
• pp.139-144
• /
• 2016

When, Software is developed, Applying development methods considering security, it is generated the problem of additional cost. These additional costs are caused not consider security in many developing organization. Even though, proceeding the developments, considering security, lack of ways to get the cost of handling the vulnerability throughput within the given cost. In this paper, propose a method for calculating the vulnerability throughput for using a security vulnerability processed cost-effectively. In the proposed method focuses on the implementation phase of the software development phase, leveraging static analysis tools to find security vulnerabilities in CWE TOP25. The found vulnerabilities are define risk, transaction costs, risk costs and defines the processing priority. utilizing the information in the CWE, Calculating a consumed cost in a detected vulnerability processed through a defined priority, and controls the vulnerability throughput in the input cost. When applying the method, it is expected to handle the maximum risk of vulnerability in the input cost.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.54 no.6
• /
• pp.39-44
• /
• 2012

Water supply capacity and operational capability in agricultural reservoirs are expressed differently in the limited storage due to seasonal and local variation of precipitation. Since agricultural water supply and demand basically assumes the uncertainty of hydrological phenomena, it is necessary to improve probabilistic approach for potential risk assessment of water supply capacity in reservoir for enhanced operational storage management. Here, it was introduced the irrigation vulnerability characteristic curves to represent the water supply capacity corresponding to probability distribution of the water demand from the paddy field and water supply in agricultural reservoir. Irrigation vulnerability probability was formulated using reliability analysis method based on water supply and demand probability distribution. The lower duration of irrigation vulnerability probability defined as the time period requiring intensive water management, and it will be considered to assessment tools as a risk mitigated water supply planning in decision making with a limited reservoir storage.