• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1179-1195
• /
• 2018

Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

• The Journal of Pediatrics of Korean Medicine
• /
• v.20 no.2
• /
• pp.45-57
• /
• 2006

Objectives : The Internet is closely related to the live of modern people in the 21st Century. With increasing interest in health and disease of children, the public has access to a growing supply of information on oriental pediatrics clinic through Internet. The purpose of this study is to collect and analyze the Internet web sites concerning oriental pediatrics clinic in Korea, and study the effectiveness of internet toward oriental pediatrics. Methods : We selected 42 web sites by searching for such keyword as child and oriental Medical clinic at korea major web search engine. The sites were evaluated and analyzed on the basis of 24 is under three evaluation criteria such as quality of contents, the easy of use, reliability of web sites. Results: Study results indicated that 34% of web sites were built in 2004, 58% of oriental pediatrics clinic was located in Seoul & Kyunggi and 84% of them was connected network medical system. About health information was supplied in oriental pediatrics clinic web sites, the growth was high frequent information, 50% of web sites supplied high quality information and 19% of them was supplied high diversity information. Conclusions: It is necessary to control system as information certification system in the area of oriental pediatrics clinic web sites.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.567-584
• /
• 2004

As XML becomes popular as the way of presenting information on the web, how to secure XML data becomes an important issue. So far study on XML security has focused on security of data communications by using digital sign or encryption technology. But, it now requires not just to communicate secure XML data on communication but also to manage query process to access XML data since XML data becomes more complicated and bigger. We can manage XML data queries by access control technique. Right now current XML data access control only deals with read operation. This approach has no option to process update XML queries. In this paper, we present XML access control model and technique that can support both read and update operations. In this paper, we will propose the operation for XML document update. Also, We will define action type as a new concept to manage authorization information and process update queries. It results in both minimizing access control steps and reducing memory cost. In addition, we can filter queries that have no access rights at the XML data, which it can reduce unnecessary tasks for processing unauthorized query. As a result of the performance evaluation, we show our access control model is proved to be better than other access control model in update query. But it has a little overhead to decide action type in select query.

• The KIPS Transactions:PartB
• /
• v.11B no.1
• /
• pp.45-52
• /
• 2004

We propose ESS_WMCE. This paper explains the design and implementation of the EDSS running on ESS_WMCE. EDSS is a synchronization error control system for web based multimedia collaboration environment. We have an error detection approach by using hooking method. The technique of an error transmission is a mended model of utilizing an application sharing system. DOORAE is a good framework model for supporting development on application for computer supported cooperated works. It has primitive service functions. Service functions are implemented with an object oriented concept. It is a system that is suitable for detecting and sharing a software error rapidly occurring on web based multimedia collaboration environment by using software techniques. It is able to share an error as well as providing URL synchronization to access shared objects. When an error occurs, this system detects an error by using hooking methods in MS-Windows API(Application Program Interface) function. If an error is found, it is able to provide an error sharing to access shared objects.

• Journal of Internet Computing and Services
• /
• v.15 no.6
• /
• pp.55-64
• /
• 2014

In a Web application, you can pass without restrictions special network security devices such as IPS and F/W, URL parameter, which is an important element of communication between the client and the server, is forwarded to the Web server. Parameters are modulated by an attacker requests a URL, disclose confidential information or through e-commerce, can take financial gain. Vulnerability parameter manipulation thereof cannot be able to determine whether to operate in only determined logical application, blocked with Web Application Firewall. In this paper, I will present a technique OTACUS(One-Time Access Control URL System) to complement the shortcomings of the measures existing approaches. OTACUS can be effectively blocked the modulation of the POST or GET method parameters passed to the server by preventing the exposure of the URL to the attacker by using clean URL technique simplifies complex URL that contains the parameter. Performance test results of the actual implementation OTACUS proves that it is possible to show a stable operation of less than 3% increase in the load.

• Journal of Contemporary Eastern Asia
• /
• v.14 no.1
• /
• pp.23-43
• /
• 2015

In most of the world, the current trend in information technology is for open data movement that promotes transparency and equal access. An opposite trend is observed in China, which has the world's largest Internet population. The country has implemented sophisticated cyber-infrastructure and practices under the name of The Golden Shield Project (commonly referred to as the Great Firewall) to limit access to popular international web services and to filter traffic containing 'undesirable' political content. Increasingly, tech-savvy Chinese bypass this firewall and use Twitter to share knowledge on censorship circumvention and encryption to collectively troubleshoot firewall evasion methods, and even mobilize actions that border on activism. Using a mixed mythological approach, the current study addresses such networked knowledge sharing among citizens in a restricted web ecosystem. On the theoretical front, this study uses webometric approaches to understand change agents and positive deviant in the diffusion of censorship circumvention technology. On policy-level, the study provides insights for Internet regulators and digital rights groups to help best utilize communication networks of positive deviants to counter Internet control.

• Educational Technology International
• /
• v.6 no.1
• /
• pp.103-119
• /
• 2005

This study investigated to designand implement web-based collaborative learning system Co-Net and map out students' learning procedure using the system, based upon Student Team Achievement Division (STAD Slavin, 1990, 1996). There are technical process and instructional considerations to be made during the design process. The former are those that concern equipment requirements and specifications and include Ease of Use, Speed of Access, and Flexibility. On the other hand, instructional considerationsare concerned with the delivery and access of instructional materials and their outcomes on learners. They are cooperative interactions within groups and group heterogeneity, learner control, group incentives, individual accountability, equal opportunity for earning high scores and contributing to group effort, task specialization, and competition among groups. A web site for a virtual learning environment designed and built by the authors and known as Co-Net is then explained along with the whole process learners inside the environment. The main page of Co-Net consists of 15 menus to implement cooperative learning process. The cooperative learning activities using 15 menus are composed of six phases (1) preparation of the new knowledge (2) presentation of the new knowledge (3) knowledge assimilation and application (4) team and individual evaluation (5) team and individual recognition Throughout the five phases, the appropriate use of cooperative learning techniques has been shown to have both academic and social benefits to learners.

• Proceedings of the Korean Society for Technology of Plasticity Conference
• /
• 2006.05a
• /
• pp.211-214
• /
• 2006

The outer race of the constant velocity(CV) joint is an important load-supporting automotive part, which transmits torque between the transmission and the wheel. The outer race is difficult to forge, because its shape is very complex and the required dimensional tolerances are very stringent. Therefore, the internet based shape inspection system is developed in this study to provide quick and accurate data through the easy control from users. Proposed system uses mechanical displacement sensors to measure the shape of CV joint that has six inner ball grooves, and commercially available Lab-View program is used to process measured data into the dimensional shape. Developed program provides a simple user interface that enables users real-time access of data measured from industrial production lines. Furthermore, it can exchange measured data via the internet between users and forging system operators. A java applet helped the system connection via internet. A data, IP access, is transmitted to the packet by TCP/IP. Our proposed system has many advantages over current measuring systems including fast and efficient data processing by real-time control, and system flexibility.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06a
• /
• pp.250-252
• /
• 2006

Web technologies are gaining increased importance in automation and control systems. However, the choice of Web technologies depends on the use cases in the application environment. In industrial systems, the data can be got not only from many different field systems and devices but also from different OPC (OLE for Process Control) Servers. Current OPC Client might be able to read simple data from OPC Server, but there are some problems to get structured data and to exchange structured information between collaborating applications. Therefore, OPC Foundation has defined interfaces to OPC XML-DA (OPC XML Data Access) and OPC Complex Data that aim to solve those problems. The OPC XML-DA can facilitate the exchange of plant data across the internet, and upwards into the enterprise domain. In addition, the OPC Complex Data will extend the OPC DA specification to allow the OPC Client to read and decode any type of data from measurement and control systems on the plant floor. This paper will describe the concept of OPC XML-DA and OPC Complex Data. And then it proposes a mechanism to implement the OPC Complex Data into OPC XML-DA Server. Additionally, the paper also discusses the security aspects.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.87-94
• /
• 2022

Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.