• Journal of Multimedia Information System
• /
• v.5 no.2
• /
• pp.99-104
• /
• 2018

Phishing website has become a crucial concern in cyber security applications. It is performed by fraudulently deceiving users with the aim of obtaining their sensitive information such as bank account information, credit card, username, and password. The threat has led to huge losses to online retailers, e-business platform, financial institutions, and to name but a few. One way to build anti-phishing detection mechanism is to construct classification algorithm based on machine learning techniques. The objective of this paper is to compare different classifier ensemble approaches, i.e. random forest, rotation forest, gradient boosted machine, and extreme gradient boosting against single classifiers, i.e. decision tree, classification and regression tree, and credal decision tree in the case of website phishing. Area under ROC curve (AUC) is employed as a performance metric, whilst statistical tests are used as baseline indicator of significance evaluation among classifiers. The paper contributes the existing literature on making a benchmark of classifier ensembles for web phishing detection.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• Journal of Information Processing Systems
• /
• v.8 no.2
• /
• pp.347-358
• /
• 2012

Recently, security researches have been processed on the method to cover a broader range of hacking attacks at the low level in the perspective of hardware. This system security applies not only to individuals' computer systems but also to cloud environments. "Cloud" concerns operations on the web. Therefore it is exposed to a lot of risks and the security of its spaces where data is stored is vulnerable. Accordingly, in order to reduce threat factors to security, the TCG proposed a highly reliable platform based on a semiconductor-chip, the TPM. However, there have been no technologies up to date that enables a real-time visual monitoring of the security status of a PC that is operated based on the TPM. And the TPB has provided the function in a visual method to monitor system status and resources only for the system behavior of a single host. Therefore, this paper will propose a m-TMS (Mobile Trusted Monitoring System) that monitors the trusted state of a computing environment in which a TPM chip-based TPB is mounted and the current status of its system resources in a mobile device environment resulting from the development of network service technology. The m-TMS is provided to users so that system resources of CPU, RAM, and process, which are the monitoring objects in a computer system, may be monitored. Moreover, converting and detouring single entities like a PC or target addresses, which are attack pattern methods that pose a threat to the computer system security, are combined. The branch instruction trace function is monitored using a BiT Profiling tool through which processes attacked or those suspected of being attacked may be traced, thereby enabling users to actively respond.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.05a
• /
• pp.466-469
• /
• 2006

Nowadays, we make an attempt for media conversion from old to new media, carrying out to information society. These changes to new media are considered as new threat to printing media. New means such as CAD(Computer Aided Publishing), on-line novel and webzine can be regarded as new media and we are confronted with need of new changes in the field of printing media because of the trend of the present. It suggests that the origin of commodity competitiveness depends on the ability of cultural Contents using design. Cultural commodity is considered as strategy concepts in the more specific and realistic aspect than in the aspect of industrialization. This study introduce the case of Cellpark Co.,Ltd. which has successfully developed commodity design of World-cup cultural contents as a creating tools of innovative value connecting existed design method based on printing media with new method. This study gave the case which created Blue Ocean market through new expression method of design, products protection of contents design by patent registration, and licensing which many design firms often overlook.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.5
• /
• pp.1-10
• /
• 2014

As the number of public institution web sites and civil services based on electronic government has increased from the past until now, there is an increasing demand for security of the overall electronic civil services such as possibility for forgery and falsification of electronic documents. Existing studies proposed security threats and response methods on an electronic government service (G4C) from the perspective of service provider. In this study, the scope of analysis was expanded to analyze security technology used for each service type on 289 web sites providing civil services and to present response methods on security threats. The aim of this paper is to discuss practical responses to civil services and core problems of civil services in electronic government that need to be resolved.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.59-67
• /
• 2017

In recent years, cyber terror that break into major institution's information system and destroy and paralyzed important information occurs frequently. Some countries do dangerous acts such as train hackers and order hackers to hack important industrial confidential documents which are core of national competitiveness to reduce the competitiveness of the country and cause social confusion. In this thesis, it will study problems of cyber terror to help people to use Internet in web environment that safe from cyber terror and to avoid the risk from cyber terror such as malware and DDos. This thesis is organized as following. In second chapter, it will look thorough the research that are related to cyber terror. In third chapter, it will study attack types of cyber terror. In fourth chapter, to defend from cyber violence, it will suggest safe solution. In fifth chapter, it will end with conclusion. Finally, to prevent urgent incidents like North Korean Cyber-attack, every Internet user must indicate their recognition on Internet security and it is significant to make a quick response treatment to create the safe online environment.

• The Journal of Industrial Distribution & Business
• /
• v.7 no.1
• /
• pp.11-14
• /
• 2016

Purpose - The study aims to show the successful application of Six Sigma in software companies for process improvement. Research design, data and methodology - A mixed methodology has been used which include both qualitative and quantitative research. In the qualitative research methodology part, a detailed and comprehensive literature study have been carried out. The literature study consists of articles, books, web materials, discussion forms and others. In the quantitative research methodology part, interviews have been conducted. Results - Six sigma is the practical application of a theoretical statistical measurement that equates to 3.4 defects per million opportunities -a position of practically zero defects for any process or service. Initially originating in Motorola Inc. in 1985 as a response to drastic quality improvement pressures from the threat of Japanese competition, it quickly gained many followers particularly G.E., Allied Signal, Ford Motor Company etc. and more recently attentions have shifted to service environments. There are still some problems and misconceptions existed about the applicability of Six Sigma in software companies. Conclusions - The paper concludes that Six Sigma can bring large benefits for software companies too. Furthermore, software companies have already started to implement Six Sigma approach, like Ericsson, Tata Consultancy Service, etc.

• Journal of Information Technology Services
• /
• v.15 no.2
• /
• pp.157-167
• /
• 2016

Task environment for enterprises and public institutions are moving into cyberspace-based environment and structing the LTE wireless network. The applications "App" operated in the LTE wireless network are mostly being developed with Android-based. But Android-based malwares are surging and they are the potential DDoS attacks. DDoS attack is a major information security threat and a means of cyber attacks. DDoS attacks are difficult to detect in advance and to defense effectively. To this end, a DMZ is set up in front of a network infrastructure and a particular server for defensive information security. Because There is the proliferation of mobile devices and apps, and the activation of android diversify DDoS attack methods. a DMZ is a limit to detect and to protect against DDoS attacks. This paper proposes an information security method to detect and Protect DDoS attacks from the terminal phase using a Preemptive military strategy concept. and then DDoS attack detection and protection app is implemented and proved its effectiveness by reducing web service request and memory usage. DDoS attack detection and protecting will ensure the efficiency of the mobile network resources. This method is necessary for a continuous usage of a wireless network environment for the national security and disaster control.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.157-162
• /
• 2004

A development of PP/ST is essential in CC environment. And, the KOREA is expected that PP/STs demand increases explosively by joining to CCRA hereafter. Specially, PP/ST development experience of the KOREA is lacking. So, development of security environment(assume, threat, policy) and security objective contents refer only PP/ST Guide(ISO/IEC PDTR 15446) are very difficult. In this paper, we propose a web service based common security environment and security objective repository model that make developers can run PP/ST creation to be simple. Through proposed model, developers who development experience is lacking are expected to achieve PP/ST development to be simple.