• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.4
• /
• pp.220-231
• /
• 2002

Trojan-horse programs are the programs that disguise normal and useful programs but do malicious thing to the hosts. This paper proposes an anti-Trojan horse mechanism using the information attached to the code by the developers. In this mechanism, each code is accompanied with the information on their possible accesses to resources, and based on this information users determine whether the code is malicious or not. Even in the case a code is accepted by users due to its non-malicious appearance, its runtime behaviors are monitored and halted whenever any attempts to malicious operations are detected. By hiring such runtime monitoring system, this mechanism enables detecting unknown Trojan horses and reduces the decision-making overhead being compared to the previous monitoring-based approaches. We describe the mechanism in a formal way to show the advantages and the limitations of the security this mechanism provides.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.916-937
• /
• 2023

Most of the existing Distributed Denial-of-Service mitigation schemes in Software-Defined Networking are only implemented in the network domain managed by a single controller. In fact, the zombies for attackers to launch large-scale DDoS attacks are actually not in the same network domain. Therefore, abnormal traffic of DDoS attack will affect multiple paths and network domains. A single defense method is difficult to deal with large-scale DDoS attacks. The cooperative defense of multiple domains becomes an important means to effectively solve cross-domain DDoS attacks. We propose an efficient multi-domain DDoS cooperative defense mechanism by integrating blockchain and SDN architecture. It includes attack traceability, inter-domain information sharing and attack mitigation. In order to reduce the length of the marking path and shorten the traceability time, we propose an AS-level packet traceability method called ASPM. We propose an information sharing method across multiple domains based on blockchain and smart contract. It effectively solves the impact of DDoS illegal traffic on multiple domains. According to the traceability results, we designed a DDoS attack mitigation method by replacing the ACL list with the IP address black/gray list. The experimental results show that our ASPM traceability method requires less data packets, high traceability precision and low overhead. And blockchain-based inter-domain sharing scheme has low cost, high scalability and high security. Attack mitigation measures can prevent illegal data flow in a timely and efficient manner.

• Journal of Digital Convergence
• /
• v.12 no.9
• /
• pp.201-207
• /
• 2014

In the cloud environment, the company needs data integration and analysis to make decision and policy. If new system is added to this environment, a lot of time and cost is needed due to disparate properties among systems when data is integrated. Therefore, in this paper, we propose a DBaaS hub system for multi-database service. The DBaaS may require a different database and need data integration for relevant service. Using the ontology, we propose a metadata query to resolve the interoperability issues between data of DBaaS. The meta-query is not a query to access the real data, but the query for the upper level. This method provides data integration by accessing the data with the converted query through an ontology when we access the actual database.We also constructs a document-oriented database system using the metadata.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.9
• /
• pp.1845-1850
• /
• 2009

Generally, small and medium scale enterprises have conventionally been performing diligence and indolence management by hand, but many of them have been recently costing a lot of money for their diligence and indolence management and security maintenance. But yet, they have annoying sides due to the initial stage cost for the introduction of the system which is consisted of a terminal for reading a card, an RFID card, an administrative sewer and an application program for the diligence and indolence management as well as the insufficiency of the fixing skill being able to cope with the problems originating from hardware and software troubles. For this reasons, we developed a new diligence and indolence management system that the initial stage cost is moderate because it is needless to purchase a new server and to issue a new card, and the operation and management of the system is convenient because an RFID card reader communicates with a central administrative server in IDC(Internet Data Center) over internet for the diligence and indolence management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.11
• /
• pp.2340-2346
• /
• 2011

This paper presents a user-friendly authentication system using a flexible USIM. In the proposed method and its system, the flexible USIM utilizes personalized data such as Mobile Directory Number(MDN) and social security number as the key to user authentication. The authentication method proposed in this paper permits limited times of use and/or limited duration of use. A simple simulation model shows that the proposed algorithm works well and shows high compatibility with existing authentication methods. In addition, an alternative or more advanced authentication system can be developed with the proposed flexible USIM card. It is seen that this simple alternative method will eventually be able to make wireless communication networks more easily accessible for subscribers, irrespective of user environments.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.2
• /
• pp.375-381
• /
• 2018

As smart home network services such as home CCTV, outdoor control of home appliances, home security and disaster prevention services become popular, there appear various affiliated products including smart home gateway and smart speaker. Since those services are generally developed on the vendors' individual hardware and software platforms, it is not much expected for them to interwork well among different architecture and communication methods. In this paper, we propose a new home network service system running on an open source platform to address such issues. We implemented a home network system using OpenWRT-based wireless router(or access point) and Zigbee communication technology. In the proposed system, a wireless router replaces a commercial home gateway and small control units implemented with Arduino control electronic devices and sensors in home. Several service scenarios are also implemented to verify the operability of the proposed system.

• Journal of Satellite, Information and Communications
• /
• v.10 no.4
• /
• pp.83-86
• /
• 2015

In this paper, we propose a real-tim measurement management system UI development linked the Water treatment facilities broadband Convergence Network. The sensor and the image data received by the server develop a program to interact with Web through water treatment facilities broadband convergence network. So, Separately develop UI capable of independently operating. Building a web server for remote monitoring of the transmission sensor and the image data. And Monitoring and control is possible the sensor data and image data through the Web-based UI. We can grasp the current state such as measurement time, concentration and depth of interface through the proposed real-time measurement management system UI development liked the water treatment facilities broadband convergence network. So, we can check in whether the normal operation of water treatment facilities and whether the casualties such as fire and security. As well as real time to see the information at a glance due to UI development can be raal-time monitoring of real-time measurement management system.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.9
• /
• pp.675-684
• /
• 2009

Internet worm can cause a traffic problem through DDoS(Distributed Denial of Services) or other kind of attacks. In those manners, it can compromise the internet infrastructure. In addition to this, it can intrude to important server and expose personal information to attacker. However, current detection and response mechanisms to worm have many vulnerabilities, because they only use local characteristic of worm or can treat known worms. In this paper, we propose a new framework to detect unknown worms. It uses macroscopic characteristic of worm to detect unknown worm early. In proposed idea, we define the macroscopic behavior of worm, propose a worm detection method to detect worm flow directly in IP packet networks, and show the performance of our system with simulations. In IP based method, we implement the proposed system and measure the time overhead to execute our system. The measurement shows our system is not too heavy to normal host users.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1355-1364
• /
• 2001

Internal control comprises the plan of Organization and all of the coordinate methods and measure adopted within a business to safeguard its assets. check the accuracy and reliability of its accounting data, promote operation efficiency, and encourage adherence to prescribed managerial policies. Internal accounting control is classified into General Control and Application Control. Essential elements of internal accounting control as follows : 1. General Control $\circled1$ Organization and operation controls. $\circled2$ System development and Documentation controls. $\circled3$ Hardware controls. $\circled4$ Software and hardware Accessibility controls. $\circled5$ General systems security and protection 2. Application control $\circled1$Input control. $\circled2$ Processing control. $\circled3$ Output control. Internal accounting control can establish a total management information system by connecting with mana-gement control of a company, and enable decision makers to establish decision support system(DSS), is so vital today.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.565-570
• /
• 2016

User requirements for access and authentication increase daily because of the diversification of the Internet of Things (IoT) and social structures. The increase in authentication needs requires the generation of new passwords. Users want to utilize the same passwords for memorization convenience. However, system administrators request each user to use different passwords, as well as passwords that include special symbols. Differnet passwords and including special symbols passwords seem to exceed the tolerance range within your memorization skills. It fetches a very negative consequences in terms of password management. This paper proposes a preference symbol password system that does not require memorization by users. First, a survey is conducted to prove statistical safety, and based on this, an evolution-type password system that uses preference symbols is designed. Preference symbol passwords show superiority with respect to installation cost and convenience, compared with conventional non-memorizing password systems such as biometrics, keystrokes, and mouse patterns.