• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.032 seconds

Study On Distribute Computing Network Security Using Encrypted User Security Module (분산 네트워크 환경하에서 암호화 된 사용자 인증 모듈을 적용한 데이터베이스 보안 시스템)

  • Lee Dae-Young;Kim Ok-Hwan
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.2
    • /
    • pp.315-320
    • /
    • 2006
  • This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.

A Study on DCAS Security Framework Model for Mobile IPTV (모바일 IPTV 환경에 적합한 DCAS 보안 프레임워크 연구)

  • Choi, Jung-Young;Cho, Kwan-Tae;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.1
    • /
    • pp.105-116
    • /
    • 2011
  • Mobile IPTV is a IPTV interactive broadcasting service through wireless Internet. Mobile IPTV service would be much more promoted. Thus, the methods for protecting the broadcasting contents will be indispensible elements for the successful Mobile IPTV service achievement. This paper describes the characteristics of Mobile IPTV and the related contents protection techniques. To evaluate several security issues, we suggest a DCAS security framework model for Mobile IPTV, and speculate the most widespread, a security technologies for Mobile IPTV such as DCSA. Moreover, candidate models of Mobile IPTV protection system are suggested based on these technologies.

A Study on Detection Method of Multi-Homed Host and Implementation of Automatic Detection System for Multi-Homed Host (망혼용단말 탐지방법에 대한 연구 및 자동탐지시스템 구현)

  • Lee, Mi-hwa;Yoon, Ji-won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.457-469
    • /
    • 2018
  • This study aimed to investigate the fundamental reasons for the presence of multi-homed host and the risks associated with such risky system. Furthermore, multi-homed host detection methods that have been researched and developed so far were compared and analyzed to determine areas for improvement. Based on the results, we propose the model of an improved automatic detection system and we implemented it. The experimental environment was configured to simulate the actual network configuration and endpoints of an organization employing network segmentation. And the functionality and performance of the detection system were finally measured while generating multi-homed hosts by category, after the developed detection system had been installed in the experiment environment. We confirmed that the system work correctly without false-positive, false-negative in the scope of this study. To the best of our knowledge, the presented detection system is the first academic work targeting multi-homed host under agent-based.

A Study on the Supply Chain Security Program (수출입 공급망 안전 프로그램에 관한 연구)

  • Han, Byoung Wan
    • THE INTERNATIONAL COMMERCE & LAW REVIEW
    • /
    • v.58
    • /
    • pp.287-311
    • /
    • 2013
  • In this study, the scope of previous logistics security were focused only on port and ship. Because of it now extends to the overall (export and import) supply chain areas and in regards with supply security programs in the international level, it reviewed supply chain security programs categorized them into 'ships and port security system', 'container screening system', 'logistics chain authorization system' which are expanded to be adopted in the international level. The major features of those programs are summarized as in building risk management system, providing information ahead, selectivity test and benefits to AEO authorized companies in the customs administration level. The government and companies which are to ensure supply chain security and trade facilitation in order to cope actively with international customs administrative atmosphere need to do the followings : First, they need to build an intra-government integrated supply chain security and make efforts to conclude AEO MRA in order to increase trade competitiveness among major trading countries. Second, they need to build supply chain risk management system in order to enhance management performance through overseas market and company level strategy to obtain and maintain AEO authorization in the company level.

  • PDF

Smart City Security Management in Three Tier Smart City Management System (쓰리 티어 방식의 스마트시티 관리시스템에서의 보안 관리)

  • Hwang, Eui-Dong;Lee, Yong-Woo
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.1
    • /
    • pp.25-33
    • /
    • 2019
  • The security of the data dealt by the smart city system is important because they have many privacy and public information. Therefore, it is necessary to study security in the smart city system. In this paper, we define the security factors for the smart city system composed of three tiers and describe the technologies for each. In addition, the design and implementation of the security layer in the Smart City middleware for the security management of the urban component in the Smart City Infrastructure and middleware, which is one of the most important issues in the Smart City system, is introduced.

A Study on the Improvement of Information Security Model for Precision Medicine Hospital Information System(P-HIS) (정밀의료 병원정보시스템(P-HIS) 정보보호모델 개선 방안에 관한 연구)

  • Dong-Won Kim
    • Convergence Security Journal
    • /
    • v.23 no.1
    • /
    • pp.79-87
    • /
    • 2023
  • Precision Medicine, which utilizes personal health information, genetic information, clinical information, etc., is growing as the next-generation medical industry. In Korea, medical institutions and information communication companies have coll aborated to provide cloud-based Precision Medicine Hospital Information Systems (P-HIS) to about 90 primary medical ins titutions over the past five years, and plan to continue promoting and expanding it to primary and secondary medical insti tutions for the next four years. Precision medicine is directly related to human health and life, making information protecti on and healthcare information protection very important. Therefore, this paper analyzes the preliminary research on inform ation protection models that can be utilized in cloud-based Precision Medicine Hospital Information Systems and ultimately proposes research on ways to improve information protection in P-HIS.

Using Genetic Algorithm for Optimal Security Hardening in Risk Flow Attack Graph

  • Dai, Fangfang;Zheng, Kangfeng;Wu, Bin;Luo, Shoushan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.5
    • /
    • pp.1920-1937
    • /
    • 2015
  • Network environment has been under constant threat from both malicious attackers and inherent vulnerabilities of network infrastructure. Existence of such threats calls for exhaustive vulnerability analyzing to guarantee a secure system. However, due to the diversity of security hazards, analysts have to select from massive alternative hardening strategies, which is laborious and time-consuming. In this paper, we develop an approach to seek for possible hardening strategies and prioritize them to help security analysts to handle the optimal ones. In particular, we apply a Risk Flow Attack Graph (RFAG) to represent network situation and attack scenarios, and analyze them to measure network risk. We also employ a multi-objective genetic algorithm to infer the priority of hardening strategies automatically. Finally, we present some numerical results to show the performance of prioritizing strategies by network risk and hardening cost and illustrate the application of optimal hardening strategy set in typical cases. Our novel approach provides a promising new direction for network and vulnerability analysis to take proper precautions to reduce network risk.

URL Phishing Detection System Utilizing Catboost Machine Learning Approach

  • Fang, Lim Chian;Ayop, Zakiah;Anawar, Syarulnaziah;Othman, Nur Fadzilah;Harum, Norharyati;Abdullah, Raihana Syahirah
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.297-302
    • /
    • 2021
  • The development of various phishing websites enables hackers to access confidential personal or financial data, thus, decreasing the trust in e-business. This paper compared the detection techniques utilizing URL-based features. To analyze and compare the performance of supervised machine learning classifiers, the machine learning classifiers were trained by using more than 11,005 phishing and legitimate URLs. 30 features were extracted from the URLs to detect a phishing or legitimate URL. Logistic Regression, Random Forest, and CatBoost classifiers were then analyzed and their performances were evaluated. The results yielded that CatBoost was much better classifier than Random Forest and Logistic Regression with up to 96% of detection accuracy.

Development of Information Security Education Framework for Information Security Employees: A Case of Educational Institutions (정보보호 담당자를 위한 업무교육 프레임워크 개발 : 교육관련기관 사례)

  • Lee, Eun-Ju;Jun, Hyo-Jung;Kim, Tae-Sung;Kim, Yeon-Bok
    • The Journal of the Korea Contents Association
    • /
    • v.14 no.1
    • /
    • pp.386-399
    • /
    • 2014
  • Following the heightened facilitation of information system in the education field, educational institutions encounter frequent information security infringement accidents. However there is insufficient education for persons in charge of information security duties in educational institutions. This study aims to analyze differences of knowledge and skills required for information security professionals in educational institutions by institution type, service area and duty. Based on the results of multidimensional scaling on survey data, this study presents the information security education framework for educational institutions.

A Pilot System for Website Security-Level Check (웹 사이트 보안수준 확인을 위한 파일럿시스템)

  • Kim, Moon Jeong;Kim, Sang-Rok;Cho, Sanghyun;Lee, Min-Soo;Lee, Jun-Sup;Kim, In Ho;Kim, Sung Hoon;Kim, Young-Gab
    • Annual Conference of KIPS
    • /
    • 2007.11a
    • /
    • pp.1154-1157
    • /
    • 2007
  • 최근 몇 년 동안 피싱, 파밍, 크라임웨어에 의한 피해 사례 발생이 증가되고 있다. 현재까지의 피싱 관련 솔루션이 대부분 블랙리스트 방식이고 아직까지 피싱 사이트 판단 기준이 없으며 사람들이 이에 대한 인식의 부족으로 인해 이러한 위협을 대처하는데 많은 한계를 가지고 있다. 이에 본 연구에서는 화이트 리스트 기반 웹사이트 보안수준 확인 시스템을 설계하고 이의 파일럿 시스템을 개발하였다. 각 사이트에 대해 피싱 관련 보안수준을 확인하여 신뢰할 수 있는 사이트들을 선별하고 보안수준 정보를 제공함으로써 안전한 인터넷 이용 기반을 제공할 수 있는 방안이 마련될 것으로 기대한다.