• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.319-337
• /
• 2012

To stress the importance of privacy in social networking, I presented an analysis on how information control and information management vulnerability influence trust and privacy concerns in social networking, and how trust and privacy concerns influence the sustainable usage intention of social network services. I also analyzed the factors affecting privacy concerns to present the method to alleviate social network users' concerns about privacy. Information collection control, information processing control and information management vulnerability were chosen and analyzed as the factors affecting privacy concerns. The results showed that information collection control and information management vulnerability significantly affected trust and privacy concerns; and information processing control did not significantly affect privacy concerns. The relationship between trust and privacy concerns, and sustainable usage intention was statistically significant; and the relationship between trust and expansion of communication channels was also statistically significant.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.543-550
• /
• 2001

In this paper, an improved detection system for the network vulnerability scan attacks is proposed. The proposed system improves the methodology for detecting the network vulnerability scan attacks and provides a global detection and response capability that can counter attacks occurring across an entire network enterprize. Through the simulation, we show that the proposed system can detect vulnerable port attacks, coordinated attacks, slow scans and slow coordinated attacks. We also show our system can achieve more global and hierarchical response to attacks through the correlation between server and agents than a stand-alone system can make.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.1-10
• /
• 2003

In this paper, we propose a secure communication framework for interaction and information sharing between a server and agents in DS-NVSA(Detection System of Network Vulnerability Scan Attacks) proposed in〔1〕. For the scalability and interoperability with other detection systems, we design the proposed IDMEF and IAP that have been drafted by IDWG. We adapt IDMEF and IAP to the proposed framework and provide SKTLS(Symmetric Key based Transport Layer Security Protocol) for the network environment that cannot afford to support public-key infrastructure. Our framework provides the reusability of heterogeneous intrusion detection systems and enables the scope of intrusion detection to be extended. Also it can be used as a framework for ESM(Enterprise Security Management) system.

• Journal of Korean Society of Rural Planning
• /
• v.21 no.1
• /
• pp.77-87
• /
• 2015

In this study, we try to quantify resident's conflict by rural development project based on previous researches about community capacities required for residents and social networks in rural village for suggesting efficient project model. we analyzed conflict elements in six category such as 'conflict in residents', 'conflict in residents and leaders', 'conflict in leaders', 'conflict in villages', 'conflict in development fund', 'conflict in village by common income project'. These results also analyzed by personal background(age, role, education, income) of respondent in questionary survey. Results show that 'conflict in residents and leaders', 'conflict in leaders', 'conflict in development fund' are perceived differently by age, role, education, and income in 5% significance level. Especially, relatively young age(below 40 years old) expressed clearly about conflict and high scored in item of 'residents and leaders'. Regression model show statistical significance(F=39.807, P=0.000) in influence relation analysis of conflict, network, leadership, and project fund. In this model, network ${\beta}=-0.237$, leadership ${\beta}=-0.375$, project fund ${\beta}=-0.000$ show network and leadership have negative relation to conflict but project fund is difficult to find relation with conflict. In this study, we defined social vulnerability using conflict, network, and leadership and verified the vulnerability of rural village applying regional community capacity in analysis results; vulnerability increased by the size of region and show inverse correlation to future vision of residents.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.659-666
• /
• 2019

MANET can be applied to various applications as it can autonomously configure the network with only mobile nodes. However, the network can be vulnerable to cyber attacks because it is organized in a distributed environment without central control or management. In this paper, we propose a simulation-based network security vulnerability analysis and verification method. Using this method, we simulated the routing message modification attack, Sybil node attack, and TLV message modification attack that may frequently occur in MANET, and confirmed that similar vulnerabilities can be occurred in the real system. Therefore, the proposed method can be used to improve the accuracy of the protocol design by verifying possible security vulnerabilities through simulation during the protocol design procedure.

• Journal of the Korean Institute of Electrical and Electronic Material Engineers
• /
• v.31 no.1
• /
• pp.44-49
• /
• 2018

This study analyzed the Vulnerability of Network Communication devices when IEMI is coupled with the Network System. An Ultra Wide Band Generator (180 kV, 700 MHz) was used as the IEMI source. The EUTs are the Switch Hub and Workstation, which are used to configure the network system. The network system was monitored through the LAN system configuration, to confirm a malfunction of the network device. The results of the experiment indicate that a malfunction of the network occurs as the electric field increases. The data loss rate increases proportionally with increasing radiating time. In the case of the Switch Hub, the threshold electric field value was 10 kV/m for all conditions used in this experiment. The threshold point causing malfunction was influenced only by the electric field value. The correlation between the threshold point and pulse repetition rate was not found. However, in case of the Workstation, it was found that as the pulse repetition rate increases, the equipment responds weakly and the threshold value decreases. To verify the electrical coupling of the EUT by IEMI, current sensors were used to measure the PCB line inside the EUT and network line coupling current. As a result of the measurement, it can be inferred that when the coupling current due to IEMI exceeds the threshold value, it flows through the internal equipment line, causing a malfunction and subsequent failure. The results of this study can be applied to basic data for equipment protection, and effect analysis of intentional electromagnetic interference.

• Journal of the Korea Society for Simulation
• /
• v.13 no.3
• /
• pp.11-20
• /
• 2004

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (i) it is able to analyze behaviors of systems being emerged by interaction between functional elements of network components, (ii) it is able to analyze vulnerability in quantitative manner, and (iii) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.06a
• /
• pp.191-198
• /
• 2003

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (ⅰ) it is able to analyze behaviors of system emerged by interaction with functional elements of components composing network and each other, (ⅱ) it is able to analyze vulnerability in quantitative manner, and (ⅲ) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.