• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.97-116
• /
• 2003

Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion defection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.666-668
• /
• 2013

Recently, the kind and number of malicious code, which operates in Operation System of smart devices, are rapidly increasing along with the fast supplement of smart devices. Especially, smart devices based on Android OS have high potential of danger to expose to malicious code as it has an easy access to system authority. When using intent, the global message system provided from Android, inter approach between applications is available, and possible to access to created data by the device. Intent provides convenience to application development in the aspect of reusability of component however, it could be appointed as a risk element in security-wise. Therefore, if intent is used in malicious purpose, it is easy to lead the condition where is weak on security. That is, it is possible to control as accessing to resources which application is carrying to operate by receiving intents as making smart device uncontrollable or consuming system resources. Especially, in case of system authority is achieved, the risks such as smart device control or personal information exposure become bigger when misusing broadcast intent through malicious code. This paper proposes a corresponding method of security vulnerability of Android intent that monitors the appearance of intent with intent pattern inspection, detects and blocks unidentified pattern intent.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.6
• /
• pp.839-847
• /
• 2011

Instrumentation & Control(I&C) System in NPP(Nuclear Power Plant) plays a important role as the brain of human being, it performs protecting, controling and monitoring safety operation of NPP. Recently, the I&C system is digitalized as digital technology such as PLC, DSP, FPGA. The different aspect of digital system which use digital communication to analog system is that it has potential vulnerability to cyber threat in nature. Possibility that digital I&C system is defected by cyber attack is increasing day by day. The result of cyber attack can be adverse effect to safety function in NPP. Therefore, I&C system required cyber security counter-measures that protect themselves from cyber threat efficiently and also cyber security design should be taken into consideration at concept stage in I&C system development process. In this study, we proposed the digital asset analysis method for cyber security assessment of I&C system design in NPP and we performed digital asset analysis of I&C system by using the proposed method.

• Korean Security Journal
• /
• no.60
• /
• pp.113-135
• /
• 2019

Despite being one of the most important national facilities, the National Assembly building of the Republic of Korea has become increasingly vulnerable to potential terrorist attacks, and the instances of demonstrations occurring around and banned items taken into the building are continuing to rise. In addition, promoting the idea of "open assembly" has led to increased visitors and weakened access control. Furthermore, while there is a significant symbolic value attached to attacking the National Assembly building, the level of security management is relatively very low, making it a suitable target for terrorism. In order to address such vulnerability, an appropriate access control system should be in place from the areas surrounding the building. However, the National Assembly Security Service which oversees security around the building is scheduled to disband in June 2020 following the abolition of the conscripted police force in 2023. Therefore, there needs to be an alternative option to bolster the security system outside the facility. In this research, the perceptions of 114 government officials in charge of security at the National Assembly Secretariat toward the protection and security system of the areas surrounding the National Assembly building were examined. Results showed that the respondents believed it was highly likely that risky situations could occur outside the building, and the use of advanced technologies such as intelligent video surveillance, intrusion detection system, and drones was viewed favorably. Moreover, a mid- to long-term plan of establishing a unified three-layer protection system and designating a department in charge of the security outside the building were perceived positively. Lastly, the participants supported the idea of employing private police to replace the National Assembly Security Service for the short term and introducing parliamentary police for the mid- to long-term.

• Journal of Digital Convergence
• /
• v.17 no.1
• /
• pp.347-356
• /
• 2019

Recently, the liberalization of industrial control systems has been accompanied by a major change in the structural paradigm of information systems in the public and public sectors, and potential cyber security problems in the future major infrastructure control systems that cannot respond to the level of security of existing information systems. To cope with this, a cyber security evaluation tool that can evaluate security vulnerability in three dimensions against various infrastructure control system environment is needed. However, a cyber security evaluation in the domestic environments does not have the concept of the current security status and satisfy settings of the infrastructure. Also, the most of items in that environments have had short-term inspection themselves which makes a limitation by a technical area. In order to overcome this problems, many researches are needed to apply CSET (Cyber Security Evaluation Tool) which is the US cyber security evaluation tool to the control environment of various domestic infrastructure. In this paper, first, we analyze methods to apply to the major domain through the analysis of various case studies on existing security assessement tools. Finally, we discuss future directions.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.667-671
• /
• 2001

The Instant Messenger(IM) is the most popular personal communication tool today. IM is a tool that can substitute E-mail for a person, and can secure the user for a company. Further, it is claimed as it has a limitless potential. However, there has been several reports on security issues. It has known that the transmitting message is not secured for the attacks, and hacking tools has been developed. In addition, several reports has been made regards to the vulnerability. In other words, anyone can been through and manipulate the messages that are sent or received via IM. This is a barrier for the IM to be developed as a corporate's strategic tool, and furthermore, it will create serious personal privacy issue. IETF IMPP Working Group is preparing a standard mutual relationship between IM. However, it is complicated due to the American On-Lines's absence, whom has ensured the most number of IM users. There was a discussion only about the form of the transmitting data, but it is insufficient state to discuss the security service for general. In this paper, I design and implement the Secure Instant Messaging System, to solve the IM's vulnerability and the security issue presented above.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.2
• /
• pp.357-364
• /
• 2001

The Instant Messenger(IM) is the most popular personal communication tool today. IM is a tool that can substitute E-mail for a person, and can secure the user for a company. Further, it is claimed as it has a limitless potential. However, there has been several reports on security issues. It has known that the transmitting message is not secured for the attacks, and hacking tools has been developed. In addition, several reports has been made regards to the vulnerability. In other words, anyone can peep through and manipulate the messages that are sent or received via IM. This is a barrier for the IM to be developed as a corporate's strategic tool, and furthermore, it will create serious personal privacy issue. IETF IMPP Working (:roup is preparing a standard mutual relationship between IM. However, it is complicated due to the American On-Lines's absence, whom has ensured the most number of IM users. There was a discussion only about the form of the transmitting data, but it is insufficient state to discuss the security service for general. In this paper, 1 design and implement the Secure Instant Messaging System, to solve the IM's vulnerability and the security issue presented above.

• Smart Media Journal
• /
• v.9 no.3
• /
• pp.71-79
• /
• 2020

Mobile network is used by many users worldwide for diverse services, including phone-call, messaging and data transfer over the Internet. However, this network may experience massive damage if it is exposed to cyber-attacks or denial-of-service attacks via wireless communication interference. Because the mobile network is also used as an emergency network in cases of disaster, evaluation or verification for security and safety is necessary as an important nation-wide asset. However, it is not easy to analyze the mobile core network because it's built and serviced by private service providers, exclusively operated, and there is even no separate network for testing. Thus, in this paper, a virtual mobile network is built using OpenAirInterface, which is implemented based on 3GPP standards and provided as an open source software, and the structure and protocols of the core network are analyzed. In particular, the S1AP protocol messages captured on S1-MME, the interface between the base station eNodeB and the mobility manager MME, are analyzed to identify potential security threats by evaluating the effect of the messages sent from the user terminal UE to the mobile core network.

• Structural Engineering and Mechanics
• /
• v.81 no.6
• /
• pp.665-675
• /
• 2022

The safety problems of giant hydraulic structures such as dams caused by terrorist attacks, earthquakes, and wars often have an important impact on a country's economy and people's livelihood. For the national defense department, timely and effective assessment of damage to or impending damage to dams and other structures is an important issue related to the safety of people's lives and property. In the field of damage assessment and vulnerability analysis, it is usually necessary to give the damage assessment results within a few minutes to determine the physical damage (crack length, crater size, etc.) and functional damage (decreased power generation capacity, dam stability descent, etc.), so that other defense and security departments can take corresponding measures to control potential other hazards. Although traditional numerical calculation methods can accurately calculate the crack length and crater size under certain combat conditions, it usually takes a long time and is not suitable for rapid damage assessment. In order to solve similar problems, this article combines simulation calculation methods with machine learning technology interdisciplinary. First, the common concrete gravity dam shape was selected as the simulation calculation object, and XFEM (Extended Finite Element Method) was used to simulate and calculate 19 cracks with different initial positions. Then, an LSTM (Long-Short Term Memory) machine learning model was established. 15 crack paths were selected as the training set and others were set for test. At last, the LSTM model was trained by the training set, and the prediction results on the crack path were compared with the test set. The results show that this method can be used to predict the crack propagation path rapidly and accurately. In general, this article explores the application of machine learning related technologies in the field of mechanics. It has broad application prospects in the fields of damage assessment and vulnerability analysis.

• Asian-Australasian Journal of Animal Sciences
• /
• v.25 no.1
• /
• pp.122-142
• /
• 2012

The importance of rainfed areas and animal agriculture on productivity enhancement and food security for economic rural growth in Asia is discussed in the context of opportunities for increasing potential contribution from them. The extent of the rainfed area of about 223 million hectares and the biophysical attributes are described. They have been variously referred to inter alia as fragile, marginal, dry, waste, problem, threatened, range, less favoured, low potential lands, forests and woodlands, including lowlands and uplands. Of these, the terms less favoured areas (LFAs), and low or high potential are quite widely used. The LFAs are characterised by four key features: i) very variable biophysical elements, notably poor soil quality, rainfall, length of growing season and dry periods, ii) extreme poverty and very poor people who continuously face hunger and vulnerability, iii) presence of large populations of ruminant animals (buffaloes, cattle, goats and sheep), and iv) have had minimum development attention and an unfinished wanting agenda. The rainfed humid/sub-humid areas found mainly in South East Asia (99 million ha), and arid/semi-arid tropical systems found in South Asia (116 million ha) are priority agro-ecological zones (AEZs). In India for example, the ecosystem occupies 68% of the total cultivated area and supports 40% of the human and 65% of the livestock populations. The area also produces 4% of food requirements. The biophysical and typical household characteristics, agricultural diversification, patterns of mixed farming and cropping systems are also described. Concerning animals, their role and economic importance, relevance of ownership, nomadic movements, and more importantly their potential value as the entry point for the development of LFAs is discussed. Two examples of demonstrated success concern increasing buffalo production for milk and their expanded use in semi-arid AEZs in India, and the integration of cattle and goats with oil palm in Malaysia. Revitalised development of the LFAs is justified by the demand for agricultural land to meet human needs e.g. housing, recreation and industrialisation; use of arable land to expand crop production to ceiling levels; increasing and very high animal densities; increased urbanisation and pressure on the use of available land; growing environmental concerns of very intensive crop production e.g. acidification and salinisation with rice cultivation; and human health risks due to expanding peri-urban poultry and pig production. The strategies for promoting productivity growth will require concerted R and D on improved use of LFAs, application of systems perspectives for technology delivery, increased investments, a policy framework and improved farmer-researcher-extension linkages. These challenges and their resolution in rainfed areas can forcefully impact on increased productivity, improved livelihoods and human welfare, and environmental sustainability in the future.