• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.101-106
• /
• 2020

Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.471-480
• /
• 2016

Recently, the damage of cyber attack toward infra-system, national defence and security system is gradually increasing. In this situation, military recognizes the importance of cyber warfare, and they establish a cyber system in preparation, regardless of the existence of threaten. Thus, the study of Intrusion Detection System(IDS) that plays an important role in network defence system is required. IDS is divided into misuse and anomaly detection methods. Recent studies attempt to combine those two methods to maximize advantagesand to minimize disadvantages both of misuse and anomaly. The combination is called Hybrid IDS. Previous studies would not be inappropriate for near real-time network environments because they have computational complexity problems. It leads to the need of the study considering the structure of IDS that have high detection rate and low computational cost. In this paper, we proposed a Hybrid IDS which combines C4.5 decision tree(misuse detection method) and Weighted K-means algorithm (anomaly detection method) hierarchically. It can detect malicious network packets effectively with low complexity by applying mutual information and genetic algorithm based efficient feature selection technique. Also we construct upgraded the the hierarchical structure of IDS reusing feature weights in anomaly detection section. It is validated that proposed Hybrid IDS ensures high detection accuracy (98.68%) and performance at experiment section.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.95-102
• /
• 2016

Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.

• Journal of the Korea Convergence Society
• /
• v.12 no.5
• /
• pp.373-383
• /
• 2021

Our society is aging rapidly. In this super-aged society, the increase in healthcare costs are considered a national problem that undermines the sustainability of social security. Various services for healthcare for the elderly have been promoted to address this. However, most of them have focused on healthcare after the outbreak of chronic diseases and lack preventive healthcare. Most of the preventive healthcare projects are only pilots. In this paper, the current status of health care services for senior citizens at home and abroad was analyzed and based on this, the limitations and improvements were analyzed to propose the establishment of IoT-based Total Silver Care Center. IoT-based Total Silver Care Center may be conveniently monitored the health status of the elderly through various sensors, medical devices, and smart bands. And based on this, it can improve the quality of nursing services through time-saving and work efficiency of nursing providers. In addition, health care interventions may be provided in a timely manner if there is a change in the health status of users. And real-time imaging systems can help overcome mental difficulties.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.4
• /
• pp.117-122
• /
• 2021

In recent years, human damage and loss of money due to various disasters such as typhoons, earthquakes, forest fires, landslides, and wars are steadily occurring, and a lot of manpower and funds are required to prevent and recover them. In this paper, we designed and developed a disaster drone system based on artificial intelligence in order to monitor these various disaster situations in advance and to quickly recognize and respond to disaster occurrence. In this study, multiple disaster drones are used in areas where it is difficult for humans to monitor, and each drone performs an efficient search with an optimal path by applying a deep learning-based optimal path algorithm. In addition, in order to solve the problem of insufficient battery capacity, which is a fundamental problem of drones, the optimal route of each drone is determined using Ant Colony Optimization (ACO) technology. In order to implement the proposed system, it was applied to a forest fire situation among various disaster situations, and a forest fire map was created based on the transmitted data, and a forest fire map was visually shown to the fire fighters dispatched by a drone equipped with a beam projector. In the proposed system, multiple drones can detect a disaster situation in a short time by simultaneously performing optimal path search and object recognition. Based on this research, it can be used to build disaster drone infrastructure, search for victims (sea, mountain, jungle), self-extinguishing fire using drones, and security drones.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• Journal of the Institute of Convergence Signal Processing
• /
• v.22 no.4
• /
• pp.179-184
• /
• 2021

Along with the development of the fourth industry, the public sector has increasingly paid more attention to search using drones and real-time monitoring, for various goals. The drones are used and researched to complete a variety of searching and monitoring missions, including search for missing persons, security, coastal patrol and monitoring, speed enforcement, highway and urban traffic monitoring, fire and wildfire monitoring, monitoring of illegal fishing in reservoirs and protest rally monitoring. Police stations, fire departments and military authorities, however, concentrate on the hardware part, so there are little research on efficient communication systems for the real-time monitoring of data collected from high-performance resolution and infrared thermal imagining cameras, and analysis programs suitable for special missions. In order to increase the efficiency of drones with the searching mission, this paper, therefore, attempts to propose an image analysis technique to increase the precision of search by producing image data suitable for searching missions, based on images obtained from drones and provide the foundation for improving relevant policies and establishing proper platforms, based on actual field cases and experiments.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• Asia pacific journal of information systems
• /
• v.21 no.3
• /
• pp.71-96
• /
• 2011

Within the traditional medical delivery system, patients residing in medically vulnerable areas, those with body movement difficulties, and nursing facility residents have had limited access to good healthcare services. However, Information and Communication Technology (ICT) provides us with a convenient and useful means of overcoming distance and time constraints. ICT is integrated with biomedical science and technology in a way that offers a new high-quality medical service. As a result, rapid technological advancement is expected to play a pivotal role bringing about innovation in a wide range of medical service areas, such as medical management, testing, diagnosis, and treatment; offering new and improved healthcare services; and effecting dramatic changes in current medical services. The increase in aging population and chronic diseases has caused an increase in medical expenses. In response to the increasing demand for efficient healthcare services, a telehealth service based on ICT is being emphasized on a global level. Telehealth services have been implemented especially in pilot projects and system development and technological research. With the service about to be implemented in earnest, it is necessary to study its overall acceptance by consumers, which is expected to contribute to the development and activation of a variety of services. In this sense, the study aims at positively examining the structural relationship among the acceptance factors for telehealth services based on the Technology Acceptance Model (TAM). Data were collected by showing audiovisual material on telehealth services to online panels and requesting them to respond to a structured questionnaire sheet, which is known as the information acceleration method. Among the 1,165 adult respondents, 608 valid samples were finally chosen, while the remaining were excluded because of incomplete answers or allotted time overrun. In order to test the reliability and validity of the assessment scale items, we carried out reliability and factor analyses, and in order to explore the causal relation among potential variables, we conducted a structural equation modeling analysis using AMOS 7.0 and SPSS 17.0. The research outcomes are as follows. First, service quality, innovativeness of medical technology, and social influence were shown to affect perceived ease of use and perceived usefulness of the telehealth service, which was statistically significant, and the two factors had a positive impact on willingness to accept the telehealth service. In addition, social influence had a direct, significant effect on intention to use, which is paralleled by the TAM used in previous research on technology acceptance. This shows that the research model proposed in the study effectively explains the acceptance of the telehealth service. Second, the research model reveals that information privacy concerns had a insignificant impact on perceived ease of use of the telehealth service. From this, it can be gathered that the concerns over information protection and security are reduced further due to advancements in information technology compared to the initial period in the information technology industry, and thus the improvement in quality of medical services appeared to ensure that information privacy concerns did not act as a prohibiting factor in the acceptance of the telehealth service. Thus, if other factors have an enormous impact on ease of use and usefulness, concerns over these results in the initial period of technology acceptance may become irrelevant. However, it is clear that users' information privacy concerns, as other studies have revealed, is a major factor affecting technology acceptance. Thus, caution must be exercised while interpreting the result, and further study is required on the issue. Numerous information technologies with outstanding performance and innovativeness often attract few consumers. A revised bill for those urgently in need of telehealth services is about to be approved in the national assembly. As telemedicine is implemented between doctors and patients, a wide range of systems that will improve the quality of healthcare services will be designed. In this sense, the study on the consumer acceptance of telehealth services is meaningful and offers strong academic evidence. Based on the implications, it can be expected to contribute to the activation of telehealth services. Further study is needed to assess the acceptance factors for telehealth services, such as motivation to remain healthy, health care involvement, knowledge on health, and control of health-related behavior, in order to develop unique services according to the categorization of customers based on health factors. In addition, further study may focus on various theoretical cognitive behavior models other than the TAM, such as the health belief model.

• Korean Security Journal
• /
• no.62
• /
• pp.35-63
• /
• 2020

As the frequency and intensity of catastrophic disasters increase, there is widespread public sentiment that government capacity for disaster response and recovery is fundamentally limited, and that the involvement of civil society and the private sector is ever more vital. That is, in order to strengthen national disaster response capacity, governments need to build disaster systems that are more participatory and function through the channels of civil society, rather than continuing themselves to bear sole responsibility for these "wicked problems." With the advancement of smart mobile technology and social media, government and society as a whole have been called upon to apply these new information and communication technologies to address the current shortcomings of government-led disaster management. As illustrated in such catastrophic disasters as the 2011 Tohoku earthquake and tsunami in Japan, the 2010 Haitian earthquake, and Hurricane Katrina in the United States in 2005, the realization of participatory potential of smart technologies for better disaster response has enabled citizen participation via new smart technologies during disasters and resulted in positive impact on the management of such disasters. In this context, this study focuses on the South Korean context, and aims to analyze Korean government officials' readiness for public participation using smart technologies. On this basis, it aims to offer policy suggestions aimed at promoting smart technology-enabled citizen participation. For this purpose, it proposes a particular model, termed SMART (System, Motivation, Ability, Response, and Technology).