• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.197-206
• /
• 2003

With the growing usage of the networks, the world-wide Internet has become the main means to exchange data and carry out transactions. It has also become the main means to attack hosts. To solve the security problems which occur in the network such as Internet, we import software products of network security elements like an IDS (Intrusion Detection System) and a firewall. In this paper, we have designed and constructed the General Simulation Environment of Network Security model composed of multiple IDSes and a firewall which coordinate by CNP (Contract Net Protocol) for the effective detection of the intrusion. The CNP, the methodology for efficient integration of computer systems on heterogeneous environment such as distributed systems, is essentially a collection of agents, which cooperate to resolve a problem. Command console in the CNP is a manager who controls tie execution of agents or a contractee, who performs intrusion detection. In the Network Security model, each model of simulation environment is hierarchically designed by DEVS (Discrete EVent system Specification) formalism. The purpose of this simulation is to evaluate the characteristics and performance of CNP architecture with rete pattern matching algorithm and the application of rete pattern matching algorithm for the speeding up the inference cycle phases of the intrusion detection expert system.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.60-69
• /
• 2013

Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.25-31
• /
• 2021

The purpose of this study was to keep the Security Control Center, which operates under a shift system, uninterrupted during the COVID-19 virus epidemic. Security facilities responding to cybersecurity threats are essential security facilities that must be operated 24 hours a day, 365 days a day in real time, and are critical to security operations and management. If security facilities such as infectious disease epidemic, system failure, and physical impact are closed or affected, they cannot respond to real-time cyberattacks and can be fatal to security issues. Recently, there have been cases in which security system facilities cannot be operated, such as the closure of facilities due to the COVID-19 virus epidemic and the availability of security systems due to the rainy season, and other cases need to be prepared. In this paper, we propose a plan to configure a security system facility as a multiplexing facility and operate it as an alternative in the event of a closed situation.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.41-49
• /
• 2017

According to a research by global IT market research institute IDC, CSIM(Converged Security Information Management) market of Korea was estimated to be 1.7 trillion KRW in 2010, and it has grown approximately 32% every year since. IDC forcasts this size to grow to 12.8 trillion KRW by 2018. Moreover, this case study exemplifies growing importance of CSIM market worldwide. Traditional CSIM solution consists of various security solutions(e.g. firewall, network intrusion detection system, etc.) and devices(e.g. CCTV, Access Control System, etc.). With this traditional solution, the the data collected from these is used to create events, which are then used by the on-site agents to determine and handle the situation. Recent development of IoT industry, however, has come with massive growth of IoT devices, and as these can be used for security command and control, it is expected that the overall amount of event created from these devices will increase as well. While massive amount of events could help determine and handle more situations, this also creates burden of having to process excessive amount of events. Therefore, in this paper, we discuss potential events that can happen in CSIM system and classify them into 3 groups, and present a model that can categorize and process these events effectively to increase overall efficieny of CSIM system.

• Journal of Korean Society of societal Security
• /
• v.2 no.1
• /
• pp.57-64
• /
• 2009

With the increase in construction of long railway tunnel, social interest in the railway tunnel fire risk has also increased. However, quantitative fire risk research on this topic is still lacking, especially in terms of consideration of uncertainty of each variables used in risk analysis. Hence, in this study, to improve the overall performance of fire risk analysis technique for railway tunnel, Monte-Carlo simulation method is added to the traditional probabilistic risk analysis based on event tree approach and its validity is investigated by applying it to the real railway tunnel project.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.399-405
• /
• 2022

This article is devoted to the consideration of the image strategies of higher education on the example of a comparison of Ukrainian and foreign experience. The relevance of the chosen topic is as follows. Today, educational institutions need to position, shape and elevate their image. PR helps to solve all these tasks, performing a function that is so necessary for establishing mutual understanding as communication management. The following tasks are solved in the article: originality of definitions was investigated; revealed PR and related concepts; analyzed the role of PR in the information promotion of universities; determined the specifics of information promotion, due to temporary conditions and regional development; considered image materials of Ukrainian and foreign universities; disclosed the specifics of the information promotion of the objects under study; analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.175-185
• /
• 2019

The security control is to protect IT system from cyber infringement by deriving valid result values in the process of gathering and analyzing various information. Currently, security control is very effective by using SIEM equipment which enables analysis of systematic and comprehensive viewpoint based on a lot of data, away from analyzing cyber threat information with only fragmentary information. However, It can also be said that cyber attacks are analyzed and coped with the manual work of security personnel. This means that even if there is excellent security equipment, the results will vary depending on the user using. In case of operating a characteristic web service including information provision, This study suggests the basic point of security control through characteristics information analysis, and proposes a model for intensive security control through the type discovery and application which enable a step-wise analysis and an effective filtering. Using this model would effectively detect, analyze and block attacks.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Korean Security Journal
• /
• no.5
• /
• pp.19-40
• /
• 2002

For front, aspect of terror may have to prepare indeed even chemical terror or rocket and small size missile and radioactivity terror because is predicted to become various. Furthermore, when see motion of every countries about nuclear engineerses' bringing round and illicit sale of plutonium, our country may have to prepare in terrorism which is expected thus. So that can finish international event successfully because the United States of America supports great manpower and budget since New York's World Trade Center terror and when see that is considering terror prevention countermeasure, we operate temporarily bursting tube state complete charge team such as terror by each field specialist such as a concern interested including special CBR complete charge moving team among 2002 World Cups soccer game period ahead of international event, must consider safety countermeasure. Specially, biology weapon of chemical weapon and cholera etc. 13 kinds of 5000ton that North Korea plans CBR terror society confusion that North Korea that to terror support nation as well as nuclear weapons development suspicion is defending South Korea communization strategy as real condition that is amplified as well as is saving production brand gets imprinted uses CBR terror at normal times, when see that is planing powerlessness communization unity using CBR weapon at time of war, must operate until bias 2002 World Cups international event finishes cooperation safety countermeasure utensil safely under closer talk between the South Korea ${\cdot}$ Japan ${\cdot}$ North Korea. As for us which must serve 2002 World Cup successfully to accomplish perfectly preparedness of CBR terror firstly, all inhabitants knows well CBR protection trick, and secondly, CBR existing formation that solidify realignment CBR complete charge moving team which of course is consisted of CBR specialist compose and keeping immediate going out attitude operating, by third, that expand CBR individual protection equipment and CBR evacuation equipment and establish individual and group protection attitude naturally, supplement as there is main room that actualize CBR pollution patient's slogan countermeasure by fourth, and develop standard model for CBR terror provision by fifthBecause constructing infra of CBR safety establishing CBR preparedness that utilize it, must minimize damage and contribute inhabitants' life and property protection.