Browse > Article
http://dx.doi.org/10.5762/KAIS.2017.18.9.464

A Research on the Effectiveness of the Vulnerability Detection Against Leakage of Proprietary Information Using Digital Forensic Methods  

Park, Yoon-Jae (Department of Convergence Industry, Seoul Venture University)
Chae, Myung-Sin (Department of Convergence Industry, Seoul Venture University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.18, no.9, 2017 , pp. 464-472 More about this Journal
Abstract
In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.
Keywords
Convergence Security; Cyber Security; Digital Forensics; Information Leakage; Information Protection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Umesh Kumar Singh, and Chanchala Joshi, "Quantitative security risk evaluation using cvss metrics by estimation of frequency and maturity of exploit", WCECS, vol. 1, pp. 19-21, 2016.
2 Losonczi, Peter, Pavel Necas, Norbert Nad, "Risk management in information security", J management ,vol. 1, pp. 77-80, 2016.
3 Amazon, "Investigate vulnerabilities in Amazon Web Services", Available From: https://aws.amazon.com/ko/security/vulnerability-reporting/. (accessed July 30, 2017).
4 J. S. Ahn, B. M. Chang, E. Y. Lee, "A Study on the Critical Evaluation System of Security Vulnerability", Journal of the Institute of Information Security, vol. 25, no. 4, pp. 3-10, 2015. DOI: http://dx.doi.org/10.13089/JKIISC.2015.25.4.921.
5 Businessinsider, "LG inadvertently leaked its next flagship smartphone" Available From: http://uk.businessinsider.com/lg-v30-accidental-leak-2017-8. (accessed August 19, 2017).
6 J, H, Lee, S. J. Lee, "A Study on Detection of Unknown Malicious Code Using Digital Forensic Technique", The Journal of the Institute of Information Security, vol. 24, no. 1, pp. 109-112, 2014. DOI: http://dx.doi.org/10.13089/JKIISC.2014.24.1.107
7 Y. Y. CHO, M. J. Kim, G. H. Park, M. P. Hong, J. Kwak, T. S. Sohn, "A Study on Network Forensics based on Visualization for Detection of Abnormality Behavior", The Journal of the Institute of Information Security, vol. 27, no. 1, pp. 25-37, 2017. DOI: https://doi.org/10.13089/JKIISC.2017.27.1.25
8 Y. H. Kim, "Implementation of Audit System Applying Forensic Analysis Technique to Network Node", The Journal of Korea Society of Electronic Commerce, vol. 14, no. 3, pp. 170-180, 2017.
9 J. S. Hong, Nio Park, W. H. Park, "Zombie PC Detection System Model Using Active Forensic Technology", Journal of Korea Society of Electronic Commerce, vol. 17, no. 3, pp. 117-128, 2012. DOI: http://dx.doi.org/10.7838/jsebs.2012.17.3.117
10 Y. Y. Shin, S. M. Shin, "An Empirical Study on Large-scale Digital Forensic Service", Korea Information Security Society, vol. 1, no. 2, pp. 83-100, 2010.
11 H. G. Moon, S. C. Park, "Establishment of Integrated Management System for Vulnerability Diagnosis for Enhancing Corporate Security", Korean Communications, vol. 31, no. 5, pp. 39-40, 2014.
12 M Rafique, MNA .Khan, "Exploring Static and Live Digital Forensics", IJSER, vol. 4, no. 10, pp. 1048-1051, 2013.
13 A Akbal, and E Akbal, "Digital forensic analysis through Firewall for detection of information crimes in hospital networks", MIPRO, vol. 40, pp. 506-509, 2017. DOI: https://doi.org/10.23919/MIPRO.2017.7973478
14 J. J. Jung, C. M. Lee, "Trend Analysis of Korean Fingerprint Recognition Research Using Network Analysis", Fusion Security Journal, vol. 17, no. 1, pp. 15-30, 2017.
15 N Jain, N Bhanushali, S Gawade, and G Jawale, "Physical and Cyber Crime Detection using Digital Forensic Approach", IJAIIT, vol. 3, no. 1, pp. 834-841, 2017.
16 Deoyani Shirkhedkar, Sulabha Patil, "Analysis of Various Digital Forensic Techniques for Cloud Computing", IJARCS, vol. 5, no. 4, pp. 104-107, 2014.
17 J. K. Kim, "Types and Cases of Windows Infiltration". pp. 6-8, KISA, 2016.
18 P Sundresan, N Sujata, V Cindy De, S Sitifazilah, B Samy, and G Narayana, "Comparative Studies on Mobile Forensic Evidence Extraction Open Source Software for Android Phone", Advanced Science Letters, vol. 23, no. 5, pp. 4483-4486, 2017. DOI: https://doi.org/10.1166/asl.2017.8922   DOI
19 Michael Cohen, Darren Bilby, Germano Caronni, "Distributed forensics and incident response in the enterprise", Digital Investigation vol. 8, no. 0, pp. S101-S102, 2011. DOI: https://doi.org/10.1016/j.diin.2011.05.012   DOI
20 Kyung Hee University, "Correlation Analysis", [Internet]. 2016, Available From: https://klas.khu.ac.kr/common/downloadFile.do?fileId=FIL_16051115271311714bb4. (accessed Aug, 18, 2017)
21 D. H. Lee, J. W. Lee, J. G. Kim, "OWASP TOP 10 Security vulnerability verification method for multitenancy - based web sites", Fusion Security Journal, vol. 16, no. 4, pp. 43-51, 2016.
22 K. A. Lee, J. W. Park, "Casinos Embezzlement Case Analysis and Prediction Research", Journal of the Institute of Electronics and Communication Engineers vol. 6, no. 1, pp. 2-3, 2011.
23 HTTrack, "Website copier", [Internet]. 2017, Available From: https://www.httrack.com/(accessed July 30, 2017)
24 S. J. Oh, K. H. Kim, "A Study on Security Flaw Analysis Vulnerability Using Registry Parsing", The Institute of Electronics Engineers of Korea, Conference Proceedings, pp. 287-290, 2016.
25 LGE, "Firmware Update Confidential document", [Internet]. Available From : http://partner.lge.com/fr/portal/download/download/mobileExternalFileDownload.lge?fileId=GwxUQbA9lqELW8sD9jz3A&content=manual. (accessed July 30, 2017).
26 kbobath, "Cross-site scripting threats", [Internet]. 2017, Available From: http://www.kbobath.com/upload/. (accessed July 30, 2017).
27 ManualsLib, "External site exposure of the manual", [Internet]. 2017, Available From: https://www.manualslib.com/l/lg+sevice+manuals.html. (accessed July 30, 2017).
28 Haibin Hu, "Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system", AIP Conf Proc vol. 1839, no. 1, pp. 1-8, 2017. DOI: http://dx.doi.org/10.1063/1.4982570
29 LGE, "European R&D Testbed access site", [Internet]. Available From: http://eurd-test.lge.com/index.php?send_ok=1. (accessed July 30, 2017).
30 SolarWinds Worldwide, "Access control settings for vulnerable FTP server", [Ienternet]. Available From: http://wellserver.well.hu. (accessed July 30, 2017).
31 G. H. Han, TK Nguyen, H. CHO, S. H. Hwang, C. H. Im, "Cost effective active security inspection framework for web application vulnerability analysis", Information Processing Society, vol. 5, no. 8, pp. 189-196, 2016.
32 Y. J. Park, J. H. Jung, "A Study on Security Threats and Countermeasures in SNS Environment", Korea Science and Research Society, vol. 6, no. 3, pp. 204-221, 2012.
33 J Bhattacharjee, A Sengupta, MS Barik, C Mazumdar, "An analytical study of methodologies and tools for enterprise information security risk management", IGI Global, pp. 1-20, 2017. DOI: http://dx.doi.org/10.4018/978-1-5225-2604-9
34 Y Pan, J White, DC Schmidt, A Elhabashy, L Sturm, J Camelio, and C Williams, "Taxonomies for Reasoning About Cyber-physical Attacks in IoT-based Manufacturing Systems", IJIMAI, vol. 4, no. 3, pp. 1-11, 2017. DOI: https://doi.org/10.9781/ijimai.2017.437
35 KISA, "S/W New Vulnerability Notification Award Management Guide", Available From: https://www.krcert.or.kr/download.do?path=consult&name=160617_Guide.pdf&orgName=. (accessed August 18, 2017)