• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1087-1101
• /
• 2020

Various security devices are used to protect internal networks and valuable information from rapidly evolving cyber attacks. Firewall, which is the most commonly used security device, tries to prevent malicious attacks based on a text-based filtering rule (i.e., access control policy), by allowing or blocking access to communicate between inside and outside environments. However, in order to protect a valuable internal network from large networks, it has no choice but to increase the number of access control policy. Moreover, the text-based policy requires time-consuming and labor cost to analyze various types of vulnerabilities in firewall. To solve these problems, this paper proposes a 3D-based hierarchical visualization method, for intuitive analysis and management of access control policy. In particular, by providing a drill-down user interface through hierarchical architecture, Can support the access policy analysis for not only comprehensive understanding of large-scale networks, but also sophisticated investigation of anomalies. Finally, we implement the proposed system architecture's to verify the practicality and validity of the hierarchical visualization methodology, and then attempt to identify the applicability of firewall data analysis in the real-world network environment.

• Journal of the Korea Society for Simulation
• /
• v.20 no.1
• /
• pp.69-77
• /
• 2011

Modeling and Simulation(M&S) technology gets an attention from various parts such as industry and military. Especially, military uses the technology to cope with a different situation from the one in the Cold War and maximize the effect of training against the cost in the new environment. In order for the training based on M&S technology to be effective, the situations of a battlefield and a combat must be more realistically simulated. For this, a technique development on Computer-Generated Forces(CGF) which represents a unit's simulation logic and a human's simulated behaviors is focused. The CGF simulating a human's behaviors can be used in representing an enemy force, experimenting behaviors in a future war, and developing a new combat idea. This paper describes a methodology to accomplish Computer-Generated Forces' autonomous intelligence. It explains the process of applying a task behavior list based on the METT+T element onto CGFs. On the other hand, in the domain knowledge of military field manual, fuzzy facts such as "fast" and "sufficient" whose real values should be decided by domain experts can be easily found. In order to efficiently implement military simulation logics involved with such subjectivity, using a fuzzy inference methodology can be effective. In this study, a fuzzy inference methodology is also applied.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.9-15
• /
• 2013

Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user's behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.10
• /
• pp.4814-4821
• /
• 2012

An e-passport is equipped with bio information by adding the non-attachable IC chip with a smart function. In order to solve such a problem, the user's privacy is protected by using the BAC, PA, AA and EAC mechanisms. However, the password key used in the BAC mechanism is made of the combination of the MRZ values. As a result, it is possible to decode the password by using the indiscriminate attacking program after finding out the combined rules of MRZ. This thesis suggests the mechanism with an improved level of efficiency through the time-stamp values by using the information of images and fingerprints and checking the forge or falsification of the e-passport when establishing a safe channel between the chip of the e-passport and the decoding system.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.6 s.38
• /
• pp.9-16
• /
• 2005

Recently, since the number of internet users is increasing rapidly and, by using the Public hacking tools, general network users can intrude computer systems easily, the hacking problem is setting more serious. In order to prevent the intrusion. it is needed to detect the sign in advance of intrusion in a Positive Prevention by detecting the various forms of hackers intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various. In this Paper, we propose a detection algorithm for session patterns and FCM.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.399-406
• /
• 2010

Many problems are arisen due to the weakness in the security and invasion to privacy by malicious attacker or internal users while various data services are available in ubiquitous network environment. The matter of controlling security for various contents and large capacity of data has appeared as an important issue to solve this problem. The allocation methods of Ito, Saito and Nishizeki based on traditional polynomial require all shares to restore the secret information shared. On the contrary, the secret information can be restored if the shares beyond the threshold value is collected. In addition, it has the effect of distributed DBMS operation which distributes and restores the data, especially the flexibility in realization by using parameters t,v,k in combinatorial design which has regularity in DB server and share selection. This paper discuss the construction of new share allocation method and data distribution/storage management with the application of matrix structure of t-(v,k,1) design for allocating share when using secret sharing in management scheme to solve the matter of allocating share.

• Journal of KIISE:Databases
• /
• v.31 no.1
• /
• pp.1-12
• /
• 2004

As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.99-107
• /
• 2016

The purpose of this study is to analyse motor vehicle communication network hacking attacks and to provide its prevention. First, the definition of motor vehicle communication network was provided and types of in-vehicle communication network were discussed. Also, bluetooth hacking attack cases were analysed in order to illustrate dangers of hacking attacks. Based on the analysis, two preventive measures were provided. First, Motor Vehicle Safety Standard Law should be revised. Although the law provides the definition of electronic control system and its standards as well as manufacturing and maintenance for safe driving standards, the law does not have standards for electronic control system hacking prevention and defensive security programs or firmware. Second, to protect motor vehicle communication network, it is necessary to create new laws for motor vehicle communication network protection.

• Journal of Digital Contents Society
• /
• v.19 no.8
• /
• pp.1471-1480
• /
• 2018

This study explored what the phenomenon of 'Chinmokjil(Socializing Behavior)', which online community is seriously wary of, implies and actually affects the online community. Interviews were conducted for 13 people who had experienced Chinmokjil in online communities, and the results were analyzed by qualitative analysis. First, Chinmokjil is conceptualized as 'privatization or privately organizing of online community' Second, the actual phenomenons of Chinmokjil are sub-categorized as 8 categories Third, the ultimate negative impacts of Chinmokjil are sub-categorized as 3 categories. Based on the results, it can be explained that the unique norms of communities in online are different from those in offline.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.661-674
• /
• 2021

Malware, such as a rootkit that modifies the kernel, can adversely affect the analyst's judgment, making the analysis difficult or impossible if a mechanism to evade memory analysis is added. Therefore, we plan to preemptively respond to malware such as rootkits that bypass detection through advanced kernel modulation in the future. To this end, the main structure used in the Windows kernel was analyzed from the attacker's point of view, and a method capable of modulating the kernel object was applied to modulate the memory dump file. The result of tampering is confirmed through experimentation that it cannot be detected by memory analysis tool widely used worldwide. Then, from the analyst's point of view, using the concept of tamper resistance, it is made in the form of software that can detect tampering and shows that it is possible to detect areas that are not detected by existing memory analysis tools. Through this study, it is judged that it is meaningful in that it preemptively attempted to modulate the kernel area and derived insights to enable precise analysis. However, there is a limitation in that the necessary detection rules need to be manually created in software implementation for precise analysis.