• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.1
• /
• pp.46-52
• /
• 2017

Social attention to information security field is inspired, and manpower demand forecast of this area is getting high. This study surveyed information security knowledge of practitioners who work in a field of information security such as computer and network system. We analyzed a connection between survey data, information protection job system that was suggested by NICE, IT skills that NCS and KISA classified and security field classification system. Base on data that analyzed, this study suggests a curriculum that trains professional manpower who perform duties in the field of information security. Suggested curriculum can be applied to 2 year college, 3 year college and 4 year college. Suggested curriculum provides courses that students who want to work in a field of information security must learn during the college. Suggested courses are closely connected to a related field and detailed guideline is indicated to each course to educate. Suggested curriculum is required, and it combines a theoretical education that become basis and a practical education so that it is not weighted to learn theory and is not only focusing on learning simple commands. This curriculum is established to educate students countermeasures of hacking and security defend that based on scenario that connected to executive ability. This curriculum helps to achieve certificates related to a field more than paper qualification. Also, we expect this curriculum helps to train convergent information security manpower for next generation.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.6
• /
• pp.863-871
• /
• 2013

Recently application of open protocols and external network linkage to the national critical infrastructure has been growing with the development of information and communication technologies. This trend could mean that the national critical infrastructure is exposed to cyber attacks and can be seriously jeopardized when it gets remotely operated or controlled by viruses, crackers, or cyber terrorists. In this paper virtual Honeynet model which can reduce installation and operation resource problems of Honeynet system is proposed. It maintains the merits of Honeynet system and adapts the virtualization technology. Also, virtual Honeynet model that can minimize operating cost is proposed with data analysis and collecting technique based on the verification of attack intention and focus-oriented analysis technique. With the proposed model, new type of attack detection system based on virtual Honeynet, that is Cybertrap, is designed and implemented with the host and data collecting technique based on the verification of attack intention and the network attack pattern visualization technique. To test proposed system we establish test-bed and evaluate the functionality and performance through series of experiments.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.989-998
• /
• 2005

Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system security needs, risk analysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by an information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evolved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assessing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplified, and intrusion data must be diagrammed using a modeling technique this paper, we propose a modeling technique information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.3
• /
• pp.235-245
• /
• 2005

The rapid development of computer network technology has brought the Internet as the major infrastructure to our society. But the rapid increase in malicious computer intrusions using such technology causes urgent problems of protecting our information society. The recent trends of the intrusions reflect that the intruders do not break into victim host directly and do some malicious behaviors. Rather, they tend to use some automated intrusion tools to penetrate systems. Most of the unknown types of the intrusions are caused by using such tools, with some minor modifications. These tools are mostly similar to the Previous ones, and the results of using such tools remain the same as in common patterns. In this paper, we are describing design and implementation of attacker-traceback system, which traces the intruder based on the multi-agent architecture. The system first applied SOM to classify the unknown types of the intrusion into previous similar intrusion classes. And during the intrusion analysis stage, we formalized the patterns of the tools as a knowledge base. Based on the patterns, the agent system gets activated, and the automatic tracing of the intrusion routes begins through the previous attacked host, by finding some intrusion evidences on the attacked system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.