• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.101-115
• /
• 2011

A botnet is a huge network of hacked zombie PCs. Recognizing the fact that the majority of email spam is sent out by botnets, a system that is capable of detecting botnets and zombie PCS will be designed in this study by analyzing email spam. In this study, spam data collected in "an email spam trail system", Korea's national spam collection system, were used for analysis. In this study, we classified the spam groups by the URLs or attached files, and we measured how much the group has the characteristics of botnet and how much the IPs have the characteristics of zombie PC. Through the simulation result in this study, we could extract 16,030 zombie suspected PCs for one hours and it was verified that email spam can provide considerably useful information in tracing zombie PCs.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.99-107
• /
• 2024

Along with economic growth and industrial development, there is an increasing demand for various electronic components and device production of semiconductor, SMT component, and electrical battery products. However, these products may contain foreign substances coming from manufacturing process such as iron, aluminum, plastic and so on, which could lead to serious problems or malfunctioning of the product, and fire on the electric vehicle. To solve these problems, it is necessary to determine whether there are foreign materials inside the product, and may tests have been done by means of non-destructive testing methodology such as ultrasound ot X-ray. Nevertheless, there are technical challenges and limitation in acquiring X-ray images and determining the presence of foreign materials. In particular Small-sized or low-density foreign materials may not be visible even when X-ray equipment is used, and noise can also make it difficult to detect foreign objects. Moreover, in order to meet the manufacturing speed requirement, the x-ray acquisition time should be reduced, which can result in the very low signal- to-noise ratio(SNR) lowering the foreign material detection accuracy. Therefore, in this paper, we propose a five-step approach to overcome the limitations of low resolution, which make it challenging to detect foreign substances. Firstly, global contrast of X-ray images are increased through histogram stretching methodology. Second, to strengthen the high frequency signal and local contrast, we applied local contrast enhancement technique. Third, to improve the edge clearness, Unsharp masking is applied to enhance edges, making objects more visible. Forth, the super-resolution method of the Residual Dense Block (RDB) is used for noise reduction and image enhancement. Last, the Yolov5 algorithm is employed to train and detect foreign objects after learning. Using the proposed method in this study, experimental results show an improvement of more than 10% in performance metrics such as precision compared to low-density images.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.747-761
• /
• 2024

Recently, modern vehicles have been controlled by Electronic Control Units (ECUs), by which the safety and convenience of drivers are highly improved. It is known that a luxury vehicle has more than 100 ECUs to electronically control its function. However, the modern vehicles are getting targeted by cyber attacks because of this computer-based automotive system. To address the cyber attacks, automotive manufacturers have been developing some methods for securing their vehicles, such as automotive Intrusion Detection System (IDS). This development is only allowed to the automotive manufacturers because they have databases for their in-vehicle network (i.e., DBC Format File) which are highly confidential. This confidentiality poses a significant challenge to external researchers who attempt to conduct automotive security researches. To handle this restricted information, in this paper, we propose a method to partially understand the DBC Format File by analyzing in-vehicle network traffics. Our method is designed to analyze Controller Area Network (CAN) traffics so that checksum signals are identified in CAN Frame Data Field. Also, our method creates a Lookup Set by which a checksum signal is correctly estimated for a given message. We validate our method with the publicly accessible dataset as well as one from a real vehicle.

• Journal of Intelligence and Information Systems
• /
• v.28 no.1
• /
• pp.175-196
• /
• 2022

Information and communication and home appliance industries, which were one of South Korea's main industries, are gradually losing their export share as their export competitiveness is weakening. This study objectively analyzed export competitiveness and suggested export-promising countries in order to help South Korea's information communication and home appliance industries improve exports. In this study, network properties, centrality, and structural hole analysis were performed during network analysis to evaluate export competitiveness. In order to select promising export countries, we proposed a new variable that can take into account the characteristics of an already established International Trade Network (ITN), that is, the Global Value Chain (GVC), in addition to the existing economic factors. The conditional log-odds for individual links derived from the Exponential Random Graph Model (ERGM) in the analysis of the cross-border trade network were assumed as a proxy variable that can indicate the export potential. In consideration of the possibility of ERGM linkage, a parametric approach and a non-parametric approach were used to recommend export-promising countries, respectively. In the parametric method, a regression analysis model was developed to predict the export value of the information and communication and home appliance industries in South Korea by additionally considering the link-specific characteristics of the network derived from the ERGM to the existing economic factors. Also, in the non-parametric approach, an abnormality detection algorithm based on the clustering method was used, and a promising export country was proposed as a method of finding outliers that deviate from two peers. According to the research results, the structural characteristic of the export network of the industry was a network with high transferability. Also, according to the centrality analysis result, South Korea's influence on exports was weak compared to its size, and the structural hole analysis result showed that export efficiency was weak. According to the model for recommending promising exporting countries proposed by this study, in parametric analysis, Iran, Ireland, North Macedonia, Angola, and Pakistan were promising exporting countries, and in nonparametric analysis, Qatar, Luxembourg, Ireland, North Macedonia and Pakistan were analyzed as promising exporting countries. There were differences in some countries in the two models. The results of this study revealed that the export competitiveness of South Korea's information and communication and home appliance industries in GVC was not high compared to the size of exports, and thus showed that exports could be further reduced. In addition, this study is meaningful in that it proposed a method to find promising export countries by considering GVC networks with other countries as a way to increase export competitiveness. This study showed that, from a policy point of view, the international trade network of the information communication and home appliance industries has an important mutual relationship, and although transferability is high, it may not be easily expanded to a three-party relationship. In addition, it was confirmed that South Korea's export competitiveness or status was lower than the export size ranking. This paper suggested that in order to improve the low out-degree centrality, it is necessary to increase exports to Italy or Poland, which had significantly higher in-degrees. In addition, we argued that in order to improve the centrality of out-closeness, it is necessary to increase exports to countries with particularly high in-closeness. In particular, it was analyzed that Morocco, UAE, Argentina, Russia, and Canada should pay attention as export countries. This study also provided practical implications for companies expecting to expand exports. The results of this study argue that companies expecting export expansion need to pay attention to countries with a relatively high potential for export expansion compared to the existing export volume by country. In particular, for companies that export daily necessities, countries that should pay attention to the population are presented, and for companies that export high-end or durable products, countries with high GDP, or purchasing power, relatively low exports are presented. Since the process and results of this study can be easily extended and applied to other industries, it is also expected to develop services that utilize the results of this study in the public sector.

• Journal of Intelligence and Information Systems
• /
• v.27 no.4
• /
• pp.73-95
• /
• 2021

This study uses Node2vec graph embedding method and Light GBM link prediction to explore undeveloped export candidate countries in Korea's food and beverage industry. Node2vec is the method that improves the limit of the structural equivalence representation of the network, which is known to be relatively weak compared to the existing link prediction method based on the number of common neighbors of the network. Therefore, the method is known to show excellent performance in both community detection and structural equivalence of the network. The vector value obtained by embedding the network in this way operates under the condition of a constant length from an arbitrarily designated starting point node. Therefore, it has the advantage that it is easy to apply the sequence of nodes as an input value to the model for downstream tasks such as Logistic Regression, Support Vector Machine, and Random Forest. Based on these features of the Node2vec graph embedding method, this study applied the above method to the international trade information of the Korean food and beverage industry. Through this, we intend to contribute to creating the effect of extensive margin diversification in Korea in the global value chain relationship of the industry. The optimal predictive model derived from the results of this study recorded a precision of 0.95 and a recall of 0.79, and an F1 score of 0.86, showing excellent performance. This performance was shown to be superior to that of the binary classifier based on Logistic Regression set as the baseline model. In the baseline model, a precision of 0.95 and a recall of 0.73 were recorded, and an F1 score of 0.83 was recorded. In addition, the light GBM-based optimal prediction model derived from this study showed superior performance than the link prediction model of previous studies, which is set as a benchmarking model in this study. The predictive model of the previous study recorded only a recall rate of 0.75, but the proposed model of this study showed better performance which recall rate is 0.79. The difference in the performance of the prediction results between benchmarking model and this study model is due to the model learning strategy. In this study, groups were classified by the trade value scale, and prediction models were trained differently for these groups. Specific methods are (1) a method of randomly masking and learning a model for all trades without setting specific conditions for trade value, (2) arbitrarily masking a part of the trades with an average trade value or higher and using the model method, and (3) a method of arbitrarily masking some of the trades with the top 25% or higher trade value and learning the model. As a result of the experiment, it was confirmed that the performance of the model trained by randomly masking some of the trades with the above-average trade value in this method was the best and appeared stably. It was found that most of the results of potential export candidates for Korea derived through the above model appeared appropriate through additional investigation. Combining the above, this study could suggest the practical utility of the link prediction method applying Node2vec and Light GBM. In addition, useful implications could be derived for weight update strategies that can perform better link prediction while training the model. On the other hand, this study also has policy utility because it is applied to trade transactions that have not been performed much in the research related to link prediction based on graph embedding. The results of this study support a rapid response to changes in the global value chain such as the recent US-China trade conflict or Japan's export regulations, and I think that it has sufficient usefulness as a tool for policy decision-making.