• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2157-2160
• /
• 2003

인터넷의 급속한 발전과 네트워크 시스템의 다양화는 인간에게 편리함을 주는 여러 인프라의 혜택을 주는 반면에 악의적인 사용자로부터의 독창적이고 새로운 유형의 침입들을 야기하고 있다. 하지만, 현재 대부분의 보안 시스템이 침입에 대한 탐지 및 대응 기술에 역점을 두고 알려지지 않은 침입에 대한 탐지 및 신속한 대응이 어렵다. 본 논문에서는 세션 재지정을 이용한 HoneyPot 시스템과 다른 보안 툴과의 연동을 위한 설계 및 구현에 관해서 연구함으로써 기존의 HoneyPot 시스템이 가지는 대응 방법뿐 아니라 능동적이고 효과적인 대응방법에 대해서 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.659-662
• /
• 2013

과거에는 보안디바이스의 안전성을 탑재된 암호알고리즘의 안전성에 의존하였다. 하지만 부채널 분석을 통해 암호알고리즘의 안전성과는 별개로 부채널 정보에 의한 보안디바이스의 물리적 취약성이 존재함이 밝혀졌다. 이러한 보안디바이스의 물리적 취약성을 보완하기 위해서는 최소 2차 상관전력분석에 대한 대응법이 간구되어야 한다. 최근 2차 상관전력분석에 대한 실용적인 대응법으로 1차 마스킹과 셔플링을 혼합한 방법을 많이 활용하고 있다. 하지만 1차 마스킹과 셔플링이 혼합된 부채널 대응법을 1차 상관전력분석으로 분석하였을 경우, 특이한 피크가 발생한다. 본 논문에서는 마스킹과 셔플링이 혼합된 부채널 대응법을 1차 상관전력분석으로 분석하였을 때, 특이한 피트가 발생함을 실험적으로 확인하였고, 그 피크 발생 원인을 소개한다. 뿐만 아니라, 피크 발생 정보를 추가적인 부채널 분석 정보로 활용할 수 있는 방법을 소개한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.631-633
• /
• 2023

본 논문에서는 빅데이터의 활용이 확산되는 현대 사회에서 빅데이터의 수집, 관리, 이용 등에서 나타날 수 있는 문제를 확인하고 그 문제에 대한 기존의 대응 방법과 보완점을 시사한다. 빅데이터의 위험성은 개인 정보유출, 디지털 디바이드, 편향성과 신뢰성, 의존성과 통제 가능성 등이 있다. 해당 문제는 빅데이터의 보편화가 가중될수록 큰 규모의 사회적 문제로 대두될 가능성이 높다. 이를 보완하기 위한 대응 방법을 크게 기술적 대응, 법적 대응, 사회적 대응으로 나누어 알아보고 각 부분의 취약점을 분석하여 개선의 방향을 제시한다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.11a
• /
• pp.255-256
• /
• 2022

자율운항선박 육상원격제어사의 육상원격제어능력은 자율운항선박의 안전 운항 달성에 중요한 요소 중 하나이다. 특히 화재, 침수와 같은 비상상황은 긴밀한 대처를 필요로 하며, 선박에 자율화된 대응 시스템이 있다 하더라도 육상원격제어사의 비상상황 대응능력은 중요도가 높은 원격제어능력이라 할 수 있다. 하지만 육상원격제어사의 능력에 대한 연구는 대부분 선박조종능력에 편향된 경향을 보이며 선박조종 이외의 비상상황대처에 대한 연구는 부족하다. 이에 본 연구는 자율운항선박의 비상상황에 대한 육상원격제어사의 대처능력을 평가하기 위한 방법으로써 행동기반 비상대응능력 평가 모델을 개념화하여 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1291-1307
• /
• 2021

State-sponsored cyberattacks have increased significantly and threaten national security in recent years. State-sponsored cyberattacks are often more sophisticated and destructive that attacks by individuals and private groups because of the concentration of manpower and resources. So major countries including the United States and the United Kingdom, as well as international organizations such as the EU and OECD, are recommending proportional response measures against cyberattacks. The Republic of Korea(ROK) is also trying to change its will to secure cyberattack deterrence and prepare active response through the 「National Cybersecurity Strategy 2019」. However, the ROK is not equipped with an adequate methodology to assess the severity of cyberattacks nor measures for proportional response to such attacks. In this paper, we propose a Cyber Attack Severity Assessment(CASA) methodology that can assess the scale and impact of damage to prepare external response threshold for cyberattacks at the government-level and to enable proportional responses when responding.

• Journal of Navigation and Port Research
• /
• v.40 no.6
• /
• pp.391-400
• /
• 2016

A number of maritime accidents, and accident response activities, including the command and control procedures that were implemented at accident scenes, are analyzed to derive useful information about responding to maritime accidents, and to understand how the chain of events developed after the initial accident. In this research, a new concept of a 'risk based accident response support system' is proposed. In order to identify the event chains and associated hazards related to the accident response activities, this study proposes a 'Brainstorming technique for scenario identification', based on the concept of the HAZID technique. A modified version of Event Tree Analysis was used for quantitative risk analysis of maritime accident response activities. PERT/CPM was used to analyze accident response activities and for calculating overall (expected) response activity completion time. Also, the risk based accident response support system proposed in this paper is explained using a simple case study of risk analysis for oil tanker grounding accident response.

• Korean Journal of Forensic Psychology
• /
• v.11 no.1
• /
• pp.89-115
• /
• 2020

Traditional deception detection methods had examined the difference of one's autonomic physiological responses through asking crime-related and crime-unrelated questions. There has been a continuing controversy regarding the accuracy and validity of the test, and thus, many researchers were motivated to explore and develop alternative efficient methods of detection in which one of them is known as P300-based Complex Trial Protocol (CTP). The P300-based CTP detects deception through comparing the P300 amplitudes between probe and irrelevant stimuli and is known as a counterstrategy of countermeasures. However, many previous studies have used countermeasures created from Rosenfeld et al.'s work (2008). The present study initially conducted a survey asking open-ended questions about the countermeasure use to acquire participant-oriented countermeasures for the main experiment. Then, the study aimed to evaluate whether the CTP can accurately detect deception even in the use of survey-based countermeasures. We firstly selected a set of participant-oriented countermeasures through survey questions. Then, a total of 50 participants were divided into three groups (innocent, guilty, and countermeasures) and performed the CTP. Those assigned to the countermeasures group covertly performed mental countermeasures during the CTP. The results of P300 amplitude analysis revealed that the guilty group's P300 amplitude of probe stimuli was significantly larger than that of irrelevant stimuli. Countermeasures group also had a significantly larger P300 amplitude for probe stimuli compared to irrelevant stimuli, even in the use of countermeasures. The results of bootstrapped amplitude difference (BAD) showed a detection accuracy rate of 81.25%, 82.35%, 82.35% for the innocent, guilty, and countermeasures groups, respectively. These findings demonstrate that the CTP can obtain a high detection rate in participant-oriented countermeasures and suggest the potential use of the CTP in the field.

• Proceedings of The Korean Society of Agricultural and Forest Meteorology Conference
• /
• 2017.11a
• /
• pp.67-70
• /
• 2017

• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.5
• /
• pp.679-684
• /
• 2008

The slow port scan attack detection is the one of the important topics in the network security. We suggest an abnormal traffic control framework to detect slow port scan attacks using fuzzy rules. The abnormal traffic control framework acts as an intrusion prevention system to suspicious network traffic. It manages traffic with a stepwise policy: first decreasing network bandwidth and then discarding traffic. In this paper, we show that our abnormal traffic control framework effectively detects slow port scan attacks traffic using fuzzy rules and a stepwise policy.

• Journal of IKEEE
• /
• v.23 no.2
• /
• pp.413-418
• /
• 2019

Attacks on existing sensor networks include sniffing, flooding, and spoofing attacks. The basic countermeasures include encryption and authentication methods and switching methods. Wormhole attack, HELLO flood attack, Sybil attack, sinkhole attack, and selective delivery attack are the attacks on the network layer in wireless sensor network (WSN). These attacks may not be defended by the basic countmeasures mentioned above. In this paper, new countermeasures against these attacks include periodic key changes and regular network monitoring. Moreover, we present various threats (attacks) in the network layer of wireless sensor networks and new countermeasures accordingly.