• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.49-60
• /
• 2015

Smart Grid devices are the major components of the Smart Grid. They collect and process a variety informations relating power services and support intelligent power services by exchanging informations with other SG devices or systems. However, If a SG device is attacked, the device can provide attack route to attacker and attacker can attack other SG devices or systems using the route. It may cause problem in power services. So, when cyber incident is happened, we need to acquire and examine digital evidence of SG device quickly to secure availability of SG. In this paper, we designed remote evidence acquisition system to acquire digital evidences from SG devices to response quickly to incidents of SG devices. To achieve this, we analyzed operating environment of SG devices and thought remote digital evidence acquisition system of SG devices will be more effective than remote digital evidence acquisition system targeted general IT devices. So, we introduce design method for SG devices remote evidence acquisition system considered operating environment of SG devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.501-519
• /
• 2017

With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.587-593
• /
• 2021

In this thesis, we will break away from the classic DDoS response system for large-scale denial-of-service attacks that develop day by day, and effectively endure intelligent denial-of-service attacks by utilizing artificial intelligence-based technology, one of the core technologies of the 4th revolution. A possible service model development plan was proposed. That is, a method to detect denial of service attacks and minimize damage through machine learning artificial intelligence learning targeting a large amount of data collected from multiple security devices and web servers was proposed. In particular, the development of a model for using artificial intelligence technology is to detect a Western service attack by focusing on the fact that when a service denial attack occurs while repeating a certain traffic change and transmitting data in a stable flow, a different pattern of data flow is shown. Artificial intelligence technology was used. When a denial of service attack occurs, a deviation between the probability-based actual traffic and the predicted value occurs, so it is possible to respond by judging as aggressiveness data. In this paper, a service denial attack detection model was explained by analyzing data based on logs generated from security equipment or servers.

• Journal of Convergence for Information Technology
• /
• v.11 no.5
• /
• pp.23-29
• /
• 2021

Recently, a situation in which a specific content service is impossible worldwide has occurred due to a failure of the platform service and a significant social and economic problem has been caused in the global service market. In order to secure the stability of platform services, intelligent platform operation management is required. In this study, big data flow management(BDFM) and implementation method were proposed to quickly detect to abnormal service status in the platform operation environment. As a result of analyzing, BDFM technique improved the characteristics of abnormal failure detection by more than 30% compared to the traditional NMS. The big data flow management method has the advantage of being able to quickly detect platform system failures and abnormal service conditions, and it is expected that when connected with AI-based technology, platform management is performed intelligently and the ability to prevent and preserve failures can be greatly improved.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.313-321
• /
• 2014

In current society, the digital era that makes enormous amount of data, and the diversified city, the smart space, which has characteristics of creating, collecting and representing data, is appeared. After 2012, in the social media environment called hyper-connected society with wide-spread smart phone, people started to get interested in public data and big data by generalized mobile device and SNS. At first, development of forming platform of data was focused, but now, many different idea from diverse area have been suggested about data analysis and usage to visualize the space intellectualization service. To focus on the visualization process to increase the usage of this public data for ordinary people more than specialized people, this research grasps the present condition of open data and public data service from the current public data portal and considers the applicability of them. As the result of research, the analysis and application of data to ordinary people decrease the use of paper documents, and this research will help to develop the application which is fast and accurate about individual behavior and demand to utilize public data service in intellectual space.

• Ecology and Resilient Infrastructure
• /
• v.6 no.4
• /
• pp.236-242
• /
• 2019

In this study, we developed the system that can collect and store environmental disaster data into the database and use it for environmental disaster management by converting structured and unstructured documents such as images into electronic documents. In the 4th Industrial Revolution, various intelligent technologies have been developed in many fields. Environmental disaster information is one of important elements of disaster cycle. Environment disaster information management refers to the act of managing and processing electronic data about disaster cycle. However, these information are mainly managed in the structured and unstructured form of reports. It is necessary to manage unstructured data for disaster information. In this paper, the intelligent generation approach is used to convert handout into electronic documents. Following that, the converted disaster data is organized into the disaster code system as disaster information. Those data are stored into the disaster database system. These converted structured data is managed in a standardized disaster information form connected with the disaster code system. The disaster code system is covered that the structured information is stored and retrieve on entire disaster cycle. The expected effect of this research will be able to apply it to smart environmental disaster management and decision making by combining artificial intelligence technologies and historical big data.

• Korean Security Journal
• /
• no.49
• /
• pp.187-214
• /
• 2016

In the mordern society, the reliance on the cyber domain and the cyber connectivity has been increasingly strengthened. Due to this phenomenon, the cyberterror against critical infrastructures and state organs might lead to fatal consequences. Lately, North Korea's cyberattacks against South Korea's national organizations and financial computer networks are becoming more and more intelligent and sophisticated. The cyberattacks against such critical infrastructures have caused enormous economic loss and social disorder. This paper is designed to examine comparatively the cyberterror related laws and organizations of the advanced countries such as U.S. and U.K. and to draw implications. Although those countries are under different institutional and cultural backgrounds with varying security envrionments, they are identically pursuing measures by establishing government-wide counterterror system for coordination and cooperation. They are also commonly focusing upon creating new organizations equipped with new system and upon enhancing intelligence performance and devising punishment regulations. Korea is lack of framework laws regulating cyber security, having only scattered individual laws. Since such legal base is far from efficient counterterror activities, it is necessary that the legal and policy response of the advanced countries should be closely studied for selective introduction. That will eventually lead to legislation of cyber security law. With such legislation on hand, it is subsequently required to strengthen crisis management for prevention of cyberterror and to create joint response team, cooperating with private organizations.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1399-1410
• /
• 2015

Gartner is requiring companies to considerably change their survival paradigms insisting that companies need to understand and provide again the upcoming era of data competition. With the revealing of successful business cases through statistic algorithm-based predictive analytics, also, the conversion into preemptive countermeasure through predictive analysis from follow-up action through data analysis in the past is becoming a necessity of leading enterprises. This trend is influencing security analysis and log analysis and in reality, the cases regarding the application of the big data analysis framework to large-scale log analysis and intelligent and long-term security analysis are being reported file by file. But all the functions and techniques required for a big data log analysis system cannot be accommodated in a Hadoop-based big data platform, so independent platform-based big data log analysis products are still being provided to the market. This paper aims to suggest a framework, which is equipped with a real-time and non-real-time predictive analysis engine for these independent big data log analysis systems and can cope with cyber attack preemptively.