• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.640-642
• /
• 2002

오늘날 포트 스캔과 같은 취약점 분석 도구들의 보급 확대로 인해 공공의 호스트나 개인 호스트들의 침입 사례가 증폭되고 있는 실정이다. 더욱이, 포트 스캔의 공격 형태 또한 나날이 그 기법이 지능화와 더불어 서비스 거부 공격을 이용한 시스템 무력화라는 형태로 발전하고 있어 기존의 시스템으로는 탐지와 대응에 어려움이 가중되고 있다. 따라서 본 논문에서는 이러한 지능적이면서 공격적인 포트 스캔에 대응하여 호스트를 효율적으로 유지할 수 있는 안전한 포트 스캔 탐지 시스템을 제안한다. 본 시스템은 기존의 NIDS 탐지 기법과는 달리 IP와 TCP 소켓 정보를 동시에 활용하여 포트 스캔을 이용한 서비스 거부 공격시에 적절한 대응책으로 동일 IP 주소에 따른 선택적 로그 파일 저장 기법과 해시 알고리즘을 이용한 데이터 저장 기법이라는 제반 사항들을 구현함으로써 현재 대부분의 탐지 시스템들이 간과하고 있는 포트스캔을 통한 서비스 거부 공격에 대한 일정 수준의 보호를 가능하게 하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.911-914
• /
• 2014

The internet is established as the basic infrastructure of our life and we live in cyberspace on internet, and additionally many problems on cyberspace arise. One among them is the most serious cyber attack of the information society. The cyber attacks increase each year, attack type and the intelligence is evolving, and then the cyber ecosystem is getting more complicated. In this study, we analyze the Internet last incident status and type of Internet invasion and hacking methods, and analyze the corresponding national and international organizations and associations active status.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.19-25
• /
• 2018

Endpoint security is a method of ensuring network security by thoroughly protecting multiple individual devices connected to the network. In this study, we survey the functions and features of various commercial products of endpoint security. Also we emphasizes the importance of endpoint security to respond to the increasingly intelligent and sophisticated security threats against the cloud, mobile, artificial intelligence, and IoT based sur-connection era. and as a way to improve endpoint security, we suggest the ways to improve the life cycle of information security such as preemptive security policy implementation, real-time detection and filtering, detection and modification.

• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.329-330
• /
• 2019

인터넷 기술 및 통신 기술의 급격한 발전과 사물 인터넷을 기반으로 산업 구조가 재편됨에 따라 점차 지능화, 다변화 있는 보안 위협들에 대하여 기존 시스템 보안 중심의 취약성 분석 및 데이터 암호화를 통해 구성된 보안 시스템은 한계를 보이고 있다. 특히 외부 침입 방지를 위해 별도의 사설망을 구축하여 물리적으로 분리된 보안망에 대한 악성코드 유입 등의 보안 위협 발생도 꾸준히 증가하고 있으며 보안 침해 상황 발생 시 빠른 대응도 점차 어려워지고 있다. 이에 본 연구에서는 새로운 유형의 보안 취약성 탐지를 위해 기존 보안 시스템을 구성하는 리엑티브(reactive) 기법 및 휴리스틱(heuristic) 탐지 기법이 아닌 네트워크 패킷 수집 및 분석과 대상 시스템의 비지니스 모델 매칭을 통한 사용자 행위 패턴을 해석하였다. 그리고 실시간 행위 분석을 수행하여 사용자 행위 중심의 이상 징후 감시 기준을 설립함으로써 보안 위협에 대한 행위 유형 판단 기준 및 이상 감지 판단 방법에 대해 제안한다.

• Review of KIISC
• /
• v.30 no.6
• /
• pp.23-30
• /
• 2020

2G에서부터 5G 이동 통신 시대까지 허위 기지국 공격의 위협은 이어져 왔다. 허위 기지국은 정상 기지국으로 위장하여 사용자의 정보를 수집하거나 서비스 거부 공격 등을 수행하는 기지국을 말한다. 바로 이전 세대인 LTE에서는 가짜 재난 문자, 멀웨어 전파, Device Bidding Down 공격 등의 사례가 발표 또는 보고되었다. 5G에서도 LTE의 공격 사례와 같은 공격들이 발생할 수 있어 이에 대한 보안 대책이 연구될 필요가 있다. 현재 3GPP TR 33.809 문서에서 5G에서의 허위 기지국 관련 주요 이슈와 솔루션들이 논의되고 있다. 본 논문에서는 TR 33.809 문서를 바탕으로 5G의 보안을 위한 허위 기지국 대응에 대한 주요 이슈들을 중심으로 분석한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.605-612
• /
• 2011

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. In this paper, we discuss the technologies and standard trends about actual cyber threat and response methods, design the collaborative response framework based on the security information sharing in the inter-domain environments. The computation method of network threat level based on the collaborative response framework is proposed. The network threats are be quickly detected and real-time response can be executed using the proposed computation method.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.231-241
• /
• 2006

When current cyber attacks to information and communication facilities are examined, technologies such as chase evasion technology and defense deviation technology have been rapidly advanced and many weak systems worldwide are often used as passages. And when newly-developed cyber attack instruments are examined, technologies for prefect crimes such as weakness attack, chase evasion and evidence destruction have been developed and distributed in packages. Therefore, there is a limit to simple prevention technology and according to cases, special procedures such as real-time chase are required to overcome cyber crimes. Further, cyber crimes beyond national boundaries require to be treated in international cooperation and relevant procedural arrangements through which the world can fight against them together. However, in current laws, there are only regulations such as substantial laws including simple regulations on Punishment against violation. In procedure, they are treated based on the same procedure as that of general criminal cases which are offline crimes. In respect to international cooperation system, international criminal private law cooperation is applied based on general criminals, which brings many problems. Therefore, this study speculates the procedural law on cyber crimes and presents actual problems of our country and its countermeasures.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.369-376
• /
• 2019

This paper studies desirable form of future e-government in terms of intelligent government research in response to new intelligent cyber security services in the fourth industrial revolution. Also, the strategic planning of the future e-government has been contemplated in terms of the centralization and intellectualization which are significant characteristics of the fourth industrial revolution. The new system construction which is applied with security analysis technology using big data through advanced relationship analysis is suggested in the paper. The establishment of the system, such as SIEM(Security Information & Event Management), which anticipatively detects security threat by using log information through big data analysis is suggested in the paper. Once the suggested system is materialized, it will be possible to expand big data object, allow centralization in terms of e-government security in the fourth industrial revolution, boost data process, speed and follow-up response, which allows the system to function anticipatively.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.15-23
• /
• 2021

In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.49-58
• /
• 2009

Top-down approach in the intelligent robot research has focused on the single object intelligence however, it has two weaknesses. One is that has a high cost and a long spending time of sensing, calculating and communications. The other is the difficulty of responding to react changes in the unpredictable environment. we propose the collective intelligence algorithm based on Bottom-up approach for improving these weaknesses and the applied agent model and verify by simulation. The Modified Flocking Algorithm proposed in this research is the algorithm which is modified version of the concept of the Flocking (Craig Reynolds) which is used to model the flocks, herds, and schools in the graphics or games, and simplified the operation of conventional Flocking algorithm to make it easy to apply for the number of group robots. We modeled the Boid agent and verified possibility collectivization of the Modified Flocking Algorithm by simulation. And We validated by the actual multiple mobile robot experiment.