• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.37-47
• /
• 2023

The growth of the metaverse has been accelerated by the increased demand for non-face-to-face interactions due to COVID-19 and advancements in technologies such as blockchain and NFTs. However, with the emergence of various metaverse platforms and the corresponding rise in users, criminal cases such as ransomware attacks, copyright infringements, and sexual offenses have occurred within the metaverse. Consequently, the need for artifacts that can be utilized as digital evidence within metaverse systems has increased. However, there is a lack of information about artifacts that can be used as digital evidence. Furthermore, metaverse security evaluation and forensic analysis are also insufficient, and the absence of attack scenarios and related guidelines makes forensics challenging. To address these issues, this paper presents artifacts that can be used for user behavior analysis and timeline analysis through dynamic analysis of Roblox, a representative metaverse gaming solution. Based on analyzing interrelationship between identified artifacts through memory forensics and log file analysis, this paper suggests the potential usability of artifacts in metaverse crime scenarios. Moreover, it proposes improvements by analyzing the current legal and regulatory aspects to address institutional deficiencies.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.165-172
• /
• 2023

Nation-state social engineering attacks are steadily being carried out as they are highly effective attacks, primarily to gain an advantage over secret information, diplomatic negotiations or future policy changes. As The Ukraine-Russia war prolongs, the activities of global hacking organizations are steadily increasing, and large-scale cyberattack attempts against major infrastructure or global companies continue, so a countermeasure strategy is needed. To this end, we determined that the social engineering attack cycle excluding physical contact among various social engineering models is the most suitable model, and analyzed the preferred social engineering attack method by comparing it with geopolitical tactics through case analysis. AS a result China favors phishing attacks, which prefer quantity over quality, such as man-made tactics, Russia prefers covert and complex spear phishing reminiscent of espionage warfare, and North Korea uses geopolitical tactics such as spear phishing and watering holes for attacks on the US and South Korea Most of the other countries aimed to secure funds with ransomware. Accordingly, a Clean Pass policy for China, periodic compulsory education in Russia, and international sanctions against North Korea were presented as countermeasure strategies.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.76-94
• /
• 2016

Recently in Korea, the importance of information security awareness has been receiving a growing attention. Attacks such as social engineering and ransomware are hard to be prevented because it cannot be solved by information security technology. Also, the profitability of information security industry has been decreasing for years. Therefore, many companies try to find a new growth-engine and an entry to the foreign market. The main purpose of this paper is to draw out some information security issues and to analyze them. Finally, this study identifies issues and suggests how to improve the situation in Korea. For this, topic modeling analysis has been used to find information security issues of each country. Moreover, the score of sentiment analysis has been used to compare them. The study is exploring and explaining what critical issues are and how to improve the situation based on the identified issues of the Korean information security industry. Also, this study is also demonstrating how text mining can be applied to the context of information security awareness. From a pragmatic perspective, the study has the implications for information security enterprises. This study is expected to provide a new and realistic method for analyzing domestic and foreign issues using the analysis of real data of the Twitter API.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.2
• /
• pp.585-594
• /
• 2018

Virtual currencies have emerged along with new technologies such as block chain, artificial intelligence (AI), and big data. This study examines the benefits of a security-enhanced block chain resulting from individual trading, decentralized from governments, as well as the problems associated with misuse of virtual currencies. Virtual currencies, due to its anonymity, is vulnerable to financial crimes, such as ransom-ware, fraud, drug trafficking, tax evasion and money laundering. Use of virtual currencies can facilitate criminals avoid detection from investigative agencies. Government regulatory policy continues to address these concerns, and the virtual currency exchange has also announced a self-regulation proposal. However, a fundamental solution remains necessary. The purpose of this paper is to investigate the problems regarding abuse of virtual currency and to identify a practical system for transactions involving virtual currencies. However, in order to promote transactions involving virtual currencies and to institutionalize a governance system, multilateral cooperation is required. Although the restricting the use of virtual currencies regarding minors and foreign trade, as well as the introduction of a real-name system are considered promising prospects, many problems remain. Virtual currency is not a simple digital item but a method of redesigning the function of money. Coordinated efforts are needed globally to be able to further activate the positive aspects concerning the use of virtual currencies.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.1-10
• /
• 2018

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.

• The Journal of Korean Association of Computer Education
• /
• v.23 no.1
• /
• pp.63-75
• /
• 2020

From the perspective of compliance with security policies by members of the organization, which is a major cause of security incidents, this study presented biased thinking as factors that affect compliance with security policies and verified the following: First, the impact of biased thinking on security policies on compliance with security policies is verified. Second, the participation of management, perceived risk, education and punishment of management will verify the adjustment effect of increasing or decreasing biased thinking. Finally, we have verified that compliance attitudes have a significant impact on compliance behavior. To this end, 157 people were surveyed, statistical analysis of research models and structural equations, and conformity analysis were conducted. Studies have shown that biased thinking has a negative effect on the attitude of compliance with information security. In addition, it was analyzed that the attitude of compliance with information security policy increases policy compliance behavior. On the other hand, the higher the perceived risk of information security, the lower the bias was the adjustment effect, but management's participation, education and punishment were found to have no adjustment effect.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.46-53
• /
• 2022

Today, due to the 4th industrial revolution and extensive R&D funding, domestic companies have begun to possess world-class industrial technologies and have grown into important assets. The national government has designated it as a "national core technology" in order to protect companies' critical industrial technologies. Particularly, technology leaks in the shipbuilding, display, and semiconductor industries can result in a significant loss of competitiveness not only at the company level but also at the national level. Every year, there are more insider leaks, ransomware attacks, and attempts to steal industrial technology through industrial spy. The stolen industrial technology is then traded covertly on the dark web. In this paper, we propose a system for detecting industrial technology leaks in the dark web environment. The proposed model first builds a database through dark web crawling using information collected from the OSINT environment. Afterwards, keywords for industrial technology leakage are extracted using the KeyBERT model, and signs of industrial technology leakage in the dark web environment are proposed as quantitative figures. Finally, based on the identified industrial technology leakage sites in the dark web environment, the possibility of secondary leakage is detected through the PageRank algorithm. The proposed method accepted for the collection of 27,317 unique dark web domains and the extraction of 15,028 nuclear energy-related keywords from 100 nuclear power patents. 12 dark web sites identified as a result of detecting secondary leaks based on the highest nuclear leak dark web sites.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.