• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.133-140
• /
• 2005

The whole network system is paralyzed due to excess event of security server once in a while. If that happens, We have to analyze the cause of events, the time will require when we deal with a matter All the while, ACU(ACCESS CONTROL UNIT) and security server are off, We can not treat about information retrieval of people who come to building with real time. In this paper, we suggested classification algorithm in order to prevent of information explosion.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.43-55
• /
• 2015

Security infrastructure of Educational Network responds to threats by collecting and analyzing security events from various information protection system based on the integrated management system. Even if this system provides useful and detailed information to the administrator, there are some problems that this system does not provide effective response process and management systems for various threatening situations and the simultaneous threat processes. To solve this problem, we propose and develop security agents that enable the administrator to effectively manage integrated security for Educational Network. The proposed solution provides the administrator with efficient management techniques and process scheduling for various security events so that the administrator can response promptly to problems with the initial threat to Educational Network.

• Journal of Broadcast Engineering
• /
• v.25 no.5
• /
• pp.770-775
• /
• 2020

Since 360-degree ERP frame structure has location-dependent distortion, existing video surveillance algorithms cannot be applied to 360-degree video. In this paper, an activated viewport based event detection method is proposed for 360-degree video. After extracting activated viewports enclosing object candidates, objects are finally detected in the viewports. These objects are tracked in 360-degree video space for region-based event detection. The proposed method is shown to improve the recall and the false negative rate more than 30% compared to the conventional method without activated viewports.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.1271-1273
• /
• 2017

융합 보안이란, 물리적으로 정보, 인명, 시설을 보호하는 물리 보안과 ICT 기술을 이용한 정보 보안과의 융합되는 보안 기술 및 서비스를 의미한다. 최근에 IoT 환경의 발전으로 다양한 센서로부터 얻은 정보를 바탕으로 사용자의 상태, 위치 추적, 위험, 제한 시설의 접근을 감지하여 융합 보안에 활용하고자 하는 연구가 진행되고 있다. 본 논문에서는 융합 보안 환경에서 사용자의 위험 요소를 정의하고, 위험 요소에 따른 이벤트를 생성하기 위한 기법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.385-395
• /
• 2018

With the development of Internet, cyber attack has become a major threat. To detect cyber attacks, intrusion detection system(IDS) has been widely deployed. But IDS has a critical weakness which is that it generates a large number of false alarms. One of the promising techniques that reduce the false alarms in real time is machine learning. However, there are problems that must be solved to use machine learning. So, many machine learning approaches have been applied to this field. But so far, researchers have not focused on features. Despite the features of IDS alerts are important for performance of model, the approach to feature is ignored. In this paper, we propose new feature set which can improve the performance of model and can be extracted from a single alarm. New features are motivated from security analyst's know-how. We trained and tested the proposed model applied new feature set with real IDS alerts. Experimental results indicate the proposed model can achieve better accuracy and false positive rate than SVM model with ordinary features.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06c
• /
• pp.566-570
• /
• 2010

최근에는 스마트 폰의 저변이 확대되면서, 보안 취약성에 대한 많은 문제점이 새롭게 등장하고 있다. 스마트 폰 프로그램은 PC 환경에서 실행되는 프로그램과는 달리, 배포가 이루어진 이후에 소프트웨어 업데이트 등의 방법으로 보안 취약성을 제거하는 것이 매우 어려운 특징이 있다. 기존의 테스트 방법론은 스마트 폰의 특성에 대한 고려가 없기 때문에 스마트 폰을 위한 테스트 방법론과 함께 이를 위한 동적 테스트 도구에 대한 연구가 필요하다. 본 논문에서는 이벤트 구동 방식으로 동작하는 스마트 폰 프로그램의 특징을 고려한 동적 테스트 도구를 설계한다. 테스트 도구는 컴파일러 이론을 적용하여 체계적으로 설계 한다. 제안한 도구는 테스트 케이스 생성기와 테스팅 시스템으로 구성되며, 이벤트 구동 방식으로 동작하는 소프트웨어의 취약성 검출 자동화 도구로 활용할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1315-1324
• /
• 2012

Security visualization is a form of the data visualization techniques in the field of network security by using security-related events so that it is quickly and easily to understand network traffic flow and security situation. In particular, the security visualization that detects the abnormal situation of network visualizing connections between two endpoints is a novel approach to detect unknown attack patterns and to reduce monitoring overhead in packets monitoring technique. However, the session-based visualization doesn't notice a difference between normal traffic and attacks that they are composed of similar connection pattern. Therefore, in this paper, we propose an efficient session-based visualization method for analyzing and detecting between normal server activities and attacks by using the IP address splitting and port attributes analysis. The proposed method can actually be used to detect and analyze the network security with the existing security tools because there is no dependence on other security monitoring methods. And also, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.109-121
• /
• 2002

As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing a system for centralized security management, also known as Enterprise Security Management(ESM), uniting functions of various security systems such as firewall, intrusion detection system, virtual private network and so on. Unfortunately, however, developers have been suffering with a lack of related standard. Although ISTF recently announced firewall system and intrusion detection system log format, it still needs for truly efficient ESM further development of the related standard including event and control messaging. This paper analyses ISTF standard and further suggests an additional event and control messaging standard for firewall and intrusion detection systems. It is expected that this effort would be helpful for the development of ESM and further related standard.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.33-36
• /
• 2022

이벤트 로그(Event Log)는 윈도우 운영체제에서 시스템 로그를 기록하는 형식으로 시스템 운영에 대한 정보를 체계적으로 관리한다. 이벤트는 시스템 자체 또는 사용자의 특정 행위로 인해 발생할 수 있고, 그러한 이벤트 로그는 시스템의 시작과 종료뿐만 아니라 기업 보안 감사, 악성코드 탐지 등 행위의 근거로 사용될 수 있다. 본 논문에서는 PC 종료 관련 실험을 통해 이벤트 로그와 ID를 분석하였다. 분석 결과를 통해 PC의 정상 및 비정상 종료 여부를 판단하여, 현장 압수·수색 시 해당 저장매체에 대해 선별압수·매체압수의 해당 여부 식별이 가능하다. 본 연구는 현장수사관이 디지털증거 압수·수색 시 절차적 적법성과 증거능력 확보의 근거 활용에 기여할 수 있다.