• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1417-1420
• /
• 2008

본 연구에서는 서비스를 제공하는 각 서버들을 위협에서 보호하고 통합적으로 관리하기 위해 내장 IDS기반의 통합 보안관리 시스템을 개발하였다. IDS 서버를 외부망과 단절시킴으로써 IDS 서버에 대한 위협 자체를 원천적으로 차단하였고, 관리 대상 서버들에 에이전트를 탑재하여 탑재된 에이전트가 서버의 시스템 자원 및 네트워크 트래픽, 위협이 되는 패킷들의 자세한 정보를 수집, 분석하여 관리서버로 전송한다. 관리 프로그램은 비동기식의 X-Internet기술을 도입한 Adobe Flex를 사용한 웹 어플리케이션으로 개발하여 어떤 플랫폼에서도 접속하여 관리자의 역할을 수행할 수 있도록 하였다. 이와 같은 관리 프로그램을 통하여 대상 서버들의 시스템 자원 및 네트워크 트래픽들을 효율적으로 파악할 수 있고 IDS에서 탐지한 위협을 탐지 및 차단이 가능하도록 구현하였다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.4
• /
• pp.1012-1017
• /
• 2008

Recently, the use of wireless fan is increased by the development of wireless communication and convenience. Moreover, it makes an issue of security threat and vulnerability of wireless tan. Therefore, the IEEE established new standard such as 802.11i in 802.11 to supplement security vulnerability of wireless tan. But the security threat that does not solve, still remains. In this paper, we proposed that the location detection algorithm, that is used Kalman-Filter, Lateration and RSSI, and the mechanism that detects security status of AP and unauthorized AP by using beacon-frame of AP in building. Finally, we confirmed performance of proposed algorithm is good in comparison of established algorithm.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.404-406
• /
• 2003

C언어는 포인터형 변수를 제공하며 배열의 경계를 인식하지 않는다. 이러한 특성에서 기인한 버퍼넘침 (buffer overflew)은 널리 알려진 취약점으로서 보안침해 수단으로 널리 악용되고 있다. 이 문제를 해결하기 위한 한 방법으로 오용탐지기술은 버퍼넘침에 공통적으로 사용되는 시그너쳐(Signature)를 가지고 클라이언트(client)가 전송한 패킷을 검사함으로서 고전적인 버퍼넘침을 탐지하고 있다. 본 논문에서는 이러한 탐지 방법을 우회할 수 있는 보다 위협적이고 지능적인 보안침해 가능성을 제시한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1841-1848
• /
• 2013

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.21-28
• /
• 2006

Beginning flag security it was limited in Firewall but currently many information security solutions like Anti-virus, IDS, Firewall are come to be many. For efficiently managing different kinds of information security products ESM (Enterprise Security management) are developed and operated. Recently over the integrated security management system, TMS (Threat Management System) is rising in new area of interest. It follows in change of like this information security product and also collection information is being turning out diversification. For managing cyber threats, we have to analysis qualitative information (like vulnerabilities and malware codes, security news) as well as the quantity event logs which are from information security products of past. Information Threats and Vulnerability Auto Collector raises the accuracy of cyber threat judgement and can be utilized to respond the cyber threat which does not occur still by gathering qualitative information as well as quantity information.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.72-76
• /
• 2010

네트워크가 발전함에 따라 다양한 종류의 악성 소프트웨어들이 현대의 보안을 위협하고 있다. 최근 이러한 악성 소프트웨어 중 하나인 봇의 경우 스스로 네트워크를 구축하고, 이를 이용한 다양한 형태의 공격들에 활용되고 있다. 본 논문에서는 최근 위협이 되고 있는 봇넷 탐지의 연구 방향성을 제안한다. 이를 위해 봇넷의 특성을 분석하고, 기존의 탐지 방식들에 대해서 기술한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.785-788
• /
• 2012

클라우드 컴퓨팅의 핵심인 가상머신에 대한 보안 기술 연구들을 계속 진행하고 있다. 기업들은 다양한 클라우드 서비스를 제공하고 있지만, 기존 가상화 기술의 취약점과 더불어 서비스를 하기 때문에 여러 가지 보안 위협들이 나타나고 있으며, 악성코드 및 바이러스 공격으로 가상 컴퓨팅 서비스 거부, 정보 유출, 비인가 사용자에 대한 보안 위협 또한 심각하다. 따라서 본 논문에서는 클라우드 컴퓨팅 환경의 가상화 내에서 발생하는 보안 위협들과 이를 탐지 및 차단하기 위한 보안 기술과 앞으로 연구 해야할 클라우드 가상화 보안 연구 대해 대해 알아본다.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.411-421
• /
• 2015

These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.