• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.61-73
• /
• 2015

In order to respond quickly to security threats that are increasing fast and variously, security control personnel needs to understand the threat of a massive amount of logs generated from security devices such as firewalls and IDS. However, due to the limitations of the information processing capability of humans, it takes a lot of time to analyze the vast amount of security logs. As a result, there is problem that the detection and response of security threats are delayed. Visualization technique is an effective way to solve this problem. This paper visualizes the security log using the RGB Palette, offering a quick and effective way to know whether the security threat is occurred. And it was applied empirically in VAST Challenge 2012 dataset.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.587-596
• /
• 2024

Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

• Journal of the Korea Society for Simulation
• /
• v.21 no.3
• /
• pp.17-24
• /
• 2012

This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.469-474
• /
• 2003

네트워크로 연결된 국가기관의 중요한 정보시스템에 대한 보안위협에 대해 기존의 침입차단/탐지시스템을 중심으로 하는 보안솔루션은 잠재적인 보안위협의 처리 한계와 우회하는 새로운 해킹기법 등의 발달로 인해 시스템의 정보보증을 위한 대응책이 떨어지고 있는 것으로 판단된다. 따라서 이에 대한 대안으로 TCSEC B5급(CC EAL5) 이상의 국가기관용 보안운영체제 개발의 필요성이 부각되고 있다. 본 논문은 국가기관용 보안운영체제 개발을 위해 선행되어야 할 안전커널 요구사항에 관한 연구로 이를 위해 먼저 적용될 보안환경과 목적, TCSEC 요구사항, CC 기반 보호프로파일, CC 요구사항을 분석 적용하였다. 이를 기반으로 정보의 중요도에 따라 두개의 등급으로 분류된 국가기관에 적합한 안전커널 요구사항을 제안하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.615-627
• /
• 2024

With the evolution of power systems and advancements in IT technology, there is an increasing demand to shift from serial-based communication to TCP/IP-based communication. However, TCP/IP communication entails various security threats, necessitating extensive consideration from an information security perspective. Security measures such as authentication and encryption cannot be rapidly implemented due to issues like the replacement of Remote Terminal Units (RTUs) and the performance requirements of encryption algorithms. This paper proposes a state estimation-based intrusion detection model to identify and effectively detect threats to power control systems in such a context. The proposed model, in addition to signature detection methods, verifies the validity of acquired data, enabling it to detect attacks that are difficult to identify using traditional methods, such as data tampering.

• Review of KIISC
• /
• v.15 no.1
• /
• pp.23-32
• /
• 2005

기업 활동에서 인터넷과 정보통신 시스템에 대한 의존도가 점차 심화됨에 따라 보안사고의 발생시 기업이 감당해야 할 사업적 위험도 함께 증대하고 있다. 따라서 최근 다양한 사이버 공격의 징후를 조기에 감지하고 대응함으로써 피해범위를 최소화할 수 있는 조기경보 체계의 구축에 많은 기업들이 관심을 갖기 시작했다. 하지만 조기경보 체계의 구축과 운용을 위해서는 비용과 기술적인 장애를 극복해야 한다. 본 논문은 대부분의 기업들이 네트워크에서 실시간 위협탐지를 위해 사용하는 네트워크 침입탐지 시스템(N-IDS)과 정기적인 보안감사용으로 주로 운영하는 취약점분석 시스템(VAS)을 이용하여 경제적이고, 효과적으로 사이버 공격의 징후를 신속하게 파악할 수 있는 조기경보 시스템의 설계방법을 제시하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.192-194
• /
• 2022

This paper analyzes the attack method of pastejacking and proposes a clip toaster that can effectively defend it. When programming, developers often copy and paste code from GitHub, Stack Overflow, or blogs. Pastejacking is an attack that injects malicious data into the clipboard when a user copies code posted on the web, resulting in security threats by executing malicious commands that the user does not intend or by inserting dangerous code snippets into the software. In this paper, we propose clip toaster to visualize and alertusers of threats to defend pastejacking that threatens the security of the developer's terminal and program code. Clip Toaster can visualize security threat notifications and effectively detect and respond to attacks without interfering with user actions.

• Review of KIISC
• /
• v.31 no.3
• /
• pp.13-19
• /
• 2021

IT 기술이 발전함에 따라 사이버 공격은 더욱더 지능화 대량화 되고 있다. 이로 인해 기존의 전통적인 보안 접근만으로는 모든 위협을 탐지하고 분석, 대응하기에는 한계에 이르렀다. 이를 해결하고자 사이버 보안관제에 머신러닝 기술을 적용하고자 하는 연구 및 사례가 증가하고 있다. 이에 본 논문에서는 기존 보안관제 체계 및 문제점에 대해서 알아보고, 이를 해결하고자 적용된 머신러닝 기술 현황에 대해 조사하였다. 그리고 해당 기술이 보안관제에 성공적으로 적용되기 위해 고려해야 할 관리적 측면과 기술적 측면을 제안한다.

• Journal of Aerospace System Engineering
• /
• v.17 no.4
• /
• pp.133-143
• /
• 2023

As drones (also known as UAV) become popular with advanced information and communication technology (ICT), they have been utilized for various fields (agriculture, architecture, and so on). However, malicious attackers with advanced drones may pose a threat to critical national infrastructures. Thus, anti-drone systems have been developed to respond to drone threats. In particular, remote identification data (R-ID)-based UAV detection and identification systems that detect and identify illegal drones with R-ID broadcasted by drones have been developed, and are widely employed worldwide. However, this R-ID-based UAV detection/identification system is vulnerable to security due to wireless broadcast characteristics. In this paper, we analyze the security vulnerabilities of DJI Aeroscope, a representative example of the R-ID-based UAV detection and identification system, and propose a replay-attack-based neutralization method using the analyzed vulnerabilities. To validate the proposed method, it is implemented as a software program, and verified against four types of attacks in real test environments. The results demonstrate that the proposed neutralization method is an effective neutralization method for R-ID-based UAV detection and identification systems.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.77-84
• /
• 2012

The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.