• Convergence Security Journal
• /
• 제19권4호
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• KIPS Transactions on Software and Data Engineering
• /
• 제10권8호
• /
• pp.287-300
• /
• 2021

Collaborative Cyber-Physical Systems (CCPS) are those systems that contain tightly coupled physical and cyber components, massively interconnected subsystems, and collaborate to achieve a common goal. The safety of a single Cyber-Physical System (CPS) can be achieved by following the safety standards such as ISO 26262 and IEC 61508 or by applying hazard analysis techniques. However, due to the complex, highly interconnected, heterogeneous, and collaborative nature of CCPS, a fault in one CPS's components can trigger many other faults in other collaborating CPSs. Therefore, a safety assurance technique based on fault criticality analysis would require to ensure safety in CCPS. This paper presents a Fault Criticality Matrix (FCM) implemented in our tool called CPSTracer, which contains several data such as identified fault, fault criticality, safety guard, etc. The proposed FCM is based on composite hazard analysis and content-based relationships among the hazard analysis artifacts, and ensures that the safety guard controls the identified faults at design time; thus, we can effectively manage and control the fault at the design phase to ensure the safe development of CPSs. To justify our approach, we introduce a case study on the Platooning system (a collaborative CPS). We perform the criticality analysis of the Platooning system using FCM in our developed tool. After the detailed fault criticality analysis, we investigate the results to check the appropriateness and effectiveness with two research questions. Also, by performing simulation for the Platooning, we showed that the rate of collision of the Platooning system without using FCM was quite high as compared to the rate of collisions of the system after analyzing the fault criticality using FCM.

• The Journal of the Korea Contents Association
• /
• 제21권2호
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 한국정보처리학회 2022년도 춘계학술발표대회
• /
• pp.432-435
• /
• 2022

최근 IT 산업의 지속적인 발전으로 사용자들을 위협하는 악성코드, 피싱, 랜섬웨어와 같은 사이버 공격 또한 계속해서 발전하고 더 지능화되고 있으며 변종 악성코드도 기하급수적으로 늘어나고 있다. 지금까지의 시그니처 패턴 기반의 탐지법으로는 이러한 방대한 양의 알려지지 않은 악성코드를 탐지할 수 없다. 따라서 CNN(Convolutional Neural Network)을 활용하여 악성코드를 탐지하는 기법들이 제안되고 있다. 이에 본 논문에서는 CNN 모델 중 낮은 인식 오류율을 지닌 모델을 선정하여 정확도(Accuracy)와 F1-score 평가 지표를 통해 비교하고자 한다. 두 가지의 악성코드 이미지화 방법을 사용하였으며, 2015 년 이후 ILSVRC 에서 우승을 차지한 모델들과, 추가로 2019 년에 발표된 EfficientNet 을 사용하여 악성코드 이미지를 분류하였다. 그 결과 2 바이트를 한 쌍의 좌표로 변환하여 생성한 256 * 256 크기의 악성코드 이미지를 ResNet-152 모델을 이용해 분류하는 것이 우수한 성능을 보임을 실험적으로 확인하였다.

• Convergence Security Journal
• /
• 제20권2호
• /
• pp.29-35
• /
• 2020

The cyber attacks targeting the systems of national and public organizations in the front line of cyber security have been advanced, and the number of cyber attacks has been on the constant rise. In this circumstance, it is necessary to develop the security evaluation technology to prevent cyber attacks to the systems of national and public organizations. Most of the studies of the vulnerability analysis on the information systems of national and public organizations almost focus on automation. In actual security inspection, it is hard to automate some parts. In terms of security policies for threats, many different plans have been designed and applied in the managerial, physical, and technical fields, giving particular answers no matter how they are subjective or situational. These tendencies can be standardized in OCIL(Open Checklist Interactive Language), and partial automation can be achieved. Therefore, this study tries to implement XML Converter in order for OCIL based security level evaluation with typical evaluation questions.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• 제18권2호
• /
• pp.144-155
• /
• 2019

One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제23권3호
• /
• pp.531-543
• /
• 2013

The destruction and prejudice of major infrastructure such as energy, broadcast, communication and transportation could result in a threat to individual rights and liberties, as well as social and economic losses. If a traffic signal control facilities have been violated, the lives of the citizens discomfort as well as causing social disruption such as traffic accident. Because the control system is operating as a closed network and you think it is safe, the information protection system has not been built or security patches and anti-virus updates do not work properly. So, cyber attacks by security vulnerabilities are exposed. Therefore, there is a need to identify the characteristics of the system, and develop appropriate countermeasures in order to prevent cyber attacks and prejudices incidents. This paper examines the vulnerabilities of Intelligent Transport Systems and proposes the improvement of security vulnerabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제29권4호
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제28권6호
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• Journal of the Korea Society of Computer and Information
• /
• 제29권7호
• /
• pp.99-107
• /
• 2024

In an environment where computer-related technologies are rapidly changing, cyber threats continue to emerge as they are advanced and diversified along with new technologies. Therefore, in this study, we would like to collect security-related news articles, conduct LDA topic modeling, and examine trends. To that end, news articles from January 2020 to August 2023 were collected and major topics were derived through LDA analysis. After that, the flow by topic was grasped and the main origin was analyzed. The analysis results show that ransomware attacks in 2021 and hacking of virtual asset exchanges in 2023 are major issues in the recent security sector. This allows you to check trends in security issues and see what research should be focused on in the future. It is also expected to be able to recognize the latest threats and support appropriate response strategies, contributing to the development of effective security measures.