• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.27-34
• /
• 2019

Ransomware is a malicious program code evolved into various forms of attack. Unlike traditional Ransomware that is being spread out using email attachments or infected websites, a new type of Ransomware, such as WannaCryptor, may corrupt files just for being connected to the Internet. Due to global Ransomware damage, there are many studies conducted to detect and defense Ransomware. However, existing research on Ransomware detection only uses Ransomware signature database or monitors specific behavior of process. Additionally, existing Ransomware detection methods hardly detect and defense a new Ransomware that behaves differently from the traditional ones. In this paper, we propose a method to detect Ransomware by arranging decoy files and analyzing the method how Ransomware accesses and operates files in the file system. Also, we conduct experiments using proposed method and provide the results of detection and defense of Ransomware in this paper.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.65-75
• /
• 2017

The Detection Model is the model to find the result of a certain purpose using artificial intelligent, data mining, intelligent algorithms In Cyber Security, it usually uses to detect intrusion, malwares, cyber incident, and attacks etc. There are an amount of unlabeled data that are collected in a real environment such as security data. Since the most of data are not defined the class labels, it is difficult to know type of data. Therefore, the label determination process is required to detect and analysis with accuracy. In this paper, we proposed a KDFL(K-means and D-S Fusion based Labeling) method using D-S inference and k-means(unsupervised) algorithms to decide label of data records by fusion, and a detection model architecture using a proposed labeling method. A proposed method has shown better performance on detection rate, accuracy, F1-measure index than other methods. In addition, since it has shown the improved results in error rate, we have verified good performance of our proposed method.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.11-20
• /
• 2019

Numerous enterprises, organizations and individual users are exposed to large DDoS (Distributed Denial of Service) attacks. DDoS attacks are performed through a BotNet, which is composed of a number of computers infected with a malware, e.g., zombie PCs and a special computer that controls the zombie PCs within a hierarchical chain of a command system. In order to detect a malware, a malware detection software or a vaccine program must identify the malware signature through an in-depth analysis, and these signatures need to be updated in priori. This is time consuming and costly. In this paper, we propose a botnet detection scheme that does not require a periodic signature update using an artificial neural network model. The proposed scheme exploits Word2Vec and accelerated hierarchical density-based clustering. Botnet detection performance of the proposed method was evaluated using the CTU-13 dataset. The experimental result shows that the detection rate is 99.9%, which outperforms the conventional method.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.4
• /
• pp.285-296
• /
• 2018

Among many hacking attempts carried out in the past few years, the cyber-attacks that could have caused a national-level disaster were the attacks against nuclear facilities including nuclear power plants. The most typical one was the Stuxnet attack against Iranian nuclear facility and the cyber threat targeting one of the facilities operated by Korea Hydro and Nuclear Power Co., Ltd (Republic of Korea; ROK). Although the latter was just a threat, it made many Korean people anxious while the former showed that the operation of nuclear plant can be actually stopped by direct cyber-attacks. After these incidents, the possibility of cyber-attacks against industrial control systems has become a reality and the security for these systems has been tightened based on the idea that the operations by network-isolated systems are no longer safe from the cyber terrorism. The ROK government has established a realistic control systems defense concept and in the US, the relevant authorities have set up several security frameworks to prepare for the threats. This paper presented various cyber security attack cases and their scenarios against control systems, along with the analysis of countermeasures for them. Though this task, we attempt to identify the items that need to be considered when designing a domestic security framework to improve security and secure stability.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.105-119
• /
• 2017

Smartphone users hit over eighty-five percentage of Korean populations and personal private items and various information are stored in each user's smartphone. There are so many cases to propagate malicious codes or spywares for the purpose of catching illegally these kinds of information and earning pecuniary gains. Thus, need of information security is outstanding for using smartphone but also user's security perception is important. In this paper, we investigate about how information security affects smartphone operating system choices by users. For statistical analysis, the online survey with questionnaires for users of smartphones is conducted and effective 218 subjects are collected. We test hypotheses via communalities analysis using factor analysis, reliability analysis, independent sample t-test, and linear regression analysis by IBM SPSS statistical package. As a result, it is found that hardware environment influences on perceived ease of use. Brand power affects both perceived usefulness and perceived ease of use and degree of personal risk-accepting influences on perception of smartphone spy-ware risk. In addition, it is found that perceived usefulness, perceived ease of use, degree of personal risk-accepting, and spy-ware risk of smartphone influence significantly on intention to purchase smartphone. However, results of independent sample t-test for each operating system users of Android or iOS do not present statistically significant differences among two OS user groups. In addition, each result of OS user group testing for hypotheses is different from the results of total sample testing. These results can give important suggestions to organizations and managers related to smartphone ecology and contribute to the sphere of information systems (IS) study through a new perspective.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• The Korean Journal of Nuclear Medicine Technology
• /
• v.19 no.2
• /
• pp.74-80
• /
• 2015

Purpose Breast lymphoscintigraphy is an important technique to present for body surface precisely, which shows a lymph node metastasis of malignant tumors at an early stage and is performed before and after surgery in patients with breast cancer. In this study, we evaluated several methods of body outline imaging to present exact location of lesions, as well as compared respective exposure doses. Materials and Methods RANDO phantom and SYMBIA T-16 were used for obtaining imaging. A lesion and an injection site were created by inserting a point source of 0.11 MBq on the axillary sentinel lymph node and 37 MBq on the right breast, respectively. The first method for acquiring the image was used by drawing the body surface of phantom for 30 sec using $Na^{99m}TcO_4$ as a point source. The second, the image was acquired with $^{57}Co$ flood source for 30 seconds on the rear side and the left side of the phantom, the image as the third method was obtained using a syringe filled with 37 MBq of $Na^{99m}TcO_4$ in 10 ml of saline, and as the fourth, we used a photon energy and scatter energy of $^{99m}Tc$ emitting from phantom without any addition radiation exposure. Finally, the image was fused the scout image and the basal image of SPECT/CT using MATLAB$^{(R)}$ program. Anterior and lateral images were acquired for 3 min, and radiation exposure was measured by the personal exposure dosimeter. We conducted preference of 10 images from nuclear medicine doctors by the survey. Results TBR values of anterior and right image in the first to fifth method were 334.9 and 117.2 ($1^{st}$), 266.1 and 124.4 ($2^{nd}$), 117.4 and 99.6 ($3^{rd}$), 3.2 and 7.6 ($4^{th}$), and 565.6 and 141.8 ($5^{th}$). And also exposure doses of these method were 2, 2, 2, 0, and $30{\mu}Sv$, respectively. Among five methods, the fifth method showed the highest TBR value as well as exposure dose, where as the fourth method showed the lowest TBR value and exposure dose. As a result, the last method ($5^{th}$) is the best method and the fourth method is the worst method in this study. Conclusion Scout method of SPECT/CT can be useful that provides the best values of TBR and the best score of survey result. Even though personal exposure dose when patients take scout of SPECT/CT was higher than another scan, it was slight level comparison to 1 mSv as the dose limit to non-radiation workers. If the scout is possible to less than 80 kV, exposure dose can be reduced, and also useful lesion localization provided.