• Korean Security Journal
• /
• no.39
• /
• pp.185-215
• /
• 2014

Since North Korea has used terror crime as a means of unification under communism against South Korea, South Korea has been much damaged until now. And the occurrence possibility of terror crime by North Korean authority is now higher than any other time. The North Korean terror crimes of Kim Il Sung era had been committed by the dictator's instruction with the object of securing governing fund. However, looking at the terror crimes committed for decades during Kim Jung Il authority, it is revealed that these terror crimes are expressed as a criminal behavior because of the conflict to accomplish the power and economic advantage non powerful groups target. This study focused on the power conflict in various causes of terror crimes by applying George B. Vold(1958)'s theory which explained power conflict between groups became a factor of crime, and found the aspect by ages of terror crime behavior by North Korean authority and responding plan to future North Korean terror crime. North Korean authority high-ranking officials were the Labor Party focusing on Juche Idea for decades in Kim Il Sung time. Afterwards, high-ranking officials were formed focusing on military authorities following Military First Policy at the beginning of Kim Jung Il authority, rapid power change has been done for recent 10 years. To arrange the aspect by times of terror crime following this power change, alienated party executives following the support of positive military first authority by Kim Jung Il after 1995 could not object to forcible terror crime behavior of military authority, and 1st, 2nd Yeongpyeong maritime war which happened this time was propelled by military first authority to show the power of military authority. After 2006, conservative party union enforced censorship and inspection on the trade business and foreign currency-earning of military authority while executing drastic purge. The shooting on Keumkangsan tourists that happened this time was a forcible terror crime by military authority following the pressure of conservative party. After October, 2008, first military reign union executed the launch of Gwanmyungsung No.2 long-range missile, second nuclear test, Daechung marine war, and Cheonanham attacking terror in order to highlight the importance and role of military authority. After September 2010, new reign union went through severe competition between new military authority and new mainstream and new military authority at this time executed highly professionalized terror crime such as cyber/electronic terror unlike past military authority. After July 2012, ICBM test launch, third nuclear test, cyber terror on Cheongwadae homepage of new mainstream association was the intention of Km Jung Eun to display his ability and check and adjust the power of party/military/cabinet/ public security organ, and he can attempt the unexpected terror crime in the future. North Korean terror crime has continued since 1980s when Kim Jung Il's power succession was carried out, and the power aspect by times has rapidly changed since 1994 when Kim Il Sung died and the terror crime became intense following the power combat between high-ranking officials and power conflict for right robbery. Now South Korea should install the specialized department which synthesizes and analyzes the information on North Korean high-ranking officials and reinforce the comprehensive information-collecting system through the protection and management of North Korean defectors and secret agents in order to determine the cause of North Korean terror crime and respond to it. And South Korea should participate positively in the international collaboration related to North Korean terror and make direct efforts to attract the international agreement to build the international cooperation for the response to North Korean terror crime. Also, we should try more to arrange the realistic countermeasure against North Korean cyber/electronic terror which was more diversified with the expertise terror escaping from existing forcible terror through enactment/revision of law related to cyber terror crime, organizing relevant institute and budget, training professional manpower, and technical development.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.397-405
• /
• 2021

With the recent phenomenon of the Intelligence Information Society, the cyber security paradigm has begun to change. In particular, the increase of the interconnectedness of the hyperlinked society has extended the scope of damage that can be caused by cyber threats to the real world. In addition to that, it can also be a risk to any given individual who could accompany a crisis that has to do with public safety or national security. Adolescents who are digital natives are more likely to be exposed to cyber threats, which is mainly due to the fact that they are significantly more involved in cyber activities and they also possess insufficient security comprehension and safety awareness. Therefore, it is necessary to strengthen cyber security capabilities of every young individual, so that they can effectively protect themselves against cyber threats and better manage their cyber activities. It examines the changes of the security paradigm and the necessity for cyber security education, which is in direct accordance to the characteristics of a connected society that further suggests directions and a basic system of cyber security education, through a detailed analysis of the current state of Domestic and Overseas Cyber Security Education. The purpose of this study was to define cybersecurity competencies that are necessary within an intelligent information society, and to propose a regular curriculum for strengthening cybersecurity competencies, through the comparison and meticulous analysis of both domestic and overseas educational systems that are pertinent to cybersecurity competencies. Accordingly, a cybersecurity competency system was constructed, by reflecting C3-Matrix, which is a cyber competency system model of digital citizens. The cybersecurity competency system consists of cyber ethics awareness, cyber ethics behavior, cyber security and cyber safety. In addition to this, based on the basic framework of the cybersecurity competency system, the relevant education that is currently being implemented in the United States, Australia, Japan and Korea were all compared and analyzed. From the insight gained through the analysis, the domestic curriculum was finally presented. The main objective of this new unified understanding, was to create a comprehensive and effective cyber security competency curriculum.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.785-802
• /
• 2017

As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.

• Journal of the Korea Society for Simulation
• /
• v.18 no.4
• /
• pp.39-47
• /
• 2009

Recently, the threat of DDoS attacks is increasing and many companies are planned to deploy the DDoS defense solutions in their networks. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. Since it is very hard to prevent the DDoS attack beforehand, the strategic plan is very important. In this work, we have conducted modeling and simulation of the DDoS attack by changing the number of servers and estimated the duration that services are available. In this work, the modeling and simulation is conducted using OPNET Modeler. The simulation result can be used as a parameter of trade-off analysis of DDoS defense cost and the service's value. In addition, we have presented a way of estimating the cost effectiveness in deployment of the DDoS defense system.

• Journal of Digital Convergence
• /
• v.16 no.11
• /
• pp.221-230
• /
• 2018

Most of researchers and business futurists agree that traditional organizational designs are inadequate for coping with today's turbulent and increasingly networked world. Executives in small firms find that their organizations must tap into an extended network of partners to achieve the scale and power needed to succeed in industries dominated by large, global firms. As they attempt to build lean yet agile businesses, these executives are finding that they no longer rely on gut instinct alone. Neither can they simply copy organizational model that worked in the past. They must understand how organizational design choices influence operational efficiency and flexibility and, even more important, how to best align the organization with the environment and the strategy chosen to quickly and effectively sense and respond to opportunities and threats This research examines the capabilities required to build businesses that can survive and prosper in today's fast-faced and uncertain environment. The insights presented in this research have emerged from over 30 years of work with hundreds of executives and entrepreneurs as they struggled to build businesses that could cope with the demands of a rapidly changing, networked global economy. The insights from this research suggest that IT is an important enabler for developing the best capabilities required for success.

• The Journal of the Korea Contents Association
• /
• v.21 no.5
• /
• pp.234-246
• /
• 2021

The purpose of this study is to develop the main subjects of the job-based curriculum by deriving the job analysis results of general security job workers in the physical protection field responsible for responding to threats to nuclear materials and nuclear facilities. In the job analysis stage, FGI was conducted on 7 content experts to derive 8 duties and 55 tasks. In addition, knowledge and skills were drawn for each task. In the analysis of educational needs, surveys were conducted for workers in general security jobs to derive the top 25 educational priorities through t-test and Borich needs assess model. At the stage of selecting core tasks and organizing required/optional contents, 42 tasks, both above average or at least one of them, were derived as core tasks based on the result of evaluation of importance and difficulty ratings of 55 tasks through a questionaire. In addition, tasks applied to the top 25 rankings derived from Borich needs assess model were applied as the required contents when designing courses, and tasks which applied only one of them were selected as optional contents. At the stage of required/optional modules and educational contents, four required modules and five optional modules were derived by drifting similar tasks between the required and optional contents. Based on the above results, the study suggested academic and practical implications and future suggestions.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.2
• /
• pp.267-272
• /
• 2024

Recently, major advanced countries are fostering megacities through policy for reasons such as solving population problems, political and economic issues, and strengthening national competitiveness. The trend of change is accelerating. In Korea, following Seoul and Gyeonggi, mega city policies are being promoted in Busan, Ulsan, Gyeongnam, Daegu and Gyeongbuk, Gwangju and Jeonnam, and Daejeon, Sejong, South Chungcheong and North Chungcheong areas. Due to this urbanization phenomenon, military experts predict that the future battlefield environment will be space or a large city (mega city). From this perspective, Korea will not be able to effectively respond to the threats facing megacities if it does not prepare in advance. Therefore, underground facility operation capabilities optimized for the huge scale of the mega city and the characteristics of the underground operational environment are required. Against this background, the characteristics of the underground operational environment of mega cities and cases of preparation for underground facility operations in advanced military countries such as the United States and Israel were analyzed. Based on this, the capabilities required for underground facility operations suitable for the underground operational environment within Korean megacities are developed from an idea perspective to military organization and combat system, securing special equipment and materials to ensure combatant survival, developing small unit combat techniques, and establishing a training system. It was presented with priority given to.

• Atmosphere
• /
• v.22 no.4
• /
• pp.489-497
• /
• 2012

Recently released a top secret document explicitly shows that the early development plan for an earth observation satellite in the USA has a hidden and more important purpose for a concept of 'free space' than the scientific purpose. At that time, the hidden and secret concept imbedded within the early space development plan prevail other national policies of the USA government for purpose of the national security. Under these circumstances, it is quite reasonable to accept a possibility that the meteorological satellites which play a key role in the every area of meteorology and climatology was also born for the hidden purposes. Even it is so, it is quite amazing that the first meteorological satellite is launched in the USA despite of the facts that the major users of the meteorological satellites were not very enthusiastic with the meteorological satellite and the program was not started as a formal meteorological satellite project. This was only possible because of the external socio-political impact caused by the successful launch of the Russian Sputnik satellite and a few key policy developers who favored the meteorological satellite program. It is also interesting to note that the beginning of the first Korean meteorological satellite program was initiated by a similar socio-political influence occurred by the launch of a North Korean satellite.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1025-1036
• /
• 2016

The conversion of the international standard web utilization HTML5 technology is being developed for improvement of the internet environment based on nonstandard technology like ActiveX. Hyper Text Markup Language 5 (HTML5) of basic programming language for creating a web page is designed to consider the security more than HTML4. However, the range of attacks increased and a variety of security threats generated from HTML4 environment inherited by new HTML5 API. In this paper, we focus on the script-based attack such as CSRF (Cross-Site Request Forgery), Cookie Sniffing, and HTML5 API such as CORS (Cross-Origin Resource Sharing), Geolocation API related with the infringement of the personal information. We reproduced the infringement cases actually and embodied a detection module of a Plug-in type diagnosed based on client. The scanner allows it to detect and respond to the vulnerability of HTML5 previously, thereby self-diagnosing the reliability of HTML5-based web applications or web pages. In a case of a new vulnerability, it also easy to enlarge by adding another detection module.