• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1141-1149
• /
• 2020

Most of the industrial control network is an independent closed network, which is operated for a long time after installation, and thus the OS is not updated, so security threats increase and security vulnerabilities exist. The zero-day attack defense must be applied with the latest patch, but in a large-scale industrial network, it requires a higher level of real-time and non-disruptive operation due to the direct handling of physical devices, so a step-by-step approach is required to apply it to a live system. In order to solve this problem, utility-specific patch impact assessment is required for reliable patch application. In this paper, we propose a method to test and safely install the patch using the regression analysis technique and show the proven results. As a patch impact evaluation methodology, the maximum allowance for determining the safety of a patch was derived by classifying test types based on system-specific functions, performance, and behavior before and after applying the patch. Finally, we report the results of case studies applied directly to industrial control networks, the OS patch has been updated while ensuring 99.99% availability.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.1
• /
• pp.85-94
• /
• 2014

This paper studied the detection technique using file DNA-based behavior pattern analysis in order to minimize damage to user system by malicious programs before signature or security patch is released. The file DNA-based detection technique was applied to defend against zero day attack and to minimize false detection, by remedying weaknesses of the conventional network-based packet detection technique and process-based detection technique. For the file DNA-based detection technique, abnormal behaviors of malware were splitted into network-related behaviors and process-related behaviors. This technique was employed to check and block crucial behaviors of process and network behaviors operating in user system, according to the fixed conditions, to analyze the similarity of behavior patterns of malware, based on the file DNA which process behaviors and network behaviors are mixed, and to deal with it rapidly through hazard warning and cut-off.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.