• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.2
• /
• pp.327-332
• /
• 2023

On December 26, 2022, North Korea's drone provocation resumed for the first time in eight years. The threat covered not only the Seoul metropolitan area but also the no-fly zone for the presidential office's security, and the South Korean military's response to it is not appropriate, which is a major controversy. In the midst of this, problems caused by the prohibition of small drones' flight and illegal intrusion into restricted areas are increasing in Korea, and the threat is becoming a reality, such as being used for terrorist attacks abroad. In this paper, the concept of "Counter-Drone" and related technologies were considered for these drone threats, and implications were derived through domestic and overseas small drone threats, and the direction of development of the Counter-Drone system was presented. North Korea's drone threat is expected to be more diversified, massified, and advanced, resulting in bolder attacks and provocations. Therefore, the South Korean military should push for early powering of the integrated control system and the conter drone system, joint and military cooperation in response to the threat of small drones, and the ability to carry out joint operations between South Korea and the U.S.

• Korean Journal of Ecology and Environment
• /
• v.47 no.4
• /
• pp.239-246
• /
• 2014

To cope with the potential risks associated with invasive alien species, the Korean Government implemented the Biodiversity Act in 2014. Among the alien species not yet introduced into that country, 24 have been designated as alert species. These include mammals, birds, fish, mollusks, insects, and plants that may invade and cause serious harm to the ecosystem. Approval from the Ministry of Environment is required to import or carry any of them. Although these measures are more advanced than those from the previous legal framework, several terms still need to be improved. First, the category of alert species should cover not only those not yet introduced but also those that are being raised or cultivated at aquariums, botanical gardens, and zoos. Second, for applicants who intend to import or carry alert species, the government must provide them with detailed standards for the ecological risk assessment of alert species as well as guidelines for their safe use in Korea to prevent their unregulated release from confinement facilities into natural environments. Third, tools and protocols should be developed for early detection and rapid responses to those escapes.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.5
• /
• pp.392-399
• /
• 2013

Due to the development of IT technology and the information age, a dependency of the network over the most of our lives have grown to a greater extent. Although it provides us to get various useful information and service, it also has negative effectiveness that can provide network intruder with vulnerable roots. In other words, we need to urgently cope with theses serious security problem causing service disableness or system connected to network obstacle with exploiting various packet information. Many experts in a field of security are making an effort to develop the various security solutions to respond against these threats, but existing solutions have a lot of problems such as lack of storage capacity and performance degradation along with the massive increase of packet data volume. Therefore we propose the packet analysis model to apply issuing Big Data technology in the field of security. That is, we used NoSQL which is technology of massive data storage to collect the packet data growing massive and implemented the packet analysis model based on K-means clustering using MapReudce which is distributed programming framework, and then we have shown its high performance by experimenting.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.355-364
• /
• 2023

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.6
• /
• pp.55-62
• /
• 2010

Monitoring systems are able to report certain events at region of interest(ROI) and to take an appropriate action. From industrial product line full of robots to fire detection, intrusion detection, smart grid application, environmental pollution alarm system, monitoring system has widely used in diverse industry sector. Recently, due to advance of wireless communication technology and availability of low cost sensors, intelligent and/or smart monitoring systems such as sensor networks has been developed. Several deployment methods are introduced to meet various monitoring needs and deployment performance criteria are also summarized to be used to identify weak point and be useful at designing monitoring systems. Both efficiency during deployment and usefulness after the deployment should be assessed. Efficiency factors during deployment are elapsed time, energy required, deployment cost, safety, sensor node failure rate, scalability. Usefulness factors after deployment are ROI coverage, connectivity, uniformity, target density similarity, energy consumption rate per unit time and so on.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1841-1848
• /
• 2013

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.39-49
• /
• 2014

Cyber threats on the Internet are tremendously increasing and their techniques are also evolving constantly. Intrusion Detection System (IDS) is one of the powerful solutions for detecting and analyzing the cyber attacks in realtime. Most organizations deploy it into their networks and operate it for security monitoring and response service. However, IDS has a fatal problem in that it raises a large number of alerts and most of them are false positives. In order to cope with this problem, many approaches have been proposed for the purpose of automatically identifying whether the IDS alerts are caused by real attacks or not. In this paper, we present an alert verification method based on correlation analysis between vulnerability inspection results for real systems that should be protected and the IDS alerts. In addition, we carry out practical experiments to demonstrate the effectiveness of the proposed verification method using two types of real data, i.e., the IDS alerts and the vulnerability inspection results.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.24 no.4
• /
• pp.25-32
• /
• 2010

The Supervisory Control and Data Acquisition Systems (SCADA) system provides monitoring, data gathering, analysis, and control of the equipment used to manage most infrastructure. The SCADA Network is implemented in a various manner for larger utilities, and multiple types of protocol and communication interfaces are used to network the control center to remote sites. The existing SCADA equipment and protocols were designed and implemented with availability and efficiency, and as a result security was not a consideration. So, performance, reliability, flexibility and safety of SCADA systems are robust, while the security of these systems is often weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to the infrastructure. To reduce the risks, therefore, there is a need to have a security device such as cipher devices or cryptographic modules for security solutions. In this paper we develop an embedded cipher device for the SCADA equipment. This paper presents a cipher device designed to improve the security of its networks, especially in the serial communication.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.583-588
• /
• 2009

Network intrusion detection system (NIDS) monitors all incoming packets in the network and detects packets that are malicious to internal system. The NIDS should also have ability to update detection rules because new attack patterns are unpredictable. Incorporating FPGAs into the NIDS is one of the best solutions that can provide both high performance and high flexibility comparing with other approaches such as software solutions. In this paper we propose and design a novel approach, prefix sharing parallel pattern matcher, that can not only minimize additional resources but also maximize the processing performance. Experimental results showed that the throughput for 16-bit input is twice larger than for 8-bit input but the used LEs/Char in FPGA increases only 1.07 times.