• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.125-132
• /
• 2011

A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.1
• /
• pp.203-209
• /
• 2014

Today, Distributed denial of service (DDoS) attack present a very serious threat to the stability of the internet. The DDoS attack, which is consuming all of the computing or communication resources necessary for the service, is known very difficult to protect. The DDoS attack usually transmits heavy traffic data to networks or servers and they cannot handle the normal service requests because of running out of resources. It is very hard to prevent the DDoS attack. Therefore, an intrusion detection system on large network is need to efficient real-time detection. In this paper, we propose the detection mechanism using analysis of flow information against DDoS attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. The OPNET simulation results show that our ideas can provide enough services in DDoS attack.

• Journal of Internet Computing and Services
• /
• v.8 no.2
• /
• pp.55-65
• /
• 2007

BcN is a high-quality broadband network for multimedia services integrating telecommunication, broadcasting, and Internet seamlessly at anywhere, anytime, and using any device. BcN is Particularly vulnerable to intrusion because it merges various traditional networks, wired, wireless and data networks. Because of this, one of the most important aspects in BcN is security in terms of reliability. So, in this paper, we suggest the sharing mechanism of security data among various service networks on the BcN. This distributed, hierarchical architecture enables BcN to be robust of attacks and failures, controls data traffic going in and out the backbone core through IP edge routers integrated with IDRS. Our proposed anomaly detection scheme on IDRS for BcN service also improves detection rate compared to the previous conventional approaches.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2016.11a
• /
• pp.299-301
• /
• 2016

현대 사회에서 테러는 국제적으로 매우 빈번하게 일어나고 있으며, 대한민국도 더 이상 테러의 안전지대가 아니라는 뉴스가 보도되고 있다. 하지만 우리에 테러의 인식에 따른 시각은 다소 편협하여 성별, 나이, 직위, 장소등 많은 부분에서 갈등을 갖으며, 또한 한반도는 남북한의 갈등으로 인한 특수성은 게릴라 전을 테러라고 인식하는 시각이 있다. 국내 특수성으로 인해 테러를 전쟁의 영역으로 보고 테러대응 전략은 국가 안보로 많이 치우쳐져 있다. 역사와 정치적으로 또한 테러는 이념대립으로 인한 전쟁으로 치우쳐 전쟁의 전략에 한 부분으로 인식 되어 왔다는 것이 사실이다.(Rumyana G., 2014) 이는 전쟁의 시각에서 테러를 잘 설명하고 있다. 한편, 테러의 개념은 시간이 지남에 따라 기존의 안보의 개념뿐 아니라 재난의 개념에서도 찾을 수 있다. "불평등한 사회에 대한 민중의 분노로 이해하여야 한다"고 스위스 진보적 사회학자 장 징글러(Jean Ziegler) 는 말하며 무고한 사람들을 타겟으로 한 정치적 목적을 이루기 위한 비합법적 무력 사용으로 보았다. 즉, 비합법적 무력사용으로 무고한 다중(Innocent people)에게 폭력을 행사한 것이다. 젠킨스와 라쿼르의 정의를 살펴보면 "테러리즘이란 폭력 혹은 폭력의 위협이다"라고 정하였다.(Jenkins 2004) 폭력이란 형법에서는 다른 사람에게 상해를 입히거나 협박하거나 하는 등의 행위와 함께 다른 사람을 감금하는 행위, 주거에 침입하는 행위, 기물의 파손 등에 대해서도 폭력이라 표현한다. 철학, 정치학 등의 학문에서는 다른 사람 또는 국가나 세력을 제압하는 힘을 일반적으로 지칭하기도 한다. 힘자랑이나 힘겨루기가 이에 속한다. 무력의 사용으로 사회에 심리적인 영향을 끼치며 사회적 파괴를 일으키는 것을 보편적 테러의 개념으로 볼 수 있다. 테러는 국가 통치 질서와 사회질서 안정에 큰 위협과 혼란을 초래하는 파괴행위의 무력행사로 국가의 재난 상황을 유발하는 인류가 만든 재난으로 볼 수 있다. 자연현상으로 발생하는 자연재해는 인류의 시점에서 재난으로 해석된다. 마찬가지로 사회현상으로 발생하는 폭력적 파괴행위에 대한 피해는 인류의 시점에서 재난의 현상으로 해석 되어야 한다. 과학기술이 발달하면서 첨단기술을 이용한 폭력행위와 파괴의 두려움은 정보통신 기술의 발달로 두려움의 전파 속도도 빨라 질 것이다. 따라서 테러행위의 극복을 위해서는 테러를 인적재난(Man-made Disaster)로 보고 재난의 범주로 포함하여 미래의 테러를 위한 대비전략을 수립해야 할 것이다. 이를 위해 본 논문에서는 학계의 학자들과 기관 및 민간 의 전문기관들에 따른 테러의 정의를 분석하고 재난정의를 고찰하여 시사점을 제시하고, 대테러 대비 전략의 방향에 기틀을 마련하고자 테러정의를 도출하였습니다.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.313-319
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Korean Journal of Microbiology
• /
• v.50 no.4
• /
• pp.265-274
• /
• 2014

Gut microbiota is a group of microorganisms that resides in the intestine and serves many important functions in human health. Using 16S ribosomal RNA sequencing analysis, a wide variety of bacteria in human gastrointestinal tract has been identified along with intriguing findings that there is a different bacterial composition among individuals. Fecal microbiota transplantation (FMT) is a procedure of stool transplantation from healthy donors to patients suffering from various diseases. Specifically, FMT is able to alter the composition of gut microbiota of recipients and therefore could be an effective treatment for the patients with gastrointestinal diseases including recurrent Clostridium difficile infection, inflammatory bowel disease, and irritable bowel syndrome. Here we review a list of human diseases related to gut microbiota disturbance and the case studies of FMT. We also summarize medicines and diagnostic tools that are under development. Therefore, gut microbiota can be a next generation's biotherapy for promotion of health and treatment of chronic diseases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.839-850
• /
• 2014

As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.957-966
• /
• 2020

According to the recent statistics of the National Industrial Security Center, about 80% of the confidential leak are caused by former and current employees in the case of domestic confidential leak accidents. Most of the information leak incidents by these insiders are due to poor security management system and information leak detection technology. Blocking confidential leak of insiders is a very important issue in the corporate security sector, but many previous researches have focused on responding to intrusions by external threats rather than by insider threats. Therefore, in this research, we design an internal information leak scenario to effectively and efficiently detect various abnormalities occurring in the enterprise, analyze the key indicators of the leak symptoms derived from the scenarios by using data analytics and propose a model that accurately detects leak activities.

• The KIPS Transactions:PartC
• /
• v.9C no.5
• /
• pp.775-782
• /
• 2002

This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF's PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.