• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.449-460
• /
• 2009

The signature hashing algorithm[9] provides the fast pattern matching speed for network IPS(Intrusion Prevention System) using the hash table. It selects 2 bytes from all signature rules and links to the hash table by the hash value. It has an advantage of performance improvement because it reduces the number of inspecting rules in the pattern matching. However it has a disadvantage of performance drop if the number of rules with the same hash value increases when the number of rules are large and the corelation among rules is strong. In this paper, we propose a method to make all rules distributed evenly to the hash table independent of the number of rules and corelation among rules for overcoming the disadvantage of the signature hashing algorithm. In the proposed method, it checks whether or not there is an already assigned rule linked to the same hash value before a new rule is linked to a hash value in the hash table. If there is no assigned rule, the new rule is linked to the hash value. Otherwise, the proposed method recalculate a hash value to put it in other position. We implemented the proposed method in a PC with a Linux module and performed experiments using Iperf as a network performance measurement tool. The signature hashing method shows performance drop if the number of rules with the same hash value increases when the number of rules are large and the corelation among rules is strong, but the proposed method shows no performance drop independent of the number of rules and corelation among rules.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.440-446
• /
• 2016

Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.11 no.2
• /
• pp.83-112
• /
• 2000

In the 21st Century of the Knowledge-based Economy Internet's Openness, Globality, and Ease to access is the central axis to construct the new melting down and the development of the technology, industry. and culture. However it takes place the disordered ability in the information society. That is, to intrude personal privacy, unlawful actions, to circulate an illegal information, to encroach and to destroy information system, even to, to be in confusion society, national strategy, administration, economy, and military action. As conclusion, first, in this article it looks into and analyzes the information security technology and paradigm to prevent and to stop up criminal actions in the cyberspace. Second, this author propose an active planning of the information security and technology.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.4
• /
• pp.491-500
• /
• 2003

The need for network security is being increasing due to the development of information communication and internet technology, In this paper, firewall models, operating system models and other network component models are constructed. Each model Is defined by basic or compound model using MODSIM III. In this simulation environment with representative attacks, the following attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service. The simulation is performed with the models that exploited various security policies against these attacks. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Journal of Information Technology Services
• /
• v.15 no.2
• /
• pp.157-167
• /
• 2016

Task environment for enterprises and public institutions are moving into cyberspace-based environment and structing the LTE wireless network. The applications "App" operated in the LTE wireless network are mostly being developed with Android-based. But Android-based malwares are surging and they are the potential DDoS attacks. DDoS attack is a major information security threat and a means of cyber attacks. DDoS attacks are difficult to detect in advance and to defense effectively. To this end, a DMZ is set up in front of a network infrastructure and a particular server for defensive information security. Because There is the proliferation of mobile devices and apps, and the activation of android diversify DDoS attack methods. a DMZ is a limit to detect and to protect against DDoS attacks. This paper proposes an information security method to detect and Protect DDoS attacks from the terminal phase using a Preemptive military strategy concept. and then DDoS attack detection and protection app is implemented and proved its effectiveness by reducing web service request and memory usage. DDoS attack detection and protecting will ensure the efficiency of the mobile network resources. This method is necessary for a continuous usage of a wireless network environment for the national security and disaster control.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• The Journal of Information Technology
• /
• v.3 no.3
• /
• pp.27-37
• /
• 2000

Although an insurance criterion for reliance is unified, the difference in evaluation mechanism in every country is already ambiguity. In other words, the aspect of objectivity would be a little because it is true that the vulnerability evaluation include evaluator, scenario and tools (TSVES) applying in test, depth and scope of evaluation. But evaluation results can be difference in accordance with each evaluation elements. By using TSVES to evaluating network security vulnerability, first, we expected the evaluation results is impartiality, objectivity, repeatability, reproducibility, appropriateness and soundness of results. Second, it could be transferred manual ways into automation ways, and then expected easiness and safety of extension and modification in a quality of products as well as a dramatical reduction of waste of time and energy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.393-399
• /
• 2019

In a situation where an unauthorized SW brought into the organization without being authorized is emerging as a threat to the network security, the security of the network based on the SDN(Software-Defined Network) can be strengthened through the development of the security application considering the organization's characteristics. Security technology of existing SDN environment has been studied to protect internal network from external networks such as firewalls and Intrusion Detection Systems, but the research for resolving insider threat was insufficient. Therefore, We propose a system that protects the internal network from unauthorized SW, which is one of the insider threats in the SDN environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.664-666
• /
• 2021

Anti-drone means a device that detects and blocks the intrusion and activity of illegal drones, and includes technology that crashes illegal drones or destroys them in the air. This paper analyzes the impact of jamming due to remote drone detection with anti-drone technology. The impact of jamming signals may vary depending on the distance of the drone. The present invention has an advantage of simultaneously jamming a drone at a short distance and a drone at a long distance due to the generation of a triangular wave, and efficiently operates a battery by not transmitting the drone at a maximum power.Also, even if the jamming is not affected at a distance, the jamming effect is greater at a close range, so it can be influenced differently.