• 제목/요약/키워드: Attack Mitigation

검색결과 49건 처리시간 0.026초

스머지 기반의 스마트 기기 지문 인증 공격 연구 (Smudge-Based Smart Device Fingerprint Authentication Attack Study)

  • 김승연;구예은;권태경
    • 정보보호학회논문지
    • /
    • 제28권5호
    • /
    • pp.1113-1118
    • /
    • 2018
  • 스마트 기기에서 지문 인증은 가장 널리 쓰이는 생체 인증 방식이지만 스마트 기기의 특성에 의해 위조 지문에 취약하다. 본 논문에서는 먼저 기기 사용 후 남은 지문 흔적인 스머지를 활용하여 정당한 사용자의 협조 없이 위조 지문을 만들고 실제 상용 스마트폰의 지문 인증 통과가 가능함을 검증하였다. 이러한 스머지 기반 공격을 방지하기 위한 기술적 대응 방법으로 터치 스크린 위에서 지문 인증을 수행하고 UI를 옆으로 끌어서 지문 흔적을 제거하는 방법인 under-screen Touch ID with slide bar가 제안된 바 있다. 본 논문에서는 앞서 제안한 공격 방법과 이에 대한 대응 방법에 관한 사용자 인식을 61명 규모 사용자 설문 연구를 통해 분석하였다.

Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks

  • Zimba, Aaron;Wang, Zhaoshun;Chen, Hongsong;Mulenga, Mwenge
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제13권6호
    • /
    • pp.3258-3279
    • /
    • 2019
  • Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.

반환 지향 프로그래밍 공격에 대한 효율적인 방어 기법 설계 및 구현 (Design and Implementation of Efficient Mitigation against Return-oriented Programming)

  • 김지홍;김인혁;민창우;엄영익
    • 정보과학회 논문지
    • /
    • 제41권12호
    • /
    • pp.1018-1025
    • /
    • 2014
  • 반환 지향 프로그래밍 공격(ROP)은 프로그램에 존재하는 반환 명령어로 끝나는 코드 조각들을 조합하여 가젯을 만들고, 연속적으로 실행하여 스택의 내용을 조작함으로써 프로그램의 제어권을 가져오는 공격이다. 이에 대한 기존 방어기법은 높은 실행 오버헤드와 바이너리 증가 오버헤드를 갖거나, 적용 범위의 제한이 있는 문제점이 있다. 본 논문에서는 기존 기법의 문제점을 갖지 않으면서 성능 및 바이너리 크기 증가 측면에서 효율적인 방어 기법인 zero-sum defender를 제안한다. 반환 지향 프로그래밍 공격은 정상적인 프로그램의 흐름과 다르게, 함수 호출 명령어가 실행되지 않고 여러 반환 명령어가 실행되는 실행 특성을 가진다. 제안 기법은 이러한 특성을 이용하여 프로그램 실행 흐름이 반환 지향 프로그래밍 공격에 의해 오용되는지 모니터링하여 방어 기능을 수행한다. 실제 공격 모델에 대한 실험을 통해 방어 기법의 효용성을 확인하였고, 벤치마크 실험을 통해 약 2%의 성능 오버헤드와 약 1%의 바이너리 크기 증가만으로 방어가 이루어짐을 확인하였다.

경사에 따른 산불의 확산속도 (Spread Speed of Forest Fire based on Slope)

  • 안상현;신영철
    • 한국방재학회 논문집
    • /
    • 제8권4호
    • /
    • pp.75-79
    • /
    • 2008
  • 현재는 기술적인 발전을 토대로 정보의 요구수준이 상당부분 증대되었으며 GIS (Geographic Information System)분야 또한 더 많은 정보를 보다 신속하고 정확하게 처리 되어지고 있다. 특히 산불에 있어서는 산불발생시 공간적으로 넓은 지역을 신속히 분석하여 진화의 기초자료로 활용함으로써 환경적, 경제적, 인명적 피해를 최소화하고 대피경로, 확산경로 및 진화자원의 효율적 배치를 결정하는데 필수적이다. 이러한 산불확산에 영향을 미치는 인자 중에서 경사에 따른 산불확산속도를 규명하기 위하여 경사 및 경사방향에 따른 실험을 실시하였다. 실험결과 상향경사의 경우 경사가 증가할수록 시간이 감소하고, 하향경사에서는 증가하는 경향을 나타내었다. 실험결과 값을 토대로 상향경사는 (+), 하향경사는 (-)로 구분하여 경사에 따른 산불확산속도를 계산하였으며, 이러한 결과는 정확한 산불확산예측을 하는데 기여함으로써 효과적인 산불진화에 도움을 줄 수 있을 것으로 판단된다.

광물질 혼화재를 혼합한 해양 콘크리트의 해석적 성능 평가 (Analytical Estimation of the Performance of Marine Concrete with Mineral Admixture)

  • 이방연;권성준;강수태
    • 한국건설순환자원학회논문집
    • /
    • 제3권4호
    • /
    • pp.301-306
    • /
    • 2015
  • 이 연구에서는 해양 콘크리트의 균열저항성 및 내구성을 향상시킨 고성능 해양 콘크리트 개발 연구의 일환으로 광물질 혼화재를 혼입한 콘크리트의 강도, 수화발열 특성 및 염해저항성에 대한 해석적 평가를 실시하였다. 고로슬래그와 플라이애시를 광물질 혼화재로 검토하였으며, 고로슬래그 치환율은 70%까지 플라이애시 치환율은 40%까지 검토하였다. 해석검토 결과, 고로슬래그 및 플라이애시 치환은 모두 압축강도를 크게 저하시키는 결과를 보였으며, 수화발열 특성에서는 고로슬래그는 영향이 적은 반면, 플라이애시는 수화발열량 저감에 크게 효과가 있는 것으로 나타났다. 염소이온 침투 특성에서는 고로슬래그는 침투저항성을 증대시키는 반면, 플라이애시는 저하시키는 경향을 보였다. 해석적 평가를 통해 수화열과 염해내구성을 동시에 고려할 경우, 적절한 양의 고로슬래그와 플라이애시를 함께 사용한 3성분계 시멘트 배합 구성이 효과적일 것으로 판단된다.

Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures

  • Bahrami, Pooneh Nikkhah;Dehghantanha, Ali;Dargahi, Tooska;Parizi, Reza M.;Choo, Kim-Kwang Raymond;Javadi, Hamid H.S.
    • Journal of Information Processing Systems
    • /
    • 제15권4호
    • /
    • pp.865-889
    • /
    • 2019
  • The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

Reynolds number effects on twin box girder long span bridge aerodynamics

  • Kargarmoakhar, Ramtin;Chowdhury, Arindam G.;Irwin, Peter A.
    • Wind and Structures
    • /
    • 제20권2호
    • /
    • pp.327-347
    • /
    • 2015
  • This paper investigates the effects of Reynolds number (Re) on the aerodynamic characteristics of a twin-deck bridge. A 1:36 scale sectional model of a twin girder bridge was tested using the Wall of Wind (WOW) open jet wind tunnel facility at Florida International University (FIU). Static tests were performed on the model, instrumented with pressure taps and load cells, at high wind speeds with Re ranging from $1.3{\times}10^6$ to $6.1{\times}10^6$ based on the section width. Results show that the section was almost insensitive to Re when pitched to negative angles of attack. However, mean and fluctuating pressure distributions changed noticeably for zero and positive wind angles of attack while testing at different Re regimes. The pressure results suggested that with the Re increase, a larger separation bubble formed on the bottom surface of the upstream girder accompanied with a narrower wake region. As a result, drag coefficient decreased mildly and negative lift coefficient increased. Flow modification due to the Re increase also helped in distributing forces more equally between the two girders. The bare deck section was found to be prone to vortex shedding with limited dependence on the Re. Based on the observations, vortex mitigation devices attached to the bottom surface were effective in inhibiting vortex shedding, particularly at lower Re regime.

Advanced In-Vessel Retention Design for Next Generation Risk Management

  • Kune Y. Suh;Hwang, Il-Soon
    • 한국원자력학회:학술대회논문집
    • /
    • 한국원자력학회 1997년도 추계학술발표회논문집(1)
    • /
    • pp.713-718
    • /
    • 1997
  • In the TMI-2 accident, approximately twenty(20) tons of molten core material drained into the lower plenum. Early advanced light water reactor (LWR) designs assumed a lower head failure and incorporated various measures for ex-vessel accident mitigation. However, one of the major findings from the TMI-2 Vessel Investigation Project was that one part of the reactor lower head wall estimated to have attained a temperature of 1100$^{\circ}C$ for about 30 minutes has seemingly experienced a comparatively rapid cooldown with no major threat to the vessel integrity. In this regard, recent empirical and analytical studies have shifted interests to such in-vessel retention designs or strategies as reactor cavity flooding, in-vessel flooding and engineered gap cooling of the vessel Accurate thermohydrodynamic and creep deformation modeling and rupture prediction are the key to the success in developing practically useful in-vessel accident/risk management strategies. As an advanced in-vessel design concept, this work presents the COrium Attack Syndrome Immunization Structures (COASIS) that are being developed as prospective in-vessel retention devices for a next-generation LWR in concert with existing ex-vessel management measures. Both the engineered gap structures in-vessel (COASISI) and ex-vessel (COASISO) are demonstrated to maintain effective heat transfer geometry during molten core debris attack when applied to the Korean Standard Nuclear Power Plant(KSNPP) reactor. The likelihood of lower head creep rupture during a severe accident is found to be significantly suppressed by the COASIS options.

  • PDF

Application of STPA-SafeSec for a cyber-attack impact analysis of NPPs with a condensate water system test-bed

  • Shin, Jinsoo;Choi, Jong-Gyun;Lee, Jung-Woon;Lee, Cheol-Kwon;Song, Jae-Gu;Son, Jun-Young
    • Nuclear Engineering and Technology
    • /
    • 제53권10호
    • /
    • pp.3319-3326
    • /
    • 2021
  • As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

네트워크 이상행위 탐지를 위한 암호트래픽 분석기술 동향 (Trends of Encrypted Network Traffic Analysis Technologies for Network Anomaly Detection)

  • 최양서;유재학;구기종;문대성
    • 전자통신동향분석
    • /
    • 제38권5호
    • /
    • pp.71-80
    • /
    • 2023
  • With the rapid advancement of the Internet, the use of encrypted traffic has surged in order to protect data during transmission. Simultaneously, network attacks have also begun to leverage encrypted traffic, leading to active research in the field of encrypted traffic analysis to overcome the limitations of traditional detection methods. In this paper, we provide an overview of the encrypted traffic analysis field, covering the analysis process, domains, models, evaluation methods, and research trends. Specifically, it focuses on the research trends in the field of anomaly detection in encrypted network traffic analysis. Furthermore, considerations for model development in encrypted traffic analysis are discussed, including traffic dataset composition, selection of traffic representation methods, creation of analysis models, and mitigation of AI model attacks. In the future, the volume of encrypted network traffic will continue to increase, particularly with a higher proportion of attack traffic utilizing encryption. Research on attack detection in such an environment must be consistently conducted to address these challenges.