• The Journal of the Korea Contents Association
• /
• v.16 no.11
• /
• pp.139-153
• /
• 2016

Cyber incident collected from cyber-threat-intelligence sharing Center is growing rapidly due to expanding malicious code. It is difficult for Incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems the existing Similarity Analysis Method is based on single or multiple cyber observable of similar incidents from Cyber Attacks data mining. This method reduce the workload for the analysis but still has a problem with enhancing the unreality caused by the provision of improper and ambiguous information. We propose a incident analysis model performed similarity analysis on the hierarchically classified cyber observable based on cyber incident that can enhance both availability by the provision of proper information. Appling specific cyber incident analysis model, we will develop a system which will actually perform and verify our suggested model.

• The Journal of the Korea Contents Association
• /
• v.17 no.3
• /
• pp.231-237
• /
• 2017

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.801-811
• /
• 2023

With the cyber incidents increasing every year, opinions are being raised that legal system relating to incident reporting needs to be revised to improve the cyber incident reporting rate, etc. Accordingly, this paper suggests a legal improvement to enhance the effectiveness of cyber incident reporting. First, by analyzing domestic media coverage, this paper defines the problems which need to be improved regarding an incident reporting system as "unreported" and "not timely reporting". Then, this paper finds four requirements for legal improvement like "a reporting entity", "a starting point of reporting", "a reporting deadline" and "a protection of reporting information" by analyzing the relationship between reporting relating problems and issues published by overseas institutions and additionally by analyzing the need to revise the law. Finally, through an analysis of legislative cases, this paper suggests a legal improvement for the requirements.

• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.353-357
• /
• 2011

U.S. Obama government is submit a motion to consider cyber attacks on State as a war. 7.7DDoS attack in Korea in 2009 and 3.4 DDoS attacks 2011, the country can be considered about cyber attacks. China hackers access a third country, bypassing South Korea IP by hacking the e-commerce sites with fake account, that incident was damaging finance. In this paper, for WiBro service, DDoS attacks, hackers, security incidents and vulnerabilities to the analysis. From hacker's attack, WiBro service's prognostic relevance by analyzing symptoms and attacks, in real time, Divide Red, Orange, Yellow, Green belonging to the risk rating. For hackers to create a blacklist, to defend against attacks in real-time air-conditioning system is the study of security. WiBro networks for incident tracking and detection after the packets through the national incident response should contribute to the development of technology.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.1-9
• /
• 2022

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.55-60
• /
• 2023

The IoT environment is very vulnerable to security threats, and if an intrusion occurs, it can cause great damage. In order to strengthen the security of the IoT environment, a curriculum that considers the characteristics of the IoT environment is needed. In this paper, we propose a curriculum model for cyber incident response in the Internet of Things environment. The proposed curriculum model was designed as a model for security threats in the IoT environment, types of intrusion incidents, and incident response procedures. The proposed curriculum model is expected to contribute to improving security awareness in the IoT environment and fostering cyber incident response experts in the IoT field. The proposed curriculum model strengthens the security of the IoT environment and is expected to be safe through security incident response in the IoT.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.26 no.7
• /
• pp.830-837
• /
• 2020

With the rapid development of information and communication technology, information exchange between ships and shore has become faster and more convenient, However, accessing ship information has also become easier and concerns about cyber security attacks are growing. When a ship suffers a cyber-attack, it may cause considerable damage and incurs enormous costs and time to repair. In response to this threat, the maritime industry now demands that a cyber security officer be assigned to each ship to take charge of cyber security management onboard. In order to reduce the damage cause by an attack and to respond effectively, a specialized training course for the ship's cyber security officer is required. The purpose of this study was to present a training course for the position of the ship's cyber security officer, and to highlight the necessity of amending current legislation, To this end, domestic and foreign trends, ship cyber security incident cases, and cyber security training courses were investigated, and based on the results a standard training course for a ship's cyber security of icer was developed. Additionally, recommendations on the related amendments to legislation ware established. The results of the study can be used as basic data to establish future training courses for cyber security officers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.911-914
• /
• 2014

The internet is established as the basic infrastructure of our life and we live in cyberspace on internet, and additionally many problems on cyberspace arise. One among them is the most serious cyber attack of the information society. The cyber attacks increase each year, attack type and the intelligence is evolving, and then the cyber ecosystem is getting more complicated. In this study, we analyze the Internet last incident status and type of Internet invasion and hacking methods, and analyze the corresponding national and international organizations and associations active status.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.91-101
• /
• 2020

We analyzed APT attack cases that occurred overseas in the past using a cyber kill chain model and a TTP model. As a result of the analysis, we found that the cyber kill chain model is effective in figuring out the overall outline, but is not suitable for establishing a specific defense strategy, however, TTP model is suitable to have a practical defense system. Based on these analysis results, it is suggested that defense technology development which is based on TTP model to build defense-in-depth system for preparing cyber attacks.