• Title/Summary/Keyword: Cyber Incident

Search Result 44, Processing Time 0.027 seconds

Automatic Creation of Forensic Indicators with Cuckoo Sandbox and Its Application (Cuckoo Sandbox를 이용한 포렌식 침해지표 자동생성 및 활용 방안)

  • Kang, Boong Gu;Yoon, Jong Seong;Lee, Min Wook;Lee, Sang Jin
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.5 no.11
    • /
    • pp.419-426
    • /
    • 2016
  • As the threat of cyber incident grows continuously, the need of IOC(Indicators of Compromise) is increasing to identify the cause of incidents and share it for quick response to similar incidents. But only few companies use it domestically and the research about the application of IOC is deficient compared to foreign countries. Therefore in this paper, a quick and standardized way to create IOC automatically based on the analysis result of malwares from Cuckoo Sandbox and its application is suggested.

A Study on Data Acquisition of IoT Devices Intrusion (사물인터넷 기기 침해사고 데이터 수집 방안 연구)

  • Jong-bum Lee;Ieck-Chae Euom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.3
    • /
    • pp.537-547
    • /
    • 2023
  • As Internet of Things (IoT) technology evolves, IoT devices are being utilized in a variety of fields. However, it has become a new surface of cyber attacks and is affecting industries that did not previously consider cyber breaches. After a intrusion occurs, post-processing and damage spread prevention are important, but it is difficult to respond due to the lackof standards and guidelines. Therefore, in order to respond to such incidents, this paper establishes an incident data collection procedure and presents the data that can be collected to improve the intrusion data acquisition method for general IoT devices. In addition, we proved the efficiency and feasibility of the data collection procedure through experiments.

Analysis of vulnerabilities and Breaches in a network separation environment (망분리 환경에서 취약성 및 침해사고 분석)

  • Choe, Ye-won;Lee, DongHwi
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.632-634
    • /
    • 2021
  • In proportion to the development of the Internet and the increase in users, the rate of cyber-incident using it is increasing. As a countermeasure, there is a network separation method that separates the system accessible to users and the system containing key information from each other. However, in the case of tasks that require the use of the Internet network, it is exposed to cyber attacks, and there are many loopholes in the method of data transmission between networks and the management and operation of the system, resulting in infection of the closed network. In this paper, we aim to enhance the safety of the networking system by investigating the types and cases of infringement accidents in these network separation environments.

  • PDF

The Design of Remote Digital Evidence Acquisition System for Incident Response of Smart Grid Devices (스마트그리드 기기 보안 침해사고 대응을 위한 원격 증거 수집 시스템 설계)

  • Kang, SeongKu;Kim, Sinkyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.49-60
    • /
    • 2015
  • Smart Grid devices are the major components of the Smart Grid. They collect and process a variety informations relating power services and support intelligent power services by exchanging informations with other SG devices or systems. However, If a SG device is attacked, the device can provide attack route to attacker and attacker can attack other SG devices or systems using the route. It may cause problem in power services. So, when cyber incident is happened, we need to acquire and examine digital evidence of SG device quickly to secure availability of SG. In this paper, we designed remote evidence acquisition system to acquire digital evidences from SG devices to response quickly to incidents of SG devices. To achieve this, we analyzed operating environment of SG devices and thought remote digital evidence acquisition system of SG devices will be more effective than remote digital evidence acquisition system targeted general IT devices. So, we introduce design method for SG devices remote evidence acquisition system considered operating environment of SG devices.

Possibility of Epigenetic Phenomenon of the three Major Famine and 4.3 Incident in Jeju (제주 3대 대(大)기근과 4.3사건의 후성유전(後成遺傳)(Epigenetic)현상 개연성)

  • Lee, Moon Ho;Kim, Jeong Su
    • The Journal of the Convergence on Culture Technology
    • /
    • v.5 no.2
    • /
    • pp.45-52
    • /
    • 2019
  • The human genome project decoded 99% of human genes for $ 3 billion by 1990-2003. However, as many studies on genes have progressed, it has become clear that there are many cases where diseases occur without structural alteration of genes. The latest study, Epigenetics, has come up with the answer to this problem. The famine that hit Jeju until 1670-1795, the ban on the exclusion of Jeju Island to the outside 200 years of suffering, and in 1948, one third of the citizens were killed by the 4.3 incident generate Epigenetic. It has been shown in the world history science that starving-stress can be manifested as obesity and disease in progeny due to hereditary phenomena. 5G-based healthcare IoT technology can be used for the treatment of obesity by enabling Epigenetic analysis of this phenomenon.

A Study on Cloud Network and Security System Analysis for Enhanced Security of Legislative Authority (입법기관의 보안강화를 위한 Cloud 네트워크 분석 및 보안 시스템 연구)

  • Nam, Won-Hee;Park, Dea-Woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.15 no.6
    • /
    • pp.1320-1326
    • /
    • 2011
  • National institutions on the importance of information security is being recognized, information security laws are being discussed in Congress 3.4 DDoS incident and Nonghyup hacking, etc. However, National Assembly Secretariat when the results of the Information Security Consulting has been assessed very low 61.2 points, evaluation of hardware and software in secure areas were vulnerable. This paper, the legislative support agencies National Assembly and National Assembly Secretariat on the network and computer systems, and managerial, technical and physical security elements are analyzed for the status. And network should have the legislative support agencies and system for the physical network separation, DDoS attack response, Virus attack response, hacking attacks response, and Cyber Emergency Response Team/Coordination Center for Cyber infringing design and research through the confidentiality, integrity, availability, access control, authentication and security analysis is based on the evaluation criteria. Through this study, the legislative support agencies to strengthen the security of data and security laws enacted to provide the basis for.

Internet of Things (IoT) Based Modeling for Dynamic Security in Nuclear Systems with Data Mining Strategy (데이터 마이닝 전략을 사용하여 원자력 시스템의 동적 보안을 위한 사물 인터넷 (IoT) 기반 모델링)

  • Jang, Kyung Bae;Baek, Chang Hyun;Kim, Jong Min;Baek, Hyung Ho;Woo, Tae Ho
    • Journal of Internet of Things and Convergence
    • /
    • v.7 no.1
    • /
    • pp.9-19
    • /
    • 2021
  • The data mining design incorporated with big data based cloud computing system is investigated for the nuclear terrorism prevention where the conventional physical protection system (PPS) is modified. The networking of terror related bodies is modeled by simulation study for nuclear forensic incidents. It is needed for the government to detect the terrorism and any attempts to attack to innocent people without illegal tapping. Although the mathematical algorithm of the study can't give the exact result of the terror incident, the potential possibility could be obtained by the simulations. The result shows the shape oscillation by time. In addition, the integration of the frequency of each value can show the degree of the transitions of the results. The value increases to -2.61741 in 63.125th hour. So, the terror possibility is highest in later time.

A Countermeasures on the Hacking for the Internet Shopping Mall (인터넷 쇼핑몰의 해킹 사고에 대한 대응방법)

  • Lee, Young Gyo
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.4 no.3
    • /
    • pp.33-43
    • /
    • 2008
  • As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the hacking to the internet shopping mall go on increasing. If the large shopping mall is attacked by the hacker, a number of user's information are exposed to the hacker. The private information as like a resident registration number, user's real name, the date of user's birth, the mobile phone number, the office phone number / address, the home phone number / address and so on include the information. These information are used in the phishing e-mails / call and spam. And them are selling and buying maliciously. The large internet shopping mall 'auction' was hacked in April, 2008. After the incident, this paper suggested a countermeasures on the hacking for the internet shopping mall. The technical item and political item are included among the countermeasures. The countermeasures can protect the hacking not only the internet shopping mall but also the web sites basically.

Development of Cyber Incident Response System Program of Industrial Control System (산업제어시스템 사이버침해사고 대응체계 프로그램 개발)

  • Kim, Eun-Ji;Kim, Ju-Yeon;Yun, Seon-Woo;Yoon, Joo-Hye
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2019.10a
    • /
    • pp.401-404
    • /
    • 2019
  • 최근 국가기반시설 산업제어시스템은 시나리오를 기반으로 시뮬레이션 훈련을 진행한다. 그러나 국내 ICS 보안 기술은 외부 경계 보호에 중점을 둔 시나리오가 대다수였기 때문에 내부에서 발생할 수 있는 시나리오 가이드라인이 상대적으로 부족하고 이를 평가하는 기준 또한 제대로 정의되어 있지 않다. 내부 공격이 증가함에 따라 국내에서도 사회공학적 기법에 초점을 둔 시뮬레이션 훈련을 진행할 필요가 있다. 이에 본 논문은 NEI 08-09 의 운영·관리항목 중 가장 빈번하게 발생하는 위협을 바탕으로 한 시나리오 및 구성요소를 개발하고, 이를 평가할 수 있는 명확한 기준을 제시하여 효과적인 비상대응 훈련을 수행할 수 있도록 한다.

Secure File Transfer Method and Forensic Readiness by converting file format in Network Segmentation Environment (망분리 환경에서 파일형식 변환을 통한 안전한 파일 전송 및 포렌식 준비도 구축 연구)

  • Han, Jaehyeok;Yoon, Youngin;Hur, Gimin;Lee, Jaeyeon;Choi, Jeongin;Hong, SeokJun;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.859-866
    • /
    • 2019
  • Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.