• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• Journal of Digital Contents Society
• /
• v.17 no.6
• /
• pp.499-507
• /
• 2016

The era of IoT, which figures exchanging data from the internet between things is coming. Recently, former electric power energy policy paradigm, namely Supply side paradigm, is changing, because electric power energy consumption is rapidly increasing. As new paradigm for this limit, convergence of existing electric power grid and ICT(Information and Communication Technology) will accelerate intellectualization of electric power device, its operation system. This change brought opened electric power grid. Consequently, attacks to the national electric power grid are increasing. On this paper, we will analyze security threats of existing IoT, discuss security weakness on electric power industry IoT and suggest needed security requirements, security technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5132-5148
• /
• 2017

Cyber attacks are evolving commensurate with recent developments in information security technology. Intrusion detection systems collect various types of data from computers and networks to detect security threats and analyze the attack information. The large amount of data examined make the large number of computations and low detection rates problematic. Feature selection is expected to improve the classification performance and provide faster and more cost-effective results. Despite the various feature selection studies conducted for intrusion detection systems, it is difficult to automate feature selection because it is based on the knowledge of security experts. This paper proposes a feature selection technique to overcome the performance problems of intrusion detection systems. Focusing on feature selection, the first phase of the proposed system aims at constructing a feature subset using a sequential forward floating search (SFFS) to downsize the dimension of the variables. The second phase constructs a classification model with the selected feature subset using a random forest classifier (RFC) and evaluates the classification accuracy. Experiments were conducted with the NSL-KDD dataset using SFFS-RF, and the results indicated that feature selection techniques are a necessary preprocessing step to improve the overall system performance in systems that handle large datasets. They also verified that SFFS-RF could be used for data classification. In conclusion, SFFS-RF could be the key to improving the classification model performance in machine learning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.953-960
• /
• 2016

Due to the prevalent use of online systems and the increasing amount of accessible information, the influence of recommender systems is growing bigger than ever. However, there are several attempts by malicious users who try to compromise or manipulate the reliability of recommender systems with cyber-attacks. By analyzing the ratio of 'sympathy' against 'apathy' responses about a concerned review and reflecting the results in a recommendation system, we could present a way to improve the performance of a recommender system and maintain a robust system. After collecting and applying actual movie review data, we found that our proposed recommender system showed an improved performance compared to the existing recommendation systems.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.9
• /
• pp.3548-3557
• /
• 2010

Security enhancement technologies are required to preventing phishing and pharming attacks on Internet banking. One-time password(OTP) should be used with certificate for enhancing user authentication and security performance. However, existing OTP technique is weak on MITM(Man-In-The-Middle) attack and synchnonization should be provided on OTP system. Therefore, more advanced mechanism such as combining biometic data with OTP can be suggested to enhancing security on authentication system. In this paper, we designed and implemented a multifactor authentication system using one-time biometric template to generate unique authentication data after adapting biometric transform on each user's biometric data.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.1-7
• /
• 2020

With the increase in cyber attacks, automated IDS using machine learning is being studied. According to recent research, the IDS using the recursive learning model shows high detection performance. However, the simple application of the recursive model may be difficult to reflect the associated session characteristics, as the overlapping session environment may degrade the performance. In this paper, we designed the session management module and applied it to LSTM (Long Short-Term Memory) recursive model. For the experiment, the CSE-CIC-IDS 2018 dataset is used and increased the normal session ratio to reduce the association of mal-session. The results show that the proposed model is able to maintain high detection performance even in the environment where session relevance is difficult to find.

• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.2
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• ETRI Journal
• /
• v.39 no.3
• /
• pp.406-416
• /
• 2017

Malware propagated via the World Wide Web is one of the most dangerous tools in the realm of cyber-attacks. Its methodologies are effective, relatively easy to use, and are developing constantly in an unexpected manner. As a result, rapidly detecting malware propagation websites from a myriad of webpages is a difficult task. In this paper, we present LoGos, an automated high-interaction dynamic analyzer optimized for a browser-based Windows virtual machine environment. LoGos utilizes Internet Explorer injection and API hooks, and scrutinizes malicious behaviors such as new network connections, unused open ports, registry modifications, and file creation. Based on the obtained results, LoGos can determine the maliciousness level. This model forms a very lightweight system. Thus, it is approximately 10 to 18 times faster than systems proposed in previous work. In addition, it provides high detection rates that are equal to those of state-of-the-art tools. LoGos is a closed tool that can detect an extensive array of malicious webpages. We prove the efficiency and effectiveness of the tool by analyzing almost 0.36 M domains and 3.2 M webpages on a daily basis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.8
• /
• pp.1472-1491
• /
• 2011

As used product transactions are currently on the rise, the demand for transactions of secondhand digital content will grow in the future; thus, learning to make secure transactions while avoiding cyber attacks becomes an important issue. In this paper, we combine the new buyer's secret key, the new buyer's watermark to embed in resold digital content, and the reseller's encrypted watermark, which can prove legal ownership of the reseller. Using the privacy homomorphism property of RSA and exponential calculus, the original seller of digital content can verify the legality of the reseller and the new buyer. We also reduced the load of encryption/decryption digital content using a partial encryption/decryption algorithm to make our protocol more efficient and practical. In the proposed protocol, the seller is not able to conduct piracy and easily frame any other innocent secondhand buyer when a case of piracy is found. In fact, piracy can be clearly traced using the privacy homomorphism property of RSA and the embedded watermark mechanism. Further, in the proposed protocol, the seller himself can trace the piracy using exponential calculus. Since it is unnecessary to trust third party participation, the conspiracy problem is resolved and the new buyer is not required to participate in the dispute. Moreover, the seller, reseller and new buyer can simultaneously benefit from the secondhand transaction.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.914-934
• /
• 2016

In the mobile distributed environment, an entity may move across domains with great frequency. How to utilize the trust information in the previous domains and quickly establish trust relationships with others in the current domain remains a challenging issue. The classic trust models do not support cross-domain and the existing cross-domain trust models are not in a fully distributed way. This paper improves the outstanding Certified Reputation (CR) model and proposes a Lightweight Cross-domain Trust (LCT) model for the mobile distributed environment in a fully distributed way. The trust certifications, in which the trust ratings contain various trust aspects with different interest preference weights, are collected and provided by the trustees. Furthermore, three factors are comprehensively considered to ease the issue of collusion attacks and make the trust certifications more accurate. Finally, a cross-domain scenario is deployed and implemented, and the comprehensive experiments and analysis are conducted. The results demonstrate that our LCT model obviously outperforms the Bayesian Network (BN) model and the CR model in our cross-domain scenario, and significantly improves the successful interaction rates of the honest entities without increasing the risks of interacting with the malicious entities.