• Journal of Multimedia Information System
• /
• v.9 no.1
• /
• pp.33-42
• /
• 2022

In this paper, we have recently created self-driving cars and self-parking systems in human-friendly cars that can provide high safety and high convenience functions by recognizing the internal and external situations of automobiles in real time by incorporating next-generation electronics, information communication, and function control technologies. And with the development of connected cars, the ITS (Intelligent Transportation Systems) market is expected to grow rapidly. Intelligent Transportation System (ITS) is an intelligent transportation system that incorporates technologies such as electronics, information, communication, and control into the transportation system, and aims to implement a next-generation transportation system suitable for the information society. By combining the technologies of connected cars and Internet of Things with software features and operating systems, future cars will serve as a service platform to connect the surrounding infrastructure on their own. This study creates a research methodology based on the Enhanced Security Model in Self-Driving Cars model. As for the types of attacks, Availability Attack, Man in the Middle Attack, Imperial Password Use, and Use Inclusive Access Control attack defense methodology are used. Along with the commercialization of 5G, various service models using advanced technologies such as autonomous vehicles, traffic information sharing systems using IoT, and AI-based mobility services are also appearing, and the growth of smart transportation is accelerating. Therefore, research was conducted to defend against hacking based on vulnerabilities of smart cars based on artificial intelligence blockchain.

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2011-2022
• /
• 2022

According to the defense-in-depth concept, not only a preventive strategy but also an integrated cyberattack response strategy for NPPs should be established. However, there are limitations in terms of responding to penetrations, and the existing EOPs are insufficient for responding to intentional disruptions. In this study, we focus on manipulative attacks on process data. Based on an analysis of the related attack vectors and possible attack scenarios, we adopt the Kalman filter to detect process anomalies that can be caused by manipulations of process data. To compensate for these manipulations and secure MCR operators' situational awareness, we modify the Kalman filter such that it can filter out the effects of the manipulations adaptively. A case study was conducted using a hardware-in-the-loop system. The results indicated that the developed method can be used to verify whether the displayed safety-related state data are reliable and to implement the required safety response actions.

• International Journal of Internet, Broadcasting and Communication
• /
• v.14 no.4
• /
• pp.58-63
• /
• 2022

Recently, the improvement of computational processing ability due to the rapid development of computing technology has greatly advanced the field of artificial intelligence, and research to apply it in various domains is active. In particular, in the national defense field, attention is paid to intelligent recognition among machine learning techniques, and efforts are being made to develop object identification and monitoring systems using artificial intelligence. To this end, various image processing technologies and object identification algorithms are applied to create a model that can identify friendly and enemy weapon systems and personnel in real-time. In this paper, we conducted image processing and object identification focused on tanks among various weapon systems. We initially conducted processing the tanks' image using a convolutional neural network, a deep learning technique. The feature map was examined and the important characteristics of the tanks crucial for learning were derived. Then, using YOLOv5 Network, a CNN-based object detection network, a model trained by labeling the entire tank and a model trained by labeling only the turret of the tank were created and the results were compared. The model and labeling technique we proposed in this paper can more accurately identify the type of tank and contribute to the intelligent recognition system to be developed in the future.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.79-86
• /
• 2022

This paper focuses on realizing design improvement and high quality through visualization of reverse engineering-based software. As new technologies and complex software emerge in various areas of the fourth industry in the future, software verification with both stability and reliability is becoming an issue. We propose a reverse engineering-based UML design extraction and visualization for high-quality software ranging from simple computational software to machine learning-based data-oriented software. Through this study, it is expected to improve software quality through design improvement by checking the accuracy of the target design and identifying the code complexity.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.125-128
• /
• 2022

As the number of online systems based on the internet gradually increases, cyber-scale attacks that interfere with the normal operation of web services are also on the rise. In particular, distributed denial-of-service attacks (DDoS) that interfere with normal web service operations are also increasing. Therefore, this paper presents an efficient DDoS attack defense technique utilizing Equal Cost Multi-Path (BGP ECMP) routing techniques in networks of Anycast type by operating PoP basis of major attack sources and describes how high-availability web services can be operated.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.198-201
• /
• 2021

무인 항공기(UAV, Unmanned Aerial Vehicles)는 높은 기동성을 가지며 설치 비용이 저렴하다는 이점이 있어 홍수, 지진 등의 재난 재해 감시 시스템에 이용되고 있다. 재난 재해 감시 시스템에서 UAV는 지상에 위치한 사물인터넷(IoT, Internet of Things) 기기로부터 데이터를 수집하는 임무를 수행하기 위해 계획된 항로를 따라 비행한다. 이때 UAV가 정상 경로로 비행하기 위해서는 실시간으로 GPS 위치 확인이 가능해야 한다. 만일 UAV가 계산한 현재 위치의 GPS 정보가 잘못될 경우 비행경로에 대한 통제권을 상실하여 임무 수행을 완료하지 못하는 결과가 초래될 수 있다는 취약점이 존재한다. 이러한 취약점으로 인해 UAV는 공격자가 악의적으로 거짓 GPS 위치 신호를 전송하는GPS 스푸핑(Spoofing) 공격에 쉽게 노출된다. 본 논문에서는 신뢰할 수 있는 시스템을 구축하기 위해 지상에 위치한 기기가 송신하는 신호의 세기와 GPS 정보를 이용하여 UAV에 GPS 스푸핑 공격 여부를 탐지하고 공격당한 UAV가 경로를 이탈하지 않도록 대응하기 위해 연합학습(Federated Learning)을 이용하는 방안을 제안한다.

• International Journal of Advanced Culture Technology
• /
• v.11 no.4
• /
• pp.34-41
• /
• 2023

The purpose of this paper is to consider the expansion of non-traditional security threats and the national-level response to the emergence of emerging security threats in ultra-uncertain VUCA situations. As a major research method for better analysis, the theoretical approach was referred to papers published in books and academic journals, and technical and current affairs data were studied through the Internet and literature research. The instability and uncertainty of the international order and security environment in the 21st century brought about a change in the security paradigm. Human security emerged as the protection target of security was expanded to individual humans, and emerging security was emerging as the security area expanded. Emerging security threatsthat have different characteristicsfrom traditionalsecurity threats are expressed in various ways, such as cyber threats, new infectious disease threats, terrorist threats, and abnormal climate threats. First, the policy and strategic response to respond to emerging security threats is integrated national crisis management based on artificial intelligence applying the concept of Foresight. Second, it is to establish network-based national crisis management smart governance. Third, it is to maintain the agile resilience of the concept of Agilience. Fourth, an integrated response system that integrates national power elements and national defense elements should be established.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.27-37
• /
• 2022

Virtual private network (VPN) services are used in various environments related to national security, such as defense companies and defense-related institutions where digital communication environment technologies are diversified and access to network use is increasing. However, the number of cyber attacks that target vulnerable points of the VPN has annually increased through technological advancement. Thus, this study identified security requirements by performing STRIDE threat modeling to prevent potential and new vulnerable points that can occur in the VPN. STRIDE threat modeling classifies threats into six categories to systematically identify threats. To apply the proposed security requirements, this study analyzed functions of the VPN and formed a data flow diagram in the VPN service process. Then, it collected threats that can take place in the VPN and analyzed the STRIDE threat model based on data of the collected threats. The data flow diagram in the VPN service process, which was established by this study, included 96 STRIDE threats. This study formed a threat scenario to analyze attack routes of the classified threats and derived 30 security requirements for each element of the VPN based on the formed scenario. This study has significance in that it presented a security guideline for enhancing security stability of the VPN used in facilities that require high-level security, such as the Ministry of National Defense (MND).

• The Journal of the Korea Contents Association
• /
• v.21 no.12
• /
• pp.57-65
• /
• 2021

A hyper-connected intelligence information society is emerging that creates new value by converging IoT, AI, and Bigdata, which are new technologies of the fourth industrial revolution, in all industrial fields. Everything is connected to the network and data is exploding, and artificial intelligence can learn on its own and even intellectual judgment functions are possible. In particular, the Internet of Things provides a new communication environment that can be connected to anything, anytime, anywhere, enabling super-connections where everything is connected. Artificial intelligence technology is implemented so that computers can execute human perceptions, learning, reasoning, and natural language processing. Artificial intelligence is developing advanced technologies such as machine learning, deep learning, natural language processing, voice recognition, and visual recognition, and includes software, machine learning, and cloud technologies specialized in various applications such as safety, medical, defense, finance, and welfare. Through this, it is utilized in various fields throughout the industry to provide human convenience and new values. However, on the contrary, it is time to respond as intelligent and sophisticated cyber threats are increasing and accompanied by potential adverse functions such as securing the technical safety of new technologies. In this paper, we propose a new data modeling method to enable IoT integrated security control by utilizing artificial intelligence technology as a way to solve these adverse functions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.