• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.231-234
• /
• 2012

Logging is an important part of any secure computer system. By analyzing logs in computer systems, you can identify early various problems and detect intrusions by attackers. Also logs can use to collect digital evidences in smart devices and to be forensics value for cybercrime investigations. In this paper, we propose a new logging scheme for smart devices and improve it to apply various environments. The proposed scheme satisfies the requirements of logging for smart devices. Thus it will help to develop a better logging in smart devices for digital evidences.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.305-309
• /
• 2007

We live in high level of knowledge and information society spread of computer and rapid expansion of internet. Computer crime is various, complicated and inscrutable. we call it cybercrime. Therefore we should draw up a preventive device of the high-technology industry drain. This study is focused on the legal trend of preventive measure on the high-technology industry drain.

• Journal of Information Technology Services
• /
• v.15 no.1
• /
• pp.67-79
• /
• 2016

This study aims to present the necessary elements that should be part of South Korea's National Defense Strategy against the recent North Korean cyber-attacks. The elements proposed in this study also reflect the recent trend of cyber-attack incidents that are happening in the Unites States and other countries and have been classified into the three levels of cyber incidents: cyberwarfare, cyberterrorism and cybercrime. As such, the elements proposed are presented in accordance with this classification system. In order to properly take into account the recent trend of cyber-attacks perpetrated by North Korea, this paper analyzed the characteristics of recent North Korean cyber-attacks as well as the countermeasures and responses of South Korea. Moreover, by making use of case studies of cyber-attack incidents by foreign nations that threaten national security, the response measures at a national level can be deduced and applied as in this study. Thus, the authors of this study hope that the newly proposed elements here within will help to strengthen the level of Korea's cyber security against foreign attacks, specifically that of North Korea such as the KHNP hacking incidents and so on. It is hoped that further damage such as leakage of confidential information, invasion of privacy and physical intimidation can be mitigated.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Journal of Korea Multimedia Society
• /
• v.12 no.10
• /
• pp.1450-1456
• /
• 2009

By the explosive growth of IT technologies, mobile phones have embedded a lot of functions and everyone can use them with facility. But there are various cybercrimes as invasions of one's privacy or thefts of company's sensitive information using a built-in digital camera function in a mobile phone. In this paper, we propose a scheme for analyzing evidences by digital pictures on mobile phones. Therefore we analyze the features of digital pictures on mobile phones and make databases of characteristic patterns based on the vendor and the model of mobile phone. The proposed scheme will help to acquire digital evidences by providing a better decision of the vendor and/or the model of mobile phone by cybercrime suspects.

• The Journal of Information Systems
• /
• v.32 no.4
• /
• pp.69-94
• /
• 2023

Purpose Social networking service (SNS) platforms employ distinct networking strategies to meet the varying needs of their users, resulting in divergent sets of technological functionalities offered by each platform. Consequently, unique features on various SNSs give rise to distinct social issues. Moreover, the available technical coping mechanisms for users vary significantly across platforms. Design/methodology/approach Therefore, this study analyzes the factors affecting technical coping intention based on technical functions of SNSs for users exposed to cybercrime, such as sexual harassment. We divide coping intention into active and passive coping intention. Furthermore, this research focuses on trust as an antecedent of coping intention and verifies how human and system-like trust affects two coping intentions in different directions. Findings Findings reveal that system-like trust significantly affects both active and passive coping intention as a belief in whether the technology will work properly. However, in the case of human-like trust, trust in the platform provider was found to negatively affect passive coping, which is considered unsocialized behavior on SNS platforms. Therefore, both human-like and system-like trust for the platform must be appropriately applied to cope with the problem while activating the platform.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.333-336
• /
• 2022

With the development of IT technology, cybercrime is becoming sophisticated and intelligent. In particular, in the case of BackDoor, which is used in the APT attack (intelligent continuous attack), it is very important to detect malicious behavior and respond to infringement because it is often unaware that it has been damaged by an attacker. This paper aims to build an EDR platform that can monitor, analyze, and respond to malicious behavior in real time by collecting, storing, analyzing, and visualizing logs in an endpoint environment in real time using open source-based analysis solutions ELK Stack and Sysmon.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.189-196
• /
• 2008

In this modern society, a main tendency of crime is to increase in the incidence frequency of cyber crime. Varied criminal techniques from simple crimes to highly specialized crimes appear through cyber space. With the expansion of Internet spread, ordinary people increasingly have an opportunity to have access to information media and their possibilities to be involuntary associated with crimes get higher. In this sense, its seriousness is great. This study examined the present state of cyber crimes that appear through their several types and characteristics and the problems of police response to cyber crimes, and suggest effective response of police officer.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.293-302
• /
• 2015

With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.