• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.5
• /
• pp.7-19
• /
• 2019

Ransomware is a malicious program that requires the cost of decryption after encrypting files on the user's desktop. Since the frequency and the financial damage of ransomware attacks are increasing each year, ransomware prevention, detection and recovery system are needed. Baek et al. proposed SSD-Insider, an algorithm for detecting ransomware within SSD. In this paper, we propose an AdvanSSD-Insider algorithm that substitutes a hash table used for the overwriting check with a bloom filter in the SSD-Insider. Experimental results show that the AdvanSSD-Insider algorithm reduces memory usage by up to 90% and execution time by up to 77% compared to the SSD-Insider algorithm and achieves the same detection accuracy. In addition, the AdvanSSD-Insider algorithm can monitor 10 times longer than the SSD-Insider algorithm in same memory condition. As a result, detection accuracy is increased for some ransomware which was difficult to detect using previous algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.59-67
• /
• 2010

In the paper, we proposed an IM-ACM(Insider Misuse-Access Control Model) for preventing illegal information leakage by insider who exploits his legal rights in the ubiquitous computing environment. The IM-ACM can monitor whether insider uses data rightly using misuse monitor add to CA-TRBAC(Context Aware-Task Role Based Access Control) which permits access authorization according to user role, context role, task and entity's security attributes. It is difficult to prevent information leakage by insider because of access to legal rights, a wealth of knowledge about the system. The IM-ACM can prevent the information flow between objects which have the different security levels using context role and security attributes and prevent an insider misuse by misuse monitor which comparing an insider actual processing behavior to an insider possible work process pattern drawing on the current defined profile of insider's process.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• Journal of Korean Philosophical Society
• /
• v.126
• /
• pp.213-233
• /
• 2013

The aim of this paper is to reveal the ethical problem of insider trading. 'Insider trading' refer to obtaining information from non-public sources such as private acquaintances about trade secret, using it purposes of enhancing insider's financial advantages. And sometimes such a practice can be conducted fraudulently. Therefore, the focus of this paper will be on fairness or justice arguments against insider trading. And all kinds of discussion this paper are to focus the underlying consideration behind these arguments, that is, the underlying consideration about violation of ethical standards of fairness. First, one of these arguments argues that insider trading does necessarily involve defrauding general investors such as general employees, general stockholders. And economic power and unjust advantage of insider can be exercised to the detriment of this non-insider's interests. Second, another argument argues that insider trading undermines competition which is the principle of any free market. And insider trading is not only a complication in the free market mechanism, but also thwarts free competition which free markets depend. Third, the final argument argues that insider trading will be made something unfair about the concept of equal access to information. This argument argues, therefore, that to permit insider trading would be to set up stock market trading rules that are unfair to non-insiders.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5062-5079
• /
• 2017

Malicious insider threats have increased recently, and methods of the threats are diversifying every day. These insider threats are becoming a significant problem in corporations and governments today. From a technology standpoint, detecting potential insider threats is difficult in early stage because it is unpredictable. In order to prevent insider threats in early stage, it is necessary to collect all of insiders' data which flow in network systems, and then analyze whether the data are potential threat or not. However, analyzing all of data makes us spend too much time and cost. In addition, we need a large repository in order to collect and manage these data. To resolve this problem, we develop an indicator-based behavior ontology (IB2O) that allows us to understand and interpret insiders' data packets, and then to detect potential threats in early stage in network systems including social networks and company networks. To show feasibility of the behavior ontology, we developed a prototype platform called Insider Threat Detecting Extractor (ITDE) for detecting potential insider threats in early stage based on the behavior ontology. Finally, we showed how the behavior ontology would help detect potential inside threats in network system. We expect that the behavior ontology will be able to contribute to detecting malicious insider threats in early stage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.267-277
• /
• 2022

Due to the increasing proportion of cloud and remote working environments, various information security incidents are occurring. Insider threats have emerged as a major issue, with cases in which corporate insiders attempting to leak confidential data by accessing it remotely. In response, insider threat detection approaches based on machine learning have been developed. However, existing machine learning methods used to detect insider threats do not take biases and variances into account, which leads to limited performance. In this paper, boosting-type ensemble learning algorithms are applied to verify the performance of malicious insider detection, conduct a close analysis, and even consider the imbalance in datasets to determine the final result. Through experiments, we show that using ensemble learning achieves similar or higher accuracy to other existing malicious insider detection approaches while considering bias-variance tradeoff. The experimental results show that ensemble learning using bagging and boosting methods reached an accuracy of over 98%, which improves malicious insider detection performance by 5.62% compared to the average accuracy of single learning models used.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.19 no.37
• /
• pp.187-194
• /
• 1996

Firms pay cash dividends to reduce the agency costs, and then insider stock ownership affects the dicision of dividend payout ratio. In this study, it is tested that firm's insider stock ownership affects the decision of dividend payout ratio, but the relation between dividend payout ratio and insider stock ownership is nonmonostic. The empirical evidence shows that at low levels of insider stock ownership, increase in the percentage of stock held by insiders decreases dividend payout ratio, but beyond the point of entrenchment increase in the percentage of stock held by insiders increases dividend payout ratio. Thus, the dividend payout ratio and the percentage of stock held by insiders are in a parabolic relation. This implies that there may be a optimal insider stock ownership In lead to the minimun dividend payout ratio.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1887-1898
• /
• 2018

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.

• Management & Information Systems Review
• /
• v.4
• /
• pp.611-629
• /
• 2000

In the legislation interpretation and fundamental viewpoint about the legal system of insider trading, Japan strictly legislate under the proposition, the principle of 'nulla poena,' adopted 'the principle of limited enumeration,' and United states, under 'the principle of comprehension,' has entrusted courts with establishment of concrete concepts and standard, so the courts are very flexible in determining the range of insiders and the importance of inside information to show a strong will to eradicate insider trading. Korea has a legislative position of 'the principle of limited indication' which has been created by the negotiation between those principles of United states and Japan. Though this court has interpreted insider trading, insider trading using non-disclosed information has increased lately, needing the strengthening of its regulations. However, this shows us that sophisticate the regulations may be, the exposure of insider trading has limitations. The most important thing is to change recognition for transparency of the securities market, security of investors and to establish the atmosphere which is that fair stock trading made in a sound capital market to raise funds for corporation. The policies of improving unfair trading, self-regulation bodies, raising the transparency and legality of procedures of supervision and monitoring and applying 'compliance program' to stock companies are very needed to eliminate unfair trading in the securities market and establish the order of trading.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1133-1151
• /
• 2019

Insider threats in the field of information security are so important that the research is continuing centering on the institutes attached to the Carnegie Mellon University. On the other hand, we do not have any separate research institutes. In particular, insider threat research on the defense IT environment directly connected with the survival of the country is not proceeding in depth. In addition, due to the specificity of the military, defense IT security has limited research as an academic discipline, and even the establishment of concepts has not been achieved properly. In addition, because of differences in the environment, the US standard can not be borrowed as it is. This paper analyzes the defense IT environment and defines an insider (threat) suitable for the Korea military environment. I'd like to suggest the type of insider threat and how to mitigate it.