• Title/Summary/Keyword: Insider Threat

Search Result 39, Processing Time 0.02 seconds

New Approach for Detecting Leakage of Internal Information; Using Emotional Recognition Technology

  • Lee, Ho-Jae;Park, Min-Woo;Eom, Jung-Ho;Chung, Tai-Myoung
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.11
    • /
    • pp.4662-4679
    • /
    • 2015
  • Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

Security Threats to Enterprise Generative AI Systems and Countermeasures (기업 내 생성형 AI 시스템의 보안 위협과 대응 방안)

  • Jong-woan Choi
    • Convergence Security Journal
    • /
    • v.24 no.2
    • /
    • pp.9-17
    • /
    • 2024
  • This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

Application of TPM Methodology for Evaluation GIS R&D Project (기술 포트폴리오 지도(TPM) 방법론 적용에 관한 연구)

  • Lee, Kook-Chul;Back, Ki-Chul;Kang, Byung-Gi
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.4 no.2
    • /
    • pp.152-161
    • /
    • 2009
  • Insider threat is becoming a very serious issue in most organizations and management is responsible for security implementation. This study is to develop a personnel security management indicators in the areas of Personnel Assurance, Personnel Competence, and Security Environment and protection against insider threats. In this study, the information security management system.

  • PDF

Trust-Based Filtering of False Data in Wireless Sensor Networks (신뢰도 평가를 통한 무선 센서 네트워크에서의 거짓 데이타 제거)

  • Hur, Jun-Beom;Lee, Youn-Ho;Yoon, Hyun-Soo
    • Journal of KIISE:Information Networking
    • /
    • v.35 no.1
    • /
    • pp.76-90
    • /
    • 2008
  • Wireless sensor networks are expected to play a vital role in the upcoming age of ubiquitous computing such as home environmental, industrial, and military applications. Compared with the vivid utilization of the sensor networks, however, security and privacy issues of the sensor networks are still in their infancy because unique challenges of the sensor networks make it difficult to adopt conventional security policies. Especially, node compromise is a critical threat because a compromised node can drain out the finite amount of energy resources in battery-powered sensor networks by launching various insider attacks such as a false data injection. Even cryptographic authentication mechanisms and key management schemes cannot suggest solutions for the real root of the insider attack from a compromised node. In this paper, we propose a novel trust-based secure aggregation scheme which identifies trustworthiness of sensor nodes and filters out false data of compromised nodes to make resilient sensor networks. The proposed scheme suggests a defensible approach against the insider attack beyond conventional cryptographic solutions. The analysis and simulation results show that our aggregation scheme using trust evaluation is more resilient alternative to median.

An Architecture of a Dynamic Cyber Attack Tree: Attributes Approach (능동적인 사이버 공격 트리 설계: 애트리뷰트 접근)

  • Eom, Jung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.3
    • /
    • pp.67-74
    • /
    • 2011
  • In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

Ring Signature Scheme Based on Lattice and Its Application on Anonymous Electronic Voting

  • Zhou, Yihua;Dong, Songshou;Yang, Yuguang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.1
    • /
    • pp.287-304
    • /
    • 2022
  • With the development of quantum computers, ring signature schemes based on large integer prime factorization, discrete logarithm problem, and bilinear pairing are under threat. For this reason, we design a ring signature scheme based on lattice with a fixed verification key. Compared with the previous ring signature scheme based on lattice, our design has a fixed verification key and does not disclose the signer's identity. Meanwhile, we propose an anonymous electronic voting scheme by using our ring signature scheme based on lattice and (t, n) threshold scheme, which makes up for the lack of current anonymous electronic voting that cannot resist attacks of the quantum computer. Finally, under standard model (SM), we prove that our ring signature scheme based on lattice is anonymous against the full-key exposure, and existentially non-forgeable against insider corruption. Furthermore, we also briefly analyze the security of our anonymous electronic voting scheme.

A Model to Investigate the Security Challenges and Vulnerabilities of Cloud Computing Services in Wireless Networks

  • Desta Dana Data
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.10
    • /
    • pp.107-114
    • /
    • 2023
  • The study provides the identification of vulnerabilities in the security issues by Wireless Network. To achieve it the research focus on packet flow analysis, end to end data communication, and the security challenges (Cybercrime, insider threat, attackers, hactivist, malware and Ransomware). To solve this I have used the systematic literature review mechanisms and demonstrative tool namely Wireshark network analyzer. The practical demonstration identifies the packet flow, packet length time, data flow statistics, end- to- end packet flow, reached and lost packets in the network and input/output packet statics graphs. Then, I have developed the proposed model that used to secure the Wireless network solution and prevention vulnerabilities of the network security challenges. And applying the model that used to investigate the security challenges and vulnerabilities of cloud computing services is used to fulfill the network security goals in Wireless network. Finally the research provides the model that investigate the security challenges and vulnerabilities of cloud computing services in wireless networks

A Study on the Analysis of Validity and Importance of Event Log for the Detection of Insider Threats to Control System (제어시스템의 내부자 위협 탐지를 위한 Event Log 타당성 및 중요도 분석에 관한 연구)

  • Kim, Jongmin;Kim, DongMin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.77-85
    • /
    • 2018
  • With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

  • PDF

A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code (악성코드의 유입경로 및 지능형 지속 공격에 대한 대응 방안)

  • Gu, MiSug;Li, YongZhen
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.4
    • /
    • pp.37-42
    • /
    • 2015
  • Due to the advance of ICT, a variety of attacks have been developing and active. Recently, APT attacks using malicious codes have frequently occurred. Advanced Persistent Threat means that a hacker makes different security threats to attack a certain network of a company or an organization. Exploiting malicious codes or weaknesses, the hacker occupies an insider's PC of the company or the organization and accesses a server or a database through the PC to collect secrets or to destroy them. The paper suggested a countermeasure to cope with APT attacks through an APT attack process. It sought a countermeasure to delay the time to attack taken by the hacker and suggested the countermeasure able to detect and remove APT attacks.

  • PDF

A Study on Improving Information Security Compliance of Organization Insider (조직 내부자의 정보보안 준수 향상에 대한 연구)

  • Hwang, In-Ho
    • Journal of the Korean Society of Industry Convergence
    • /
    • v.24 no.4_2
    • /
    • pp.421-434
    • /
    • 2021
  • The expansion of information sharing activities using online can increase the threat of information exposure by increasing the diversity of approaches to information within an organization. The purpose of this study is to present conditions for improving the information security compliance intention of insiders to improve the level of information security within the organization. In detail, the study applies the theory of planned behavior that clearly explains the cause of an individual's behavior and proposes a way to increase the compliance intention by integrating the social control theory and goal-setting theory. The study presented research models and hypotheses based on previous studies, collected samples by applying a questionnaire technique, and tested hypotheses through structural equation modeling. As a result, information security attitude, subjective norms, and self-efficacy had a positive influence on the intention to comply. Also, attachment, commitment, and involvement, which are the factors of social control theory, formed a positive attitude toward information security. Goal difficulty and goal specificity, which are the factors of goal setting theory, formed a positive self-efficacy. The study presents academic and practical implications in terms of suggesting a method of improving the information security compliance intention of employees.