• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.181-192
• /
• 2013

There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.647-656
• /
• 2020

Recently, there has been an increasing number of cases in which important data (personal information, technology, etc.) of national and public institutions are leaked to the outside world. Surveys show that the largest cause of such leakage accidents is "insiders." Insiders of organization with the most authority can cause more damage than technology leaks caused by external attacks due to the organization. This is due to the characteristics of insiders who have relatively easy access to the organization's major assets. This study aims to present an optimized property selection model for detecting such abnormalities through supervised learning algorithms among machine learning techniques using actual data such as CrossNet data transfer system transmission log, e-mail transmission log, and personnel information, which safely transmits data between separate areas (security area and non-security area) of the business network and the Internet network.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.503-510
• /
• 2013

Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2019

Most of security countermeasures have been implemented to cope with continuous increase leakage of technology, but almost security countermeasures are focused on securing the boundary between inside and outside. This is effective for detecting and responding to attacks from the outside, but it is vulnerable to internal security incidents. In order to prevent internal leakage effectively, this study identifies activities corresponding to technology leakage activities and designes technology leakage activity detection items. As a design method, we analyzed the existing technology leakage detection methods based on the previous research and analyzed the technology leakage cases from the viewpoint of technology leakage activities. Through the statistical analysis, the items of detection of the technology leakage outcomes were verified to be appropriate, valid and reliable. Based on the results of this study, it is expected that it will be a basis for designing the technology leaking scenarios based on future research and leaking experiences.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1181-1191
• /
• 2021

The pandemic has rapidly developed a non-face-to-face environment. However, the sudden transition to a non-face-to-face environment has led to new security issues in various areas. One of the new security issues is the security threat of insiders, and the zero trust security model is drawing attention again as a technology to defend against it.. Software Defined Perimeter (SDP) technology consists of various security factors, of which device validation is a technology that can realize zerotrust by monitoring insider usage behavior. But the current SDP specification does not provide a technology that can perform device validation.. Therefore, this paper proposes a device validation technology using SVDD-based abnormal behavior detection technology through user behavior monitoring in an SDP environment and presents a way to perform the device validation technology in the SDP environment by conducting performance evaluation.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.9
• /
• pp.440-446
• /
• 2016

Military secrets or confidential data of any organization are extremely important assets. They must be discluded from outside. To do this, methods for detecting anomalous attacks and intrusions inside the network have been proposed. However, most anomaly-detection methods only cover aspects of intrusion from outside and do not deal with internal leakage of data, inflicting greater damage than intrusions and attacks from outside. In addition, applying conventional anomaly-detection methods to data exfiltration creates many problems, because the methods do not consider a number of variables or the internal network environment. In this paper, we describe issues considered in data exfiltration detection for anomaly detection (DEDfAD) to improve the accuracy of the methods, classify the methods as profile-based detection or machine learning-based detection, and analyze their advantages and disadvantages. We also suggest future research challenges through comparative analysis of the issues with classification of the detection methods.

• Korean Security Journal
• /
• no.26
• /
• pp.29-58
• /
• 2011

Since 11 September 2001, warnings of risk in the nexus of terrorism and nuclear weapons and materials which poses one of the gravest threats to the international community have continued. The purpose of this study is to analyze the aim, principles, characteristics, activities, impediments to progress and developmental recommendation of the Global Initiative to Combat Nuclear Terrorism(GICNT). In addition, it suggests implications of the GICNT for the ROK policy. International community will need a comprehensive strategy with four key elements to accomplish the GICNT: (1) securing and reducing nuclear stockpiles around the world, (2) countering terrorist nuclear plots, (3) preventing and deterring state transfers of nuclear weapons or materials to terrorists, (4) interdicting nuclear smuggling. Moreover, other steps should be taken to build the needed sense of urgency, including: (1) analysis and assessment through joint threat briefing for real nuclear threat possibility, (2) nuclear terrorism exercises, (3) fast-paced nuclear security reviews, (4) realistic testing of nuclear security performance to defeat insider or outsider threats, (5) preparing shared database of threats and incidents. As for the ROK, main concerns are transfer of North Korea's nuclear weapons, materials and technology to international terror groups and attacks on nuclear facilities and uses of nuclear devices. As the 5th nuclear country, the ROK has strengthened systems of physical protection and nuclear counterterrorism based on the international conventions. In order to comprehensive and effective prevention of nuclear terrorism, the ROK has to strengthen nuclear detection instruments and mobile radiation monitoring system in airports, ports, road networks, and national critical infrastructures. Furthermore, it has to draw up effective crisis management manual and prepare nuclear counterterrorism exercises and operational postures. The fundamental key to the prevention, detection and response to nuclear terrorism which leads to catastrophic impacts is to establish not only domestic law, institution and systems, but also strengthen international cooperation.