• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.19-27
• /
• 2022

With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.

• Journal of Communications and Networks
• /
• v.16 no.4
• /
• pp.407-414
• /
• 2014

The Internet is a highly distributed and complex system consisting of billion devices and has become the field of various kinds of conflicts during the last two decades. As a matter of fact, various actors utilise the Internet for illicit purposes, such as for performing distributed denial of service attacks (DDoS) and for spreading various types of aggressive malware. Despite the fact that numerous services provide information regarding the threat level of the Internet, they are mostly based on information acquired by their sensors or on offline statistical sampling of various security applications (antivirus software, intrusion detection systems, etc.). This paper introduces proactive threat observatory system (PROTOS), an open-source early warning system that does not require a commercial license and is capable of estimating the threat level across the Internet. The proposed system utilises both a global and a local approach, and is thus able to determine whether a specific host is under an imminent threat, as well as to provide an estimation of the malicious activity across the Internet. Apart from these obvious advantages, PROTOS supports a large-scale installation and can be extended even further to improve the effectiveness by incorporating prediction and forecasting techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.369-375
• /
• 2016

Most companies are willing to spend money on security systems such as DRM, Mail filtering, DLP, USB blocking, etc., for data leakage prevention. However, in many cases, it is difficult that legal team take action for data case because usually the company recognized that after the employee had left. Therefore perceiving one's resignation before the action and building up adequate response process are very important. Throughout analyzing DRM log which records every single file's changes related with user's behavior, the company can predict one's resignation and prevent data leakage before those happen. This study suggests how to prevent for the damage from leaked confidential information throughout building the DRM monitoring process which can predict employee's resignation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.487-498
• /
• 2023

Security incidents using vulnerabilities in cloud services occur, but it is difficult to collect and analyze traces of incidents in cloud environments with complex and diverse service models. As a result, the importance of cloud forensics research has emerged, and infringement response scenarios must be designed from the perspective of cloud service users (CSUs) and cloud service providers (CSPs) based on representative security threat cases in the public cloud service model. This simulated hacking-based proactive cloud infringement response framework can be used to respond to the cloud service critical resource attack process from the viewpoint of vulnerability detection before cyberattacks occur on the cloud, and can also be expected for data acquisition. Therefore, in this paper, we propose a framework for preventive cloud infringement based on simulated hacking by analyzing and utilizing Cloudfox, a cloud penetration test tool.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.17 no.2
• /
• pp.62-67
• /
• 2009

LOSA is a flight safety program that analyses human errors in normal operations. Trained pilot observers monitor the normal flights at the observer seat. LOSA is a proactive non jeopardy data collection tool using threat and error management(TEM) as a framework. With the analysis of crew behaviors through LOSA with The LOSA collaborative(TLC), the airlines can identify the behaviors of the crew during normal operations. The major objective of LOSA is to measure how the crew manage threats, errors and undesired aircraft deviations in the cockpit on day to day operations. The airlines are able to set up effective TEM training with practical six generation Crew recourse management(CRM) with data of error from LOSA instead of theoretical CRM courses. The Airlines can use TEM as an integral part of a Safety Management System(SMS) and uses monitoring and cross-checking skills in the flight operations to manage threats and errors effectively when we know the errors we make in the cockpit on daily operation. The result of LOSA indicates that the error detection rate should be enhanced since around the half of the errors went undetected. The areas which should be focused for enhancing the error detection are monitor, cross-check, the management of workload, automation and taxiway/ runway to manage errors effectively.

• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.217-224
• /
• 2013

Due to the development of mobile technologies, the carrier (telecommunications) billing service market is rapidly growing. carrier (telecommunications) billing service allows users to make on-line purchases through mobile-billing. Users find this particularly convenient because the payment acts as a credit transaction. Furthermore, the system is commonly believed to be secure through its use of SMS (Short Message Service) authentication and a real-time transaction history to confirm the transaction. Unfortunately, there is a growing number of fraudulent transactions threaten the future of this system. The more well documented types of security breaches involves hackers intercepting the authentication process. By contaminating the device with security breaching applications, hackers can secretly make transactions without notifying users until the end of month phone bill. This study sheds light on the importance of this societal threat and suggests solutions. In particular, "secure" systems need to be more proactive in addressing the methods hackers use to make fraudulent transactions. Our research partially covers specific methods to prevent fraudulent transactions on carrier billing service providers' systems. We discuss about the proposed improvements such as complement of electronic payment systems, active promotion for fraudulent transactions enhanced monitoring, fraud detection and introduce a new authentication service. This research supports a future of secure communications billing services, which is essential to expanding new markets.