• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.8
• /
• pp.3420-3436
• /
• 2020

Due to the increasing number of malicious software (also known as malware), methods for sharing threat information are being studied by various organizations. The Malware Attribute Enumeration and Characterization (MAEC) format of malware is created by analysts, converted to Structured Threat Information Expression (STIX), and distributed by using Trusted Automated eXchange of Indicator Information (TAXII) protocol. Currently, when sharing malware analysis results, analysts have to manually input them into MAEC. Not many analysis results are shared publicly. In this paper, we propose an automated MAEC conversion technique for sharing analysis results of malicious Android applications. Upon continuous research and study of various static and dynamic analysis techniques of Android Applications, we developed a conversion tool by classifying parts that can be converted automatically through MAEC standard analysis, and parts that can be entered manually by analysts. Also using MAEC-to-STIX conversion, we have discovered that the MAEC file can be converted into STIX. Although other researches have been conducted on automatic conversion techniques of MAEC, they were limited to Windows and Linux only. In further verification of the conversion rate, we confirmed that analysts could improve the efficiency of analysis and establish a faster sharing system to cope with various Android malware using our proposed technique.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.200-203
• /
• 2018

최근 기업, 기관, 개인의 자산들에 대한 사이버 위협이 빈번하게 발생되고 있으며, 시장에는 다양한 업체, 제품의 단말/EDR/네트워크 제품들이 경쟁하고 있따. 이로 인해 사이버 위협에 대한 정보 및 제어 정보, 정책 정보들을 사전에 공유하고 해당 정보의 자동화된 해석을 통한 신속한 대응 처리의 중요성이 높아지고 있다. 본 논문에서는 업체들의 장비/제품에 적용 가능한 제어 정보를 정의하고 이를 공유하기 위한 공유 시스템을 제안한다. 이를 위해 STIX 2.0 표준을 도입하여 제어 정보를 설계하고, 확장 표준을 통해 요구되는 속성들을 추가 정의하여 자동화된 해석 및 대응 처리가 가능하도록 설계한다.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2006.05a
• /
• pp.761-775
• /
• 2006

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.299-301
• /
• 2017

현대사회에서는 사이버 해킹 공격이 많이 일어나고 있다. 공격이 증가함에 따라 이를 다양한 방법으로 방어하고 탐지하는 연구가 많이 이루어지고 있다. 본 논문은 OpenIOC, STIX, MMDEF 등과 같은 공격자의 방법론 또는 증거를 식별하는 기술 특성 설명을 수집해 놓은 표현들을 기반을 머신러닝과 logstash라는 로그 수집기를 결합하는 새로운 시스템을 제안한다. 시스템은 pc에 공격이 가해졌을 때 로그 수집기를 사용하여 로그를 수집한 후에 로그의 속성 값들의 리스트를 가지고 머신러닝 알고리즘을 통해 학습시켜 분석을 진행한다. 향후에는 제안된 시스템을 실시간 처리 머신러닝 알고리즘을 사용하여 필요로그정보의 구성을 해주면 자동으로 로그정보를 수집하고 필터와 출력을 거쳐 학습을 시켜 자동 침입탐지시스템으로 발전할 수 있을 것이라 예상된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.647-650
• /
• 2018

With the advent of advanced technologies in the real world, the cyber domain has become wider and cyber threats are increasing. A cyber threat intelligence sharing system is needed to more effectively defend and respond to such cyber threats. Through the definition of cyber threat information expression standard, it enables rapid sharing, consistent analysis, and automated interpretation of cyber threat information possessed by individual security control providers or organizations.

• Journal of Sasang Constitutional Medicine
• /
• v.13 no.2
• /
• pp.194-204
• /
• 2001

Purpose: In general, Acute Pyelonephritis is effectively treated with the use of antibiotics. However, some antibiotics are reported to cause side effects, and the abuse of antibiotics results in the increase of the disease's tolerance to antibiotics. Recently, I have effectively treated five cases of Acute Pyelonephritis by using only Constitution - Acupuncture and Herb, and therefore I would like to report about these cases. Methods: I diagnosed Acute Pyelonephritis of these five patients by confirming symptoms and employing a urine analysis with reagent strip(Multi $stix{\circledR}$). I used Kuon's method of constitutional diagnosis for the purpose of the diagnosis of the constitutional 8 morbidities. I relied on Sungjeong(性情) and Chehyungkisang(體刑氣像) in diagnosing Sasang Constitutions(四象人). I performed acupuncture on the left and right sides, depending on 8 constitutions, by employing Chang - temperament Inflammation Formula(臟系炎症方) that is used for the treatment of all kinds of chang-temperament inflammation diseases, as well as Bactericidal Formula(殺菌方) that is used for the treatment of all kinds of bacterially caused diseases. I prescribed by consulting the appearance of disease and general symptoms of each case with Dongyi Soose Bowon(東醫壽世保元)'s prescription symptoms. Result: Two of them showing severe symptoms were hospitalized, while three others took OPD treatment. The patient who was PANCREOTONIA and Soyangin improved through hospitalization for three days, another patient who was PULMOTONIA and Taeyangin with severe symptoms, improved through hospitalization for seven days, and completely recovered through OPD treatment later. The three others took only OPD treatment, and improved within 5-7 days. Conclusion: I confirmed that each of 8-constituions and Sasang Constitutions were all treated effectively without antibiotics.

• Journal of agricultural medicine and community health
• /
• v.14 no.1
• /
• pp.5-15
• /
• 1989

To compare the health status of rural and urban aged persons(over 65 years old) by an abnormality of a hematologic and some biochemical values as well as urinalysis and chest X-ray, following examinations were done on 8,756(male : 4,339: female 4,417) by hemoglobin, total cholesteol, GOT, and glucose, on 9,207(male: 4,467; female : 4.740) by urinalysis and on 9,148(male : 4,426: female : 4,722) by chest X-ray. The results are as follows: 1) The proportion of outlier of normal range of the GOT(over 40 unit) showed higher in rural aged persons(5.3%) than in urban aged(2.8%). There was no significant difference in both of urban and rual female, but the rural male(7.4 showed significantly higher than the urban male(3.9% ). 2) The proportion of abnormality of the total cholesterol value(over 260 mg/dl) was 7,0% in urban and 1.7% in rural aged persons. In the male, there was no significant difference in both urban(2.2%) and rural(1.4%), however the urban female(10.5%) showed significantly higher than the rural female(2.2%). 3) In the blood glucose level, the proportion of abnormality(over 120 mg/dl) showed 17.1% in urban and 19.3% in rural aged persons. The rural aged persons in both sexes(male : 18.1% : female : 20.7%) were relatively higher abnormality rates than those of the urban aged(male : 15. 3%: female : 18.4% ) respectively. 4) The proportion of abnormality of hemoglobin level(less than 12.0 g/dl in male: less than 11.0 g/dl in female) showed 7.1% in urban and 2.6%J in rural aged persons. The urban aged persons in both sexes(male : 8.3%: female 6.3%) were relatively higher abnormality rates than those of the rural aged(male : 3.0%: female : 2.2%) 5) In the urinalysis by urine stix(Korea Green Cross Co.), the positive rates of urine protein were 1.0% in urban and 0.5% in rural aged per-sons, and there was no any significant differences in both areas by sex. 6) The positive rates of urine glucose in urban aged persons(5.8'% : male : 7.3% : female : 4.7%). showed relatively higher than those of rural aged (3.4% : male : 3.9%: female : 2.8%). 7) The positive findings of pulmonary tuberculosis by indirect X-ray examination were observed in 7.7% of aged persons in both rural and urban areas respectively. However, the positive rates of male in both areas(urban : 12.8% ; rural : 10.0%) showed higher than those of female (urban 4.2% ; rural 5.0%).