• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.527-535
• /
• 2023

To develop experts capable of responding to cyber security incidents, numerous institutions have established cyber training facilities to cultivate security professionals equipped with effective defense strategies. However, these challenges such as limited resources, scenario-based content development, and cost constraints. To address these issues, this paper proposes a virtual infrastructure variation generation framework. It provides customized, diverse IT infrastructure environments for each organization, allowing cyber defense trainers to accumulate a wide range of experiences. By leveraging Infrastructure-as-Code (IaC) containers and employing Word2Vec, a natural language processing model, mutable code elements are extracted and trained, enabling the generation of new code and presenting novel container environments.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.83-90
• /
• 2015

Recent, Cyber attacks such as hacking and malicious code techniques are evolving very rapidly changing cyber a ttacks are increasing, the number of malicious code techniques vary accordingly become intelligent. In the case of m alware because of the ambiguity in the number of malware have increased rapidly by name or classified as maliciou s code may have difficulty coping with. This paper investigated the naming convention of the vaccine manufacturer s in Korea to solve this problem, the analysis and offers a naming convention for security control event detection r ule analysis to compare the pattern of the detection rule out based on this current.

• Journal of Korea Multimedia Society
• /
• v.25 no.10
• /
• pp.1416-1432
• /
• 2022

The access control system is a system that allows users to selectively enter the building by granting an access key to the user for security. Access keys with weak security are easily exposed to attackers and cannot properly perform the role that authenticates users. Access code keys should be protected from forgery or spoofing. For this reason, access key verification service models is important in security. However, most models manage all access keys on one central server. This method not only interrupts all services due to server errors, but also risks forgery and spoofing in the process of transmitting access keys. Therefore, blockchain algorithms are used to reduce this risk. This paper proposes a blockchain-based access key verification service model that used distributed stored blockchain gateways on storing access keys and authenticates the user's identity based on them. To evaluate the performance of this model, an experiment was conducted to confirm the performance of the access key forgery recovery rate and the blockchain network performance. As a result, the proposed method is 100% forgery recovery rate, and the registration and verification process is evaluated at 387.58 TPS and 136.66 TPS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.605-615
• /
• 2018

Due to the rapid growth of the Internet of Things market, the use of the C/C++ language, which is the most widely used language in embedded systems, is also increasing. To improve the quality of code in the C/C++ language and reduce development costs, it is better to use static analysis, a software verification technique that can be performed in the first half of the software development life cycle. Many programs use static analysis to verify software safety and many static analysis tools are being used and studied. In this paper, we use Clang static analysis tool to check security weakness detection performance of verified test code. In addition, we compared the static analysis results of the test codes applied with the source obfuscation techniques, layout obfuscation, data obfuscation, and control flow obfuscation techniques, and the static analysis results of the original test codes, Analyze the detection ability impact of the Clang static analysis tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.757-766
• /
• 2013

The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code 'chest' has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user's smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

• Proceedings of KOSOMES biannual meeting
• /
• 2004.11a
• /
• pp.9-11
• /
• 2004

• The Journal of the Korea Contents Association
• /
• v.16 no.12
• /
• pp.19-26
• /
• 2016

Among the various services for mobile banking, user authentication method using bank security card is still very useful. We can use mobile banking easily and safely in case of saving encoded security codes in smart phone and entering codes automatically whenever user authentication is required without bank security card. In this paper automatic recognition algorithm of security codes of bank security card is proposed in oder to enroll the encoded security codes into smart phone using smart phone camera. Advanced adaptive binarization is used for extracting digit segments from various background image pattern and adaptive 2-dimensional layout analysis method is developed for segmentation and recognition of damaged or touched digits. Experimental results of proposed algorithm using Android and iPhone, show excellent security code recognition results.

• The KIPS Transactions:PartC
• /
• v.16C no.4
• /
• pp.423-438
• /
• 2009

The sensor network is highlighted because it is one of the essentialbase networks in the ubiquitous computing realization. Researches for providing security and efficiency are being perfomed in the various isuues because of the characteristics of sensor nodes and sensor networks. Recently, code dissemination mechanism is recognized as an important research issue since sensor nodes are in the need of updating new software or the need of modifying bugs in dynamically. Generally lots of nodes are in the sensor networks and they are ramdomly deployed in hostile environments. Thus it is especially important that the code dissemination from the base station to nodes should be processed efficienctly and securely. In this paper, we check up the recent existing code dissemination mechanisms, and comparatively analyze the requirements of the code dissemination and the characteristicsof existing mechanisms. Through the analysis, we present future research issues for the code dissemination area. This research can expedite the research on the code dissemination and improve the usability of sensor networks with efficiency and security.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.19-26
• /
• 2014

Mobile malicious code is typically spread by the worm, and although modeling techniques to analyze the dispersion characteristics of the worms have been proposed, only macroscopic analysis was possible while there are limitations in predicting on certain viruses and malicious code. In this paper, prediction methods have been proposed which was based on Markov chain and is able to predict the occurrence of future malicious code by utilizing the past malicious code data. The average value of the malicious code to be applied to the prediction model of Markov chain model was applied by classifying into three categories of the total average, the last year average, and the recent average (6 months), and it was verified that malicious code prediction possibility could be increased by comparing the predicted values obtained through applying, and applying the recent average (6 months).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.699-700
• /
• 2011

This paper shows the way to prevent the leaking of private information due to malicious codes or connections of invalid URL in QR-Codes, which is used in the present smart-phone. It is difficult to filter out the connections directly with decoding the QR-Codes, so before connecting, we construct servers which compare results of decoding the QR-Codes to a valid URL. The server notifies warning to Smart-phone users if the results were uncertain URLs which did not registered in the server. This paper would help the Smart-phone users to protect their privacy.