• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.286-289
• /
• 2020

정보통신 기술의 발달로 무분별한 사이버 공격에 노출되어 있기 때문에 정보보안의 기술이 중요해지고 있다. 이중 침입 탐지 시스템은 방화벽과 더불어 시스템 및 네트워크 보안을 위한 대표적인 수단으로, 현재까지 네트워크 기반인 NIDS와 호스트 기반인 HIDS에 대한 많은 연구가 이루어졌다. 이러한 침입 탐지에 대한 CTI(Cyber Threat Intelligence)를 공유하기 위해 다양한 CTI 프레임워크를 사용하여 CTI 정보를 공유하는 연구가 진행되고 있다. 이에 본 논문에서는 CVE기반의 OpenIOC와 Snort 및 OSSEC에서 생성된 Raw Data를 결합하여 새로운 CTI 프레임 워크를 제안한다. 제안된 시스템을 테스트하기 위해서는 CVE 분석을 기반으로한 Kali Linux로 공격을 진행한다, 이를 통해 생성된 데이터는 시간이 지남에 따라 축적된 데이터를 저장 및 검색을 위해 대규모 분산 처리 시스템과도 결합이 필요할 것으로 예상되며 추후 딥러닝 기술을 활용하면 지능형 지속 위협을 분석하는데 용이할 것으로 예상된다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.187-189
• /
• 2023

IoT(Internet of Things), 빅데이터, AI(Artificial Intelligence), 클라우드와 같은 ICT(Information and Communications Technology) 기술이 발전함에 따라 ICT와 제조기술이 융합된 스마트팩토리가 발전하고 있다. 이는 2개의 영역과 5개의 계층으로 구성되어 기타 환경들과 상이한 구조를 가지고 있으며, 각 영역·계층별 발생 가능한 보안위협도 상이하다. 또한, 각 영역과 계층이 연결됨에 따라 발생 가능한 보안위협이 증가하고 있으며, 이에 대한 효율적인 대응을 위하여 스마트팩토리 영역·계층별 환경을 고려한 대응체계 마련이 필요한 실정이다. 따라서, 본 논문에서는 스마트팩토리 영역·계층별 발생 가능한 보안위협을 분석하고, 이에 대응하기 위한 대응체계 도출 기법을 제안한다.

• Journal of the Korea Institute of Building Construction
• /
• v.16 no.4
• /
• pp.341-348
• /
• 2016

The aim of this study is to suggest design requirements on the military barriers which are installed to reduce critical damage on protective facilities against sudden pin-point attacks caused by North Korean artilleries. For this purpose, site investigation and review of design drawings associated with barriers built in the contact areas are conducted. With identified data concerning barriers, the geometric modeling, which is used in the structural analysis, is performed. And then, the possible threat of North Korea is determined based on intelligence preparation of battlefields. Once the structural modeling and threat analysis are completed, structural damage on barriers and protective facilities are assessed in terms of impact, penetration, scabbing, and blast pressure effects. According to the analysis results, the thickness of barriers should be 450mm at least and current established barriers need to be structurally reinforced via sectional enlargement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1087-1098
• /
• 2023

The rapid advancement of artificial intelligence (AI) technology has led to its proactive utilization across various fields. However, this widespread adoption of AI-based systems has raised concerns about the increasing threat of attacks on these systems. In particular, deep neural networks, commonly used in deep learning, have been found vulnerable to adversarial attacks that intentionally manipulate input data to induce model errors. In this study, we propose a method to protect image classification models from visually imperceptible One-Pixel attacks, where only a single pixel is altered in an image. The proposed defense technique utilizes an autoencoder model to remove potential threat elements from input images before forwarding them to the classification model. Experimental results, using the CIFAR-10 dataset, demonstrate that the autoencoder-based defense approach significantly improves the robustness of pretrained image classification models against One-Pixel attacks, with an average defense rate enhancement of 81.2%, all without the need for modifications to the existing models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.201-208
• /
• 2019

In the phono-sapiens era of the intelligence information society, most business activities are increasingly dependent on networks and information systems. SMEs, which occupy the majority of Korean companies, are increasingly possessing the value and technology of their information assets, and their ability to protect core technologies that are the driving force of corporate growth will be the most important competitiveness of enterprises. Accordingly, the Ministry of Science and ICT and the Korea Internet & Security Agency(KISA) provides a foundation for minimizing the damage from cyber threats such as hacking and information leakage by evaluating the current information protection level of SMEs and enhancing information protection capability by supporting a high level of customized information protection consulting. In this study, we analyze the effectiveness of information protection based on the results of KISA SMEs consulting. In addition, by identifying problems and limitations derived from SMEs information protection consulting results, SMEs should propose measures to improve information security of SMEs that can manage information protection management system more efficiently and effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.447-463
• /
• 2022

Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.411-425
• /
• 2023

Today, AI (Artificial Intelligence) technology is widely used in various fields, performing classification and regression tasks according to the purpose of use, and research is also actively progressing. Especially in the field of security, unexpected threats need to be detected, and unsupervised learning-based anomaly detection techniques that can detect threats without adding known threat information to the model training process are promising methods. However, most of the preceding studies that provide interpretability for AI judgments are designed for supervised learning, so it is difficult to apply them to unsupervised learning models with fundamentally different learning methods. In addition, previously researched vision-centered AI mechanism interpretation studies are not suitable for application to the security field that is not expressed in images. Therefore, In this paper, we use a technique that provides interpretability for detected anomalies by searching for and comparing optimization references, which are the source of intrusion attacks. In this paper, based on reference, we propose additional logic to search for data closest to real data. Based on real data, it aims to provide a more intuitive interpretation of anomalies and to promote effective use of an anomaly detection model in the security field.

• Strategy21
• /
• s.37
• /
• pp.5-31
• /
• 2015

The Republic of Korean Navy (ROKN) started from scratch. However, ROKN demonstrated its Blue Navy capabilities successfully to the entire world by conducting "Operation Early Dawn" at the Aden Bay, Yemen in Jan 2011. On the event of the 70th anniversary of the ROKN, I would like to retrospect past gleaning from voyages and challenges we had in the past. At the very inception of the ROKN, Korean government as well as senior military leaders recognized that it had no time to spare to clean up military those were insinuated deeply by communist agents. It was the top priority of the government. The Mongumpo Operation which was not well known, conducted by ROKN was one of the clean-up drive. The Korean War sometimes called as "a fire from land put-off at the sea". The world famous "Incheon Landing" which reversed war situation from the Nakdong Perimeter also done by Sea Power. ROKN conducted various maritime operations including not only Incheon Landing, but amphibious operation at Hungnam, mine sweeping, sea convoy, Wonsan Withdrawal. On the same day of the Korean War started, 25th June 1950, unless the victory of the ROKNS Baekdusan (PC 701) at the Korean Strait, the waning lamp light of Korea could not be rekindled by the participation of the U.N. The ROKN rescued the 17th regiment of Korean Army from the isolation at the Ongjin Peninsular and transported gold and silver bars stored at the Bank of Korea to the Navy supply deposit in Jinhae safely. ROKN special intelligence unit conducted critical HUMINT which led Incheon Landing success. One of important mission ROKN conducted successfully was not only transporting war fighting materials but also U.S. provided grains to starving Koreans. ROKN participated Vietnam campaign from 1960s and conducted numerous maritime transportation operations supplying materials to Vietnam military forces along the long coastal lines. Experienced Naval Officers and enlisted men who discharged and acquired as merchant marine certificate supported most of the U.S. sea lift operations throughout the Vietnam campaign. ROK-US Combined Forces which had been honed and improved its war fighting capabilities through the Korean War and out of Vietnam jungle playing key deterrent against threat from north Korea. However, those threat level will be completely different when north Korea finish its nuclear weapon ambition. In order to stand firm against north Korean nuclear threat, I would like to expect strong political leadership supporting nuclear submarine for ROKN.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.