• Title/Summary/Keyword: Threat Response Center

Search Result 50, Processing Time 0.025 seconds

Cyber threat Detection and Response Time Modeling (사이버 위협 탐지대응시간 모델링)

  • Han, Choong-Hee;Han, ChangHee
    • Journal of Internet Computing and Services
    • /
    • v.22 no.3
    • /
    • pp.53-58
    • /
    • 2021
  • There is little research on actual business activities in the field of security control. Therefore, in this paper, we intend to present a practical research methodology that can contribute to the calculation of the size of the appropriate input personnel through the modeling of the threat information detection response time of the security control and to analyze the effectiveness of the latest security solutions. The total threat information detection response time performed by the security control center is defined as TIDRT (Total Intelligence Detection & Response Time). The total threat information detection response time (TIDRT) is composed of the sum of the internal intelligence detection & response time (IIDRT) and the external intelligence detection & response time (EIDRT). The internal threat information detection response time (IIDRT) can be calculated as the sum of the five steps required. The ultimate goal of this study is to model the major business activities of the security control center with an equation to calculate the cyber threat information detection response time calculation formula of the security control center. In Chapter 2, previous studies are examined, and in Chapter 3, the calculation formula of the total threat information detection response time is modeled. Chapter 4 concludes with a conclusion.

Web Attack Classification via WAF Log Analysis: AutoML, CNN, RNN, ALBERT (웹 방화벽 로그 분석을 통한 공격 분류: AutoML, CNN, RNN, ALBERT)

  • Youngbok Jo;Jaewoo Park;Mee Lan Han
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.587-596
    • /
    • 2024
  • Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

A Direction to Korean Countermeasures against Terror Following the Changes in German Countermeasure Policies against Terrors (독일의 테러대응 정책 변화에 따른 한국의 테러대책 방향)

  • Kwon, Jeong-Hoon
    • Journal of the Society of Disaster Information
    • /
    • v.8 no.4
    • /
    • pp.411-418
    • /
    • 2012
  • This thesis aims at presenting the improvements of terror-responsive policy that Korea has to take on the basis of terror threat to Germany and responsive policies. so, First, Korea has to prepare the ways to legislate on terror responsive policies. Second, Korea has to construct a management center to response to terror comprehensively. In addition, Korea, like Germany, has to establish cooperation center related to terror on internet to surveil and analyze information and situation.

Model Proposal for Detection Method of Cyber Attack using SIEM (SIEM을 이용한 침해사고 탐지방법 모델 제안)

  • Um, Jin-Guk;Kwon, Hun-Yeong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.6
    • /
    • pp.43-54
    • /
    • 2016
  • The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

A study on the threat hunting model for threat detection of circumvent connection remote attack (우회 원격공격의 위협탐지를 위한 위협 헌팅 모델 연구)

  • Kim, Inhwan;Ryu, Hochan;Jo, Kyeongmin;Jeon, Byungkook
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.21 no.4
    • /
    • pp.15-23
    • /
    • 2021
  • In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

A Study on the Real-time Cyber Attack Intrusion Detection Method (실시간 사이버 공격 침해사고 탐지방법에 관한 연구)

  • Choi, Jae-Hyun;Lee, Hoo-Jin
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.7
    • /
    • pp.55-62
    • /
    • 2018
  • Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

Violence experiences, coping, and response of paramedics in the emergency room (응급실 내 1급 응급구조사의 폭력경험과 대처 및 반응)

  • Han, Seung-Eun;Lee, Kyoung-Youl
    • The Korean Journal of Emergency Medical Services
    • /
    • v.22 no.2
    • /
    • pp.51-65
    • /
    • 2018
  • Purpose: The purpose of this study was to investigate experiences of violence with patients or family members by paramedics working at emergency rooms. Methods: A questionnaire was administered from June 1 to 31, 2017 to 225 paramedics working at 27 emergency medical centers. The collected data were analyzed with SPSS statistics ver 24.0 program. Results: Within the past year, 208(92.9%) of 224 participants experienced violence among whom 202(90.2%) experienced verbal abuse, 193(86.2%) experienced physical threat, 89(39.7%) experienced physical violence, and 52(23.2%) experienced sexual violence. The level of violence response depending on the overlapping experience of violence type showed significant difference from emotional response (p= .001), social response (p= .001), physical response (p= .004), and overall violence response (p= .001). Conclusion: In conclusion, paramedics are frequently exposed to violence in the emergency rooms, of which they mostly experience verbal abuse. In addition, because the reporting system in the event of violence and the coping process are not well-informed, paramedics are unable to sufficiently utilize the reporting system and programs established within the institution. Therefore, the support of the legal system is needed to create a safe working environment for the medical staff who work in the emergency medical centers.

The Present State of Domestic Alert Systems for Cyber Threats (사이버 위협에 대한 국내 경보 체계 현황)

  • 이도훈;백승현;오형근;이진석
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.251-257
    • /
    • 2004
  • Todays, the more information technologies(IT) like internet is developed, the more main facilities of individuals and social organizations get deeply involved in IT. Also, the trend of cyber threats such as internet worms and viruses is moving from local pc attacks to IT infrastructure attacks by exploiting inherent vulnerabilities of IT. Social organizations has a limit to response these attacks individually, and so the systematic coordinate center for social organizations is necessary. To analyze and share cyber threat information is performed prior to the construction of the coordinate center. In this paper, we survey domestic alert systems for cyber threats of related organizations and companies, and then classify them into two categories by the range of threat assessment: global alert systems for global If infrastructure and individual alert systems for each threat. Next, we identify problems of domestic alert systems and suggest approaches to resolve them.

  • PDF

A Marine Bacterium with Animal-Pathogen-Like Type III Secretion Elicits the Nonhost Hypersensitive Response in a Land Plant

  • Boyoung Lee;Jeong-Im Lee;Soon-Kyeong Kwon;Choong-Min Ryu;Jihyun F. Kim
    • The Plant Pathology Journal
    • /
    • v.39 no.6
    • /
    • pp.584-591
    • /
    • 2023
  • Active plant immune response involving programmed cell death called the hypersensitive response (HR) is elicited by microbial effectors delivered through the type III secretion system (T3SS). The marine bacterium Hahella chejuensis contains two T3SSs that are similar to those of animal pathogens, but it was able to elicit HR-like cell death in the land plant Nicotiana benthamiana. The cell death was comparable with the transcriptional patterns of H. chejuensis T3SS-1 genes, was mediated by SGT1, a general regulator of plant resistance, and was suppressed by AvrPto1, a type III-secreted effector of a plant pathogen that inhibits HR. Thus, type III-secreted effectors of a marine bacterium are capable of inducing the nonhost HR in a land plant it has never encountered before. This suggests that plants may have evolved to cope with a potential threat posed by alien pathogen effectors. Our work documents an exceptional case of nonhost HR and provides an expanded perspective for studying plant nonhost resistance.

Design and implementation of an improved MA-APUF with higher uniqueness and security

  • Li, Bing;Chen, Shuai;Dan, Fukui
    • ETRI Journal
    • /
    • v.42 no.2
    • /
    • pp.205-216
    • /
    • 2020
  • An arbiter physical unclonable function (APUF) has exponential challenge-response pairs and is easy to implement on field-programmable gate arrays (FPGAs). However, modeling attacks based on machine learning have become a serious threat to APUFs. Although the modeling-attack resistance of an MA-APUF has been improved considerably by architecture modifications, the response generation method of an MA-APUF results in low uniqueness. In this study, we demonstrate three design problems regarding the low uniqueness that APUF-based strong PUFs may exhibit, and we present several foundational principles to improve the uniqueness of APUF-based strong PUFs. In particular, an improved MA-APUF design is implemented in an FPGA and evaluated using a well-established experimental setup. Two types of evaluation metrics are used for evaluation and comparison. Furthermore, evolution strategies, logistic regression, and K-junta functions are used to evaluate the security of our design. The experiment results reveal that the uniqueness of our improved MA-APUF is 81.29% (compared with that of the MA-APUF, 13.12%), and the prediction rate is approximately 56% (compared with that of the MA-APUF (60%-80%).