• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1129-1135
• /
• 2016

The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.1102-1112
• /
• 2012

The policy of the United States is a Korean Peninsula free of all nuclear weapons. The United States government was considering the possibility of military action to eliminate the North Korean nuclear threat. Talk of military action peaked from mid-1993 through mid-1994. Such an attack might have led directly to a Korean war. At that time the nuclear crisis solutioned by North Korea-United States negotiation and ROK-United States alliance. PSI's purpose is to prevent or at least inhibit the spread of weapons of mass destruction, their delivery systems, and related materials to and from states and non-state actors whose possession would be a serious threat to global or regional security. The most controversial activity of PSI is interdiction. North Korea has expressed grave concern over the initiative, stating that it has a sovereign right to develop, deploy, and export weapons, and that it would view any interdiction of its ships as a declaration of war. If South Korea is to execute interdiction North Korean ships expect tensions to increase dramatically on the peninsula with North Korea doing something quite provacative in response. South Korea cannot help approaching PSI with great caution, since it has to consider the ROK-United States alliance, and inter-Korean relations.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.25 no.5
• /
• pp.495-501
• /
• 2015

Abroad warships are confronted with various menaces. The most critical threat of the warship is an Anti-Ship Missile (ASM). The ASM is able to be launched at a variety of environments and platforms. The ASM can evades conventional naval radar systems and electronic countermeasure techniques for providing a fatal damage to the warship. To cope with the ASM, an active decoy is an effective method to minimize the direct damage to the warship. The active decoy increases survivability of the warship because the ASM can lure pursuit of the active decoy instead of the warship. In this paper, our proposed method verifies an available response time of the active decoy to deal with the ASM using the active decoy of the warship in marine environments. We defined models of the warship, the ASM, and the active decoy, and executed simulation by combining the models. By the simulation result, the proposed method demonstrated the superiority of the mobile active decoy of the response time decoy among various active decoys, and estimated a protection area to prevent the ASM according the response time of the mobile active decoy against the ASM.

• Earthquakes and Structures
• /
• v.20 no.3
• /
• pp.353-364
• /
• 2021

Natural hazards like earthquakes, high winds, and tsunami are a threat all the time for multi-story structures. The environmental forces cannot be clogged but the structures can be prevented from these natural hazards by using protective systems. The structural control can be achieved by using protective systems like the passive, active, semi-active, and hybrid protective systems; but the semi-active protective system has gained importance because of its adaptability to the active systems and reliability of the passive systems. Therefore, a semi-active protective system for the earthquake forces has been adopted in this work. Magneto-Rheological (MR) damper is used in the structure as a semi-active protective system; which is connected to the current driver and proposed controller. The Proportional Integral Derivative (PID) controller and reliable PID controller are two proposed controllers, which will actuate the MR damper and the desired force is generated to mitigate the vibration of the structural response subjected to the earthquake. PID controller and reliable PID controller are designed and tuned using Ziegler-Nichols tuning technique along with the MR damper simulated in Simulink toolbox and MATLAB to obtain the reduced vibration in a three-story benchmark structure. The earthquake is considered to be uncertain; where the proposed control algorithm works well during the presence of earthquake; this paper considers robustness to provide satisfactory resilience against this uncertainty. In this work, two different earthquakes are considered like El-Centro and Northridge earthquakes for simulation with different controllers. In this paper performances of the structure with and without two controllers are compared and results are discussed.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.287-294
• /
• 2016

APT attack aimed at the interruption of information and communication facilities and important information leakage of companies. it performs an attack using zero-day vulnerabilities, social engineering base on collected information, such as IT infra, business environment, information of employee, for a long period of time. Fragmentary response to cyber threats such as malware signature detection methods can not respond to sophisticated cyber-attacks, such as APT attacks. In this paper, we propose a cyber intrusion detection model for countermeasure of APT attack by utilizing heterogeneous system log into big-data. And it also utilizes that merging pattern-based detection methods and abnormality detection method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.101-111
• /
• 2004

Risk analysis process, which identifies vulnerabilities and threat causes of network assets and evaluates expected loss when some of network assets are damaged, is essential for diagnosing ISP network security levels and response planning. However, most existing risk analysis systems provide only methodological analysis procedures, and they can not reflect continually changing vulnerabilities and threats information of individual network system on real time. For this reason, this paper suggests new system design methodology which shows a scheme to collects and analyzes data from network intrusion detection system and vulnerability analysis system and estimate quantitative risk levels. Additionally, experimental performance of proposed system is shown.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2002.05a
• /
• pp.43-50
• /
• 2002

Accurate quantitative forecasting of rainfall for basins with a short response time is essential to predict streamflow and flash floods. Previously, neural networks were used to develop a Quantitative Precipitation Forecasting (QPF) model that highly improved forecasting skill at specific locations in Pennsylvania, using both Numerical Weather Prediction (NWP) output and rainfall and radiosonde data. The objective of this study was to improve an existing artificial neural network model and incorporate the evolving structure and frequency of intense weather systems in the mid-Atlantic region of the United States for improved flood forecasting. Besides using radiosonde and rainfall data, the model also used the satellite-derived characteristics of storm systems such as tropical cyclones, mesoscale convective complex systems and convective cloud clusters as input. The convective classification and tracking system (CCATS) was used to identify and quantify storm properties such as life time, area, eccentricity, and track. As in standard expert prediction systems, the fundamental structure of the neural network model was learned from the hydroclimatology of the relationships between weather system, rainfall production and streamflow response in the study area. The new Quantitative Flood Forecasting (QFF) model was applied to predict streamflow peaks with lead-times of 18 and 24 hours over a five year period in 4 watersheds on the leeward side of the Appalachian mountains in the mid-Atlantic region. Threat scores consistently above .6 and close to 0.8 ∼ 0.9 were obtained fur 18 hour lead-time forecasts, and skill scores of at least 4％ and up to 6％ were attained for the 24 hour lead-time forecasts. This work demonstrates that multisensor data cast into an expert information system such as neural networks, if built upon scientific understanding of regional hydrometeorology, can lead to significant gains in the forecast skill of extreme rainfall and associated floods. In particular, this study validates our hypothesis that accurate and extended flood forecast lead-times can be attained by taking into consideration the synoptic evolution of atmospheric conditions extracted from the analysis of large-area remotely sensed imagery While physically-based numerical weather prediction and river routing models cannot accurately depict complex natural non-linear processes, and thus have difficulty in simulating extreme events such as heavy rainfall and floods, data-driven approaches should be viewed as a strong alternative in operational hydrology. This is especially more pertinent at a time when the diversity of sensors in satellites and ground-based operational weather monitoring systems provide large volumes of data on a real-time basis.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.4
• /
• pp.216-223
• /
• 2017

Chemicals are an indispensable element of modern society to the extent that more than 15 million species are commercially available worldwide. However, among them are chemicals whose toxicityposes a threat to public health and the environment, as illustrated by past cases of chemical accidents, which revealed their danger to human life. Chemical accidents can spread and cause huge damage in a short time because of their characteristics. Therefore, it is important to do as much as possible to prevent them in advance and to respond promptly after an accident. The legal system pertaining to domestic chemical substances is the "Toxic Chemical Control Act", which is made up of the "Act on the Registration and Evaluation of Chemicals" and the "Chemical Control Act" since 2015. Under this law, the Comprehensive Chemical Information System and Chemical Substance Data Processing system were established and are still operating;however, chemical accidents are still occurring. These systems are comprehensive information systems aimed at providing chemical information rather than acting as chemical response systems, which has limited the effectiveness of accident response. This study is intended to analyze the information management systems, response management systems and the basis of chemical substance management support for hazardous chemicals and suggest ways to improve the legal system for developing and operating chemical response systemswithin a municipality.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.267-279
• /
• 2017

This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.