• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.617-635
• /
• 2021

Internet of Things (IoT) devices connected to the network without appropriate security solutions have become a serious security threat to ICT infrastructure. Moreover, due to the nature of IoT devices, it is difficult to apply currently existing security solutions. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are actually increasing every year. Even though several security solutions are being developed to protect IoT infrastructure, there is a great risk to apply unverified security solutions to real-world environments. Therefore, verification tools to verify the functionality and performance of the developed security solutions are also needed. Furthermore, just as security threats vary, there are several security solution s that defend against them, requiring suitable verification tools based on the characteristics of each security solution. In this paper, we propose an high-speed malware propagation tool that spreads malware at high speed in the IoT infrastructure. Also, we can verify the functionality of the security solution that detect and quickly block attacks spreading in IoT infrastructure by using the high-speed malware propagation tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1151-1163
• /
• 2022

As wireless communication functions begin to be installed in vehicles, cyberattacks that exploit vulnerabilities in wireless communication functions are increasing. To respond to this, UNECE enacted the UN R156 regulation to safely distribute the software installed in the vehicle by using the wireless communication function. The regulations specify the requirements necessary to safely distribute the software for vehicles, but only the abstract requirements are presented without information on the components and detailed functions necessary to develop and implement the requirements. Therefore, in this paper, we propose a security evaluation standard that can evaluate whether a safe SUMS is built using threat modeling, a method for systematically analyzing security threats.

• Korean Security Journal
• /
• no.37
• /
• pp.325-354
• /
• 2013

The concept of national security and the fundamental system for crisis management have departed from traditional methods and the importance of a national critical infrastructure crisis management has been emphasized. A national critical infrastructure crisis means a situation where human resource, material and functional system that may have a material effect on the critical functions of the government, the vitality and integrity of society, national economy and the safety of the public becomes disabled due to causes such as terrorism or major disasters. Although North Korea had been subject to numerous rounds of negotiations and sanctions as it continually developed nuclear weapons since the 1960s, it has also showed off its nuclear armaments through successful nuclear testings and missile launches. As the development and threat of North Korea's weapons of mass destruction becomes more noticeable and the range of its risk expands, this study focuses on the potential for an absence of leadership for national crisis management where the country's leadership, which should serve the critical role and function of handling national crises, becomes completely destroyed by the unexpected initial attacks by North Korea. As a result, the purpose of this study is to propose safety measures for the country's leadership in preparation for North Korea's threat of nuclear weapons by examining the concept and degree of risk of weapons of mass destruction with a focus on nuclear weapons, analyzing the substance of the threat of North Korean nuclear weapons and evaluating such threat. In conclusion, first, to ensure the normal functioning of a national crisis management system in the event of a national crisis, we must seek safety measures that conform to the scope and succession order of the leadership of the national crisis management for an Enduring Constitutional Government (ECG) and the Continuity Of Operations (COOP). Second, in the event of a national ceremony, the gathering of the country's leadership all together in an open place should be avoided. In unavoidable circumstances, the next in rank that will act on behalf of the current leader should be designated and relevant safety measures should be taken. Third, during time of peace, in preparation for national crises, the scope of protection for the country's leadership should be prescribed and specific security and safety measures should be implemented. Fourth, the succession order for acting president in the case of the death of the president pursuant to Articles 71 and 26(1) of the National Government Organization Act should reconsidered to see whether it is a reasonable provision that takes into consideration a national crisis management that corresponds to the threat of North Korean nuclear weapons and weapons of mass destruction. Pursuant to the Basic Guidelines for National Crisis Management set out under Presidential Directive No. 229, the Korean government is currently operating a case-by-case "crisis management standard manual" and its sub-manuals and has also prepared the Presidential Security Service's security and safety measure regulations regarding the acting president. Therefore, the Korean government should actualize the above points in the case-by-case crisis management standard manual and security and safety measure regulations regarding the acting president to implement and legislate them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.411-421
• /
• 2015

These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.

• Korean Security Journal
• /
• no.36
• /
• pp.227-253
• /
• 2013

The threat of crime became a global issue nowadays. Terrorism, organized crime, crime by nation can be mentioned as typical examples. The crimes in modern society can't be identified to happen when, where and how being different from those traditional crimes(murder, robbery, sexual abuse, arson). This was the result of changed security environment that needs to address wide range of crimes as being indicated sporadic characteristics of modern threat of crime such as terrorism threat targeting unidentified masses as well as the emergence of systemic phenomenon of organized crimes and crime committed by nation. In this regard, the case of 9.11 occurred in 2001 can be deemed as an example that made a dramatic turn around to the security environment. After the terrorism, it provided an opportunity to rethink not only USA but also to the institutions all over the world that deals with crime about gathering, management, utilization of crime intelligence. As a result of which there appeared a change in police activities more effectively in gathering & managing crime information and ILP is the very activity that emerged from the USA/UK countries. This aims police activities to minimize the threat of crime being the system reflecting a framework to manage more directly to control crime by gathering and processing information. In view of the global change of security environment as a common phenomenon, the need to direct to ILP has increased in Korea in line with such security environmental change. Accordingly, this study focused on the method of introduction of ILP and presentation of matters for discussion by reviewing ILP activities of the USA/UK countries.

• The Journal of the Korea Contents Association
• /
• v.21 no.10
• /
• pp.59-66
• /
• 2021

In this paper, an improved integrated security control procedure is newly proposed by applying artificial intelligence technology to integrated security control and unifying the existing security control and AI security control response procedures. Current cyber security control is highly dependent on the level of human ability. In other words, it is practically unreasonable to analyze various logs generated by people from different types of equipment and analyze and process all of the security events that are rapidly increasing. And, the signature-based security equipment that detects by matching a string and a pattern has insufficient functions to accurately detect advanced and advanced cyberattacks such as APT (Advanced Persistent Threat). As one way to solve these pending problems, the artificial intelligence technology of supervised and unsupervised learning is applied to the detection and analysis of cyber attacks, and through this, the analysis of logs and events that occur innumerable times is automated and intelligent through this. The level of response has been raised in the overall aspect by making it possible to predict and block the continuous occurrence of cyberattacks. And after applying AI security control technology, an improved integrated security control service model was newly proposed by integrating and solving the problem of overlapping detection of AI and SIEM into a unified breach response process(procedure).

• The Journal of the Korea Contents Association
• /
• v.17 no.3
• /
• pp.231-237
• /
• 2017

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

• Journal of Communications and Networks
• /
• v.16 no.4
• /
• pp.407-414
• /
• 2014

The Internet is a highly distributed and complex system consisting of billion devices and has become the field of various kinds of conflicts during the last two decades. As a matter of fact, various actors utilise the Internet for illicit purposes, such as for performing distributed denial of service attacks (DDoS) and for spreading various types of aggressive malware. Despite the fact that numerous services provide information regarding the threat level of the Internet, they are mostly based on information acquired by their sensors or on offline statistical sampling of various security applications (antivirus software, intrusion detection systems, etc.). This paper introduces proactive threat observatory system (PROTOS), an open-source early warning system that does not require a commercial license and is capable of estimating the threat level across the Internet. The proposed system utilises both a global and a local approach, and is thus able to determine whether a specific host is under an imminent threat, as well as to provide an estimation of the malicious activity across the Internet. Apart from these obvious advantages, PROTOS supports a large-scale installation and can be extended even further to improve the effectiveness by incorporating prediction and forecasting techniques.

• Strategy21
• /
• s.44
• /
• pp.142-176
• /
• 2018

So far, the main threat to South Korea was North Korea. That is why South Korea established a strategy based on the threat of North Korea and most of the budget on defense was used to deter North Korea. Even though the neighboring countries(China, Japan, and Russia) are growing as a real threat with abilities and intentions based on their powerful naval forces, South Korea has not yet been able to establish a strategy that regards neighboring countries as a threat. But the decades-old structural mechanism of the Korean security environment is undergoing a radical change on April 27, 2018, through the South-North summit and the Panmunjom Declaration. Under the changing security environment, South Korea was placed in a complicated dilemma that had to deal with threats of two axes(China), three axes(China, Japan), and four axes(Japan, Russia). If the one axis threat(North Korea) is dominated by land threats, the second, third and fourth axis threats are threats from the sea. This paper analyzed the maritime strategy of Korea within the framework of maritime-geopolitics, in other words recognition and expansion of the sphere of maritime. I have designed that the maritime defense space that we can deny from threats is divided into three lines of defense: 1 line (radius 3,000km), 2 lines (2,000km), and 3 lines (1,000km). The three defense zones of the three lines were defined as an active defense(1 line), defensive offense(2 line), active offense(3 line). The three defense zones of the three lines were defined as the sphere of core maritime, As a power to deny the sphere of core maritime, it was analyzed as a maneuvering unit, a nuclear-powered submarine, the establishment of missile strategy, and the fortification of islands station. The marine strategy of South Korea with these concepts and means was defined as 'Offensive Maritime Denial Strategy'.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.951-958
• /
• 2021

With the growing cyber threat to information assets, it has become important to share threat information quickly. This paper examines the sharing of cyber threat information and presents a method to determine the importance of threat indicators in the information sharing market by calculating weights. The analysis was conducted using AHP techniques, with a pairwise comparison of the four factors(attacker & infected system indicators, role indicators, malicious file indicators, technique & spread indicators) and the details of each factor. Analysis shows that malicious file indicators are the most important among the higher evaluation factors and infected system IP, C&C and Smishing are the most important factors in comparison between detailed items. These findings could be used to measure the preference of consumers and the contribution of information provider for facilitating information sharing.