• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1611-1625
• /
• 2019

The emergence of new technologies and devices brings a new environment in the field of cyber security. It is not easy to predict possible security threats about new environment every time without special criteria. In other words, most malicious codes often reuse malicious code that has occurred in the past, such as bypassing detection from anti-virus or including additional functions. Therefore, we are predicting the security threats that can arise in a new environment based on the history of repeated malicious code. In this paper, we classify and define not only the internal information obtained from malicious code analysis but also the features that occur during infection and attack. We propose a method to predict and manage security threats in new environment by continuously managing and extending.

• The KIPS Transactions:PartD
• /
• v.17D no.2
• /
• pp.167-174
• /
• 2010

When entering the PIN(personal identification number), the greatest security threat is shoulder surfing attack. Shoulder surfing attack is watching the PIN being entered from over the shoulder to obtain the number, and it is the most common and at the same time the most powerful security threat of stealing the PIN. In this paper, a psychology based PINpad technology referred to as DAS(Dynamic Authentication System) that safeguards from shoulder surfing attack was proposed. Also, safety of the proposed DAS from shoulder surfing attack was tested and verified through intuitive viewpoint, shoulder surfing test, and theoretical analysis. Then, a PINpad with an internal DAS that was certified for its safety from shoulder surfing attack was designed and produced. Because the designed PINpad significantly decreases the chances for shoulder surfing attackers being able to steal the PIN when compared to the ordinary PINpad, it was determined to be suitable for use at ATM(automated teller machine)s operated by banks and therefore has been introduced and is being used by many financial institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.177-189
• /
• 2023

Malware detection is an increasingly important operational focus in cyber security, particularly given the fast pace of such threats (e.g., new malware variants introduced every day). There has been great interest in exploring the use of machine learning techniques in automating and enhancing the effectiveness of malware detection and analysis. In this paper, we present a deep recurrent neural network solution as a stacked Long Short-Term Memory (LSTM) with a pre-training as a regularization method to avoid random network initialization. In our proposal, we use global and short dependencies of the inputs. With pre-training, we avoid random initialization and are able to improve the accuracy and robustness of malware threat hunting. The proposed method speeds up the convergence (in comparison to stacked LSTM) by reducing the length of malware OpCode or bytecode sequences. Hence, the complexity of our final method is reduced. This leads to better accuracy, higher Mattews Correlation Coefficients (MCC), and Area Under the Curve (AUC) in comparison to a standard LSTM with similar detection time. Our proposed method can be applied in real-time malware threat hunting, particularly for safety critical systems such as eHealth or Internet of Military of Things where poor convergence of the model could lead to catastrophic consequences. We evaluate the effectiveness of our proposed method on Windows, Ransomware, Internet of Things (IoT), and Android malware datasets using both static and dynamic analysis. For the IoT malware detection, we also present a comparative summary of the performance on an IoT-specific dataset of our proposed method and the standard stacked LSTM method. More specifically, of our proposed method achieves an accuracy of 99.1% in detecting IoT malware samples, with AUC of 0.985, and MCC of 0.95; thus, outperforming standard LSTM based methods in these key metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.417-430
• /
• 2024

As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.97-107
• /
• 2012

Our nation, of which the term of dispatching troops is winded up at the end of this year, is facing presidential election time including the nuclear security summit meeting in March, opening of EXPO in May, and the general election. Hence, the possibility to select our nation at the strategy forming public opinion of military withdrawal through Taliban's terror is high. It coincides with public affair strategy of Taliban terror and learning effect by the past cases. If the possibility of terror threat of Taliban along with this is summarized, the period of threat will concentrate on and be heightened in the first half when the nuclear security summit meeting and EXPO open in our nation, and target and method have high possibility of collision terror of bomb carrying vehicle and suicide bomb on national government organizations or American facilities, and etc, and possibility of kidnapping on our people such as oversea tourists, missionaries, and so on. Terror groups joining the criminal act is to use Islam illegal aliens who already acquire base in our nation or entry maneuver of specialized terrorists connected to Al-Qaeda. Pretext of such terror is withdrawal of our military and western allies stationed in Afghanistan. Therefore, publicity terror of Taliban against our people living overseas and security measure of international events such as the world nuclear security summit meeting, Yeosu EXPO, and etc in the first half of this year should be thoroughly prepared, domestic illegal aliens' movement should be comprehended, and measure blocking international terrorists' relating to Taliban infiltration into our nation should be sought for. Also, there is need of early announcement of government's political will on our military stationed in Afghanistan.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.51-59
• /
• 2017

The role of government is to defend its lands and people from enemies. The range of that defense has now extended into the cyber domain, regarded as the fourth domain of the conventional defense domains (i.e., land, sea, sky, and universe). Traditionally, a government's intelligence power overrides that of its civilians, and government is exclusively responsible for defense. However, it is difficult for government to take the initiative to defend in the cyber domain because civilians already have a greater means for collecting information, which is known as being "intelligence inverse" in the cyber domain. To this end, we first define the intelligence inverse phenomenon and then analyze its main features. Then we investigate foreign countries' efforts to overcome the phenomenon and look at the current domestic situation. Based on these results, we describe the appropriate role of the National Intelligence Agency to handle cyber threats and offer a cyber threat intelligence model to share with civilians to help protect against these threats. Using the proposed model, we propose that the National Intelligence Agency should establish a base system that will respond to cyber threats more effectively.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.143-158
• /
• 2017

Smart Home Appliance which makes people to operate machines in the home by remote control is service or technology to provide convenience. It is close to home, so it has privacy problem and security problem. If Smart Home Applications is attacked, Scale of damage is anticipated. In case of products from overseas country, various vulnerability has been announced every year. Therefore, It is necessary to identify and to analysis threats of Smart Home Appliance using systematically method for using safe Smart home appliance service. In this paper, we present check list for identifying and analyzing threats using Threat Modeling and then we analyzed the Domestic Smart Home Appliance using check list which we present.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.197-210
• /
• 2016

Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.