• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• Maritime Security
• /
• v.4 no.1
• /
• pp.83-113
• /
• 2022

Although China's maritime militia has not been well known despite its long history, it is recently emerging as a serious threat to maritime security, causing neighboring countries' security concerns due to the growing number of maritime disputes with China. In this regard, it is now time to clearly define the true nature of the Chinese maritime militia. A close look at the organization and roles of the Chinese maritime militia reveals that it is an organization that is systematically managed and operated by the Chinese government and the People's Liberation Army of China. Its role is to serve the purpose of "contributing to the protection and expansion of China's marine interests." In addition, the threat factors of the Chinese maritime militia were analyzed by examining the cases of maritime disputes between the Chinese maritime militia and neighboring countries. First, the Chinese maritime militia has implemented the "Gray Zone Strategy." Second, it is a systematic organization supported by the Chinese government and the People's Liberation Army. Third, it is a maritime power that cannot be ignored as the world's largest militia organization. Fourth, it has a strategic flexibility that enables the execution of the dual mission of working for a living such as commercial fishing and serving in the maritime militia. The threats of the Chinese maritime militia are not limited to Southeast Asian countries located in the South China Sea. This is also the case in Korea as the country cannot avoid maritime disputes with China such as the Ieodo issue and the boundary delimitation of the West Sea. Accordingly, this study was focused on presenting a predictable scenario and countermeasures based on the analysis through a scenario technique with respect to the two cases that are most likely to occur in Korea-China relations. Finally, beyond identifying the nature of the Chinese maritime militia, this study takes a further step to share considerations as to how the organization may operate and develop in the future and how we can cope with its moves.

• Journal of Information Technology Services
• /
• v.12 no.3
• /
• pp.151-163
• /
• 2013

It is no doubt that information technology is the key factor of national safety. Information technology is positively useful for national security such as crime prevention and detection, criminal investigation, disaster management, and national defense. However, it might be a threat to the security as we saw in the examples such as '3.4 DDoS attacks' and 'Nong-hyup Computer Network Failure.' Although the effect that information technology makes upon the national security is immense, the current legal system does not reflect these changes well. National security should be kept during 'prevention-response-recovery' process regardless it is in the online on offline. In addition, public administration for national security should be based on laws. However, the current legal system is lack of legislative basis on cyber and physical disaster, and the laws on the response to disaster might cause confusing. Therefore, this study examines the limitation of the current legal system on national security, and suggests directions for the development of the system based on the new establishment of the legal concept for 'national security'.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1167-1177
• /
• 2019

In this paper, the improved security operation model based on the vulnerability database is studied. The proposed model consists of information protection equipment, vulnerability database, and a dashboard that visualizes and provides the results of interworking with detected logs. The evaluation of the model is analyzed by setting up a simulated attack scenario in a virtual infrastructure. In contrast to the traditional method, it is possible to respond quickly to threats of attacks specific to the security vulnerabilities that the asset has, and to find redundancy between detection rules with a secure agent, thereby creating an optimal detection rule.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5588-5613
• /
• 2018

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.577-589
• /
• 2023

Ministry of National Defense plans to harness AI as a key technology to bolster overall defense capability for cultivation of an advanced strong military based on science and technology based on Defense Innovation 4.0 Plan. However, security threats due to the characteristics of AI can be a real threat to AI-based defense information system. In order to solve them, systematic security activities must be carried out from the development stage. This paper proposes security activities and considerations that must be carried out at each stage of AI-based defense information system. Through this, It is expected to contribute to preventing security threats caused by the application of AI technology to the defense field and securing the safety and reliability of defense information system.

• The Journal of the Korea Contents Association
• /
• v.18 no.6
• /
• pp.434-442
• /
• 2018

Recently, the threat to the security and damage of important data leaked by devices of intranet infected by malicious code through the Internet have been increasing. Therefore, the partitioned intranet model that blocks access to the server for business use by implementing authentication of devices connected to the intranet is required. For this, logical net partition with the VDI(Virtual Desktop Infrastructure) method is no information exchange between physical devices connected to the intranet and the virtual device so that it could prevent data leakage and improve security but it is vulnerable to the attack to expose internal data, which has access to the server for business connecting a nonregistered device into the intranet. In order to protect the server for business, we suggest a blockchain based network partition model applying blockchain technology to VDI. It contributes to decrease in threat to expose internal data by improving not only capability to verify forgery of devices, which is the vulnerability of the VDI based logical net partition, but also the integrity of the devices.

• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.347-363
• /
• 2019

Malware has its own unique behavior characteristics, like DNA for living things. To respond APT (Advanced Persistent Threat) attacks in advance, it needs to extract behavioral characteristics from malware. To this end, it needs to do classification for each malware based on its behavioral similarity. In this paper, various similarity of Windows malware is estimated; and based on these similarity values, malware's family is predicted. The similarity measures used in this paper are as follows: 'TF-IDF cosine similarity', 'Nilsimsa similarity', 'malware function cosine similarity' and 'Jaccard similarity'. As a result, we find the prediction rate for each similarity measure is widely different. Although, there is no similarity measure which can be applied to malware classification with high accuracy, this result can be helpful to select a similarity measure to classify specific malware family.