• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1181-1191
• /
• 2021

The pandemic has rapidly developed a non-face-to-face environment. However, the sudden transition to a non-face-to-face environment has led to new security issues in various areas. One of the new security issues is the security threat of insiders, and the zero trust security model is drawing attention again as a technology to defend against it.. Software Defined Perimeter (SDP) technology consists of various security factors, of which device validation is a technology that can realize zerotrust by monitoring insider usage behavior. But the current SDP specification does not provide a technology that can perform device validation.. Therefore, this paper proposes a device validation technology using SVDD-based abnormal behavior detection technology through user behavior monitoring in an SDP environment and presents a way to perform the device validation technology in the SDP environment by conducting performance evaluation.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.447-448
• /
• 2021

The boundary-based security architecture has the advantage of easy deployment of security solutions and high operational efficiency. The boundary-based security architecture is easy to detect and block externally occurring security threats, but is inappropriate to block internally occurring security threats. Unfortunately, internal security threats are increasing in frequency. In order to solve this problem, a zero trust model has been proposed. The zero trust model requires a real-time monitoring function to analyze the behavior of a subject accessing various information resources. However, there is a limit to real-time monitoring of file access of a subject confirmed to be trusted in the system. Accordingly, this study proposes a method to monitor user's file access in real time. To verify the effectiveness of the proposed monitoring method, the target function was verified after the demonstration implementation. As a result, it was confirmed that the method proposed in this study can monitor access to files in real time.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.129-134
• /
• 2022

A smart platform is defined as an evolved platform that realizes physical and virtual space into a hyper-connected environment by combining the existing platform and advanced IT technology. The hyper-connection that is the connection between information and information, infrastructure and infrastructure, infrastructure and information, or space and service, enables the realization and provision of high-quality services that significantly change the quality of life and environment of users. In addition, it is providing everyone with the effect of significantly improving the social safety net and personal health management level by implementing smart government and smart healthcare. A lot of information produced and consumed in these processes can act as a factor threatening the basic rights of the public and individuals by the informations themselves or through big data analysis. In particular, as the smart platform as a core function that forms the ecosystem of a smart city is naturally and continuously expanded, it faces a huge security burden in data processing and network operation. In this paper, platform components as core functions of smart city and appropriate security threats and countermeasures are studied.

• Journal of Korean Society of Disaster and Security
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2016

Today the issue of deterioration of industrial complexes that are located close to life space of residents has been raised as a cause of threats to the safety of local communities. In this study, in order to improve the current risk analysis and scope of community notification, simulated threat zones were comparatively analyzed by utilizing the threat zones of alternative accident scenarios and modes of seasonal weather, and the area with a high probability of damage upon the leakage of toxic substances was predicted by examining wind directions observed at each time slot for each season. In addition, limit evacuation time and minimum separation distance to minimize casualties were suggested, and a proposal to enable more reasonable safety measures for on-site workers and nearby residents made by reviewing the risk management plan currently utilized for emergency response.

• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.295-302
• /
• 2016

Many countries, especially ICT powers, are supporting IoT-based technology at a national level and this technology is actively being researched in the businesses and research institutes in an aim to develop technology and create an ecosystem. Roads in the Seoul city are building public facilities based on IoT to provide various services and conveniences for the users. However, for the full-fledged introduction and development of IoT, there are many cases where infringement on security and privacy and threat for life and safety happen. Also, as the IoT environment includes various environment technologies such as the existing sensor network, heterogeneous communication network, and devices optimized for the IoT environment, it inherits the existing security threat and various attack techniques. This paper researches the attribute based encryption technology for safe communication in the IoT environment. The data collected from the device is transmitted utilizing the attribute based encryption and by designing the key generation protocol, grades and authorities for the device and users are identified to transmit safe messages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1141-1151
• /
• 2018

In an APT attack, the communication stage between infected hosts and C&C(Command and Control) server is the key stage for intrusion into the attack target. Attackers can control multiple infected hosts by the C&C Server and direct intrusion and exploitation. If the C&C Server is exposed at this stage, the attack will fail. Therefore, in recent years, the Domain Generation Algorithm (DGA) has replaced DNS in C&C Server with a short time interval for making detection difficult. In particular, it is very difficult to verify and detect all the newly registered DNS more than 5 million times a day. To solve these problems, this paper proposes a model to judge DGA-DNS detection by the morphological similarity analysis of normal DNS and DGA-DNS, and to determine the sign of APT attack through it, then we verify its validity.

• Journal of Advanced Navigation Technology
• /
• v.21 no.1
• /
• pp.145-152
• /
• 2017

As a popularization of small UAS to have improved flight performance and easiness of controlling, the UAS industry is increased and also small UAS is to be a new threat for airspace security of national strategic infrastructure. Rising the new threat makes the negative side effect of small UAS operation. This phenomena brought to new R&D needs "defense system" for small UAS/UAV - called Anti-Drone. The paper addressed case study of defects, accidents and threats by small UAS/UAV as world wide level, and research and development trend of UAS defense system as each technical category - CONOP (Concept of Operation), identification/recognition method and control/supremacy techniques. As a result, this suggests the direction what and where drone defense system should be applied first and required for Korean society in the view of society system (regime) and a point of view for minimizing side effect as UAS popularization.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.107-119
• /
• 2015

The key objective of terrorism is to create favorable conditions for certain political, ideological, or religious interests through deliberate social chaos and the spread of fear. Accordingly, terrorist groups rally the means and methods capable of spreading fear among the public through shocking violence. Consequently, as terrorism manifests the progress in modern civilization and the structure of international community, its concepts, means, and methods evolve organically with the progress. The characteristics of the modern terrorism include that it has evolved as a means of war against countries by non-state militant groups, and suicide terrorism is spreading like epidemic as it fits the strategies of Islamic extremist and terrorist organizations as a part of international politics based on terrorism. The humanity's efforts to eliminate the threat of terrorism led to decades of implementing premature policies of military force, but they were found ineffective and resulted in the spread of extreme threat of suicide terrorism. For prevention of suicide terrorism, the efforts must be made to dismantle the basis of suicide attacks through addressing religious alienation and antipathy against a civilization using the notions similar to treatment of pathology considering psychological motives of suicide terrorists.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.11-16
• /
• 2016

In modern society, the development of Information and Communication Technology has given people a lot of opportunities. But on the other side cyber attack also gives enormous damage to people. Recently Korea has become the target of cyber attack. The threat of it is growing. Especially North Korea has committed hostile actions against South Korea. North Korea has recently attacked the computer networks of South Korea's important national facilities. The types of North Korea's cyber attacks include the followings. First, if we see it with the viewpoint of software, it tries to destroy or control the Internet, infects the networks with viruses, worms, Trojan Horse and Distributed Denial of Service. I suggest the following to solve the problem. First, South Korea should unify the organizations to respond to the attacks of North Korea, as North Korea has a unified organization for the cyber attack. Second, they should think about the establishment of "Cyber Terrorism Prevention Act" to systematically respond to the software attacks.