• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• Journal of the Korea Safety Management & Science
• /
• v.23 no.4
• /
• pp.1-9
• /
• 2021

This study examines the trends of domestic and foreign smart industries and discusses safety and security issues. Based on the actual situation survey and interview of the smart factory, we would like to examine the perspectives on risks and threats. We will examine safety and health issues related to new harmful and risk factors that may occur in smart factories and suggest institutional development directions for future safety and health. First, a safety and health-related work environment for smart factory workers is investigated and interviews are conducted. Second, we investigate new risk factors and threats to prevent industrial accidents for workers in smart factories. The purpose of this study is to examine what are the new risk factors in the smart factory. In addition, we will try to find reasonable improvement measures by finding out the risks and threats of smart factories through case studies in advanced countries, on-site interviews and surveys.

• Korean Security Journal
• /
• no.37
• /
• pp.247-268
• /
• 2013

Country is security agencies with the launch of the Park Chung Hee government president security service act was enacted since installed successfully now undergoing a large-scale international events reborn professional Security agencies, including the North and the Northeast, but the conflict continues because of the national reduce the threat to the security without a destination. However countermeasures against these threats is emphasized, but in an effort to raise the country is security officials security agencies working environment and training for these studies have not performed in this study was started. In order to achieve this purpose, president security service and the seoul police agency personnel working in the field for 45 people who were interviewed, recently developed by utilizing Nvivo 8 program to improve working conditions in the analysis of organizational culture 51(78.46%), Image 7(10.93%), physical and mental 6(9.37%) were categorized, educational institutions in the direction of a police constable 56(76.71%), educational psychology 12(16.43%), theory of education 5(6.84%) were categorized as high. We look at the research results suggest that the authority of the president security service president security service officials in tissue culture officials were struggling to belong to an organization, you need to induce a change in culture has been raised, the current president of the Security Service, as well as specialized police constable training within the organization establish the necessary institutions respectively.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5062-5079
• /
• 2017

Malicious insider threats have increased recently, and methods of the threats are diversifying every day. These insider threats are becoming a significant problem in corporations and governments today. From a technology standpoint, detecting potential insider threats is difficult in early stage because it is unpredictable. In order to prevent insider threats in early stage, it is necessary to collect all of insiders' data which flow in network systems, and then analyze whether the data are potential threat or not. However, analyzing all of data makes us spend too much time and cost. In addition, we need a large repository in order to collect and manage these data. To resolve this problem, we develop an indicator-based behavior ontology (IB2O) that allows us to understand and interpret insiders' data packets, and then to detect potential threats in early stage in network systems including social networks and company networks. To show feasibility of the behavior ontology, we developed a prototype platform called Insider Threat Detecting Extractor (ITDE) for detecting potential insider threats in early stage based on the behavior ontology. Finally, we showed how the behavior ontology would help detect potential inside threats in network system. We expect that the behavior ontology will be able to contribute to detecting malicious insider threats in early stage.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.251-257
• /
• 2004

Todays, the more information technologies(IT) like internet is developed, the more main facilities of individuals and social organizations get deeply involved in IT. Also, the trend of cyber threats such as internet worms and viruses is moving from local pc attacks to IT infrastructure attacks by exploiting inherent vulnerabilities of IT. Social organizations has a limit to response these attacks individually, and so the systematic coordinate center for social organizations is necessary. To analyze and share cyber threat information is performed prior to the construction of the coordinate center. In this paper, we survey domestic alert systems for cyber threats of related organizations and companies, and then classify them into two categories by the range of threat assessment: global alert systems for global If infrastructure and individual alert systems for each threat. Next, we identify problems of domestic alert systems and suggest approaches to resolve them.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.41-54
• /
• 2020

In this paper, it will study various problems such as personal information infringement from when using various useful Apps in the Smartphone environment. It also researched the vulnerabilities Mobile Apps and the risks of personal information leakage when using Smartphone information to decrease threat and find solution. In the second chapter, it will check the existing Mobile App related Apps. In the third chapter, it will check the threats and major factors that caused by the leakage of personal information which related to the app. Then it will suggest solution and end with conclusion. This paper also looked at various problems that caused by illegal adverse effect from illegal personal information collection. Then it researched and made suggestion to make consideration on safety of personal information and privacy infringement that threat to personal information For safety of mobile banking, it proposed a safety method to separate and manage the code which has the core logic which required to run the App. For safety of direction App, when running the direction App, even if the information is collected, location information for unauthorized accessed will encrypt and store in DB, so that access to personal information is difficult. For delivery App environment, by using the national deliver order call center's representative phone to receive a telephone order then, the customer information is delivered to the branch office when it receive order and it will automatically delete information from the server when the delivery is completed by improving DB server of order. For the smart work app environment, the security solution operates automatically by separating and make independent private and work areas. Then it will suggest initialization for company's confidential business information and personal information to safe from danger even if loss.

• Convergence Security Journal
• /
• v.14 no.3_1
• /
• pp.45-54
• /
• 2014

After the Cold War, obligations of nation are expanded to 'Comprehensive Security' that caring citizens' safety and welfare in addition to national defense. Major nations are competing to revolutionize their army to be prepared for various threats. Major nations, including United States and United Kingdom, are tend to adopting and using PMCs eagerly. The size of PMC market estimated around 70 billion euro and growing rapidly. Korea has to adopt PMCs for building military force and operating efficiency while driving 'Military Reform 2030'. Adopting PMCs in Korea can be considered as followings reflecting security situation. So, Korean army must consider implementing and adopting PMCs in order to building army force and attaining efficiency and preparing for the N orth Korean threat and various security risks.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.83-88
• /
• 2016

Over recent years there has been considerable growth in interest in the use of biometric systems for personal authentication. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. By using biometrics, authentication is directly linked to the person, rather than their token or password. Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. In 2013, Althobati et al. proposed an efficient remote user authentication protocol using biometric information. However, we uncovered Althobati et al.'s protocol does not guarantee its main security goal of mutual authentication. We showed this by mounting threat of data integrity and bypassing the gateway node attack on Althobati et al.'s protocol. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in WSN(Wireless Sensor Networks) operate with resource constraints such as limited power, computation, and storage space.