• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.3
• /
• pp.91-98
• /
• 2021

Today's information and communication technology is rapidly developing, the security of IT infrastructure is becoming more important, and at the same time, cyber attacks of various forms are becoming more advanced and sophisticated like intelligent persistent attacks (Advanced Persistent Threat). Early defense or prediction of increasingly sophisticated cyber attacks is extremely important, and in many cases, the analysis of network-based intrusion detection systems (NIDS) related data alone cannot prevent rapidly changing cyber attacks. Therefore, we are currently using data generated by intrusion detection systems to protect against cyber attacks described above through Host-based Intrusion Detection System (HIDS) data analysis. In this paper, we conducted a comparative study on machine learning algorithms using LID-DS (Leipzig Intrusion Detection-Data Set) host-based intrusion detection data including thread information, metadata, and buffer data missing from previously used data sets. The algorithms used were Decision Tree, Naive Bayes, MLP (Multi-Layer Perceptron), Logistic Regression, LSTM (Long Short-Term Memory model), and RNN (Recurrent Neural Network). Accuracy, accuracy, recall, F1-Score indicators and error rates were measured for evaluation. As a result, the LSTM algorithm had the highest accuracy.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• Korean Security Journal
• /
• no.22
• /
• pp.91-111
• /
• 2010

Around the middle of the ninth century the strict bone-rank system of Silla frustrated many people who had political ambition but lacked nobility. They had to seek other ways, including maritime trade. Such an undertaking reflected and also increased their economic and military power. Trade prospered with T'ang China and with Japan as well. The threat of piracy to Silla's thriving maritime trade caused to create a succession of garrisons at important coastal points. Chonghae Jin (Chonghae garrison) was regarded as the most important of these. It was established in 828 by Chang Pogo. Chonghae Jin was on Wando, an island just east of the southwestern tip of Korea and a key place at this time in the trade between China, Korea, and Japan. From this vantage point Chang Pogo became a merchant-prince with extensive holdings and commercial interests in China and with trade contacts with Japan. Although piracy was rampant in East Asia at that time, either the Chinese or Silla government was not able to control it due to inner political strife and lack of policing resources. Infuriated by the piracy and the government's inability to control it, Chang Pogo came back to Silla to fight against the pirates and to protect maritime trade. He persuaded the king of Silla and was permitted to control the private armed forces to sweep away the pirates. In 829 he was appointed Commissioner of Chonghae-Jin with the mission of curbing piracy in that region. Chang's forces were created to protect people from pirates, but also developed into traders among Silla Korea, T'ang China, and Japan in the 9th century. This was geographically possible because the Chonghae Garrison was situated at the midpoint of Korea, China, and Japan, and also because Chang's naval forces actually dominated the East Asia Sea while patrolling sea-lanes. Based on these advantages, Chang Pogo made a great fortune, which might be collected from a charge for protecting people from pirates and the trades with China and Japan. Chang's forces could be termed the first private security company in the Korean history, at least in terms of historical documents. Based on historical documents, the numbers of private soldiers might be estimated to exceed tens of thousands at least, since Chang's forces alone were recorded to be more than ten thousand. Because local powers and aristocratic elites were said to have thousands of armed forces respectively, the extent of private forces was assumed to be vast, although they were available only to the privileged class. In short, the domination of Chang's forces was attributable to the decline of central government and its losing control over local powers. In addition it was not possible without advanced technologies in shipbuilding and navigation.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.157-167
• /
• 2009

Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.

• Journal of the Korea Safety Management & Science
• /
• v.15 no.3
• /
• pp.37-50
• /
• 2013

It is not an exaggeration to say that modern chemicals take a leading place in our life, and people live with the chemicals, having a huge impact on their daily life. The chemical industry in South Korea, ranked seventh in the world, is one of the key industries that are forming greater part of Korean economy. The actual state of the chemical industries, however, is that over 14 tons of hazardous chemicals are being discharged annually and threaten people's lives with a lack of knowledge of its potential danger. In this way, not only beneficial to us, some of these substances, All chemicals, but also present a threat fundamentally our living environment to hazards to human health and the environment, accidents such chemicals, unlike accidents general understanding the scale of damage and propagation velocity has a complex very difficult risk profile, that can occur during deployment of an accident type is also very diverse. Is the actual situation of public concern against harmful chemicals management's is amplified by the chemical accident in the wake such accidents, government and corporate and reactive system and management system prior to the chemical accident the need for communication to exchange ideas with each other between residents, providing information is important. Therefore, the government departments and corporations, which manage variety of chemicals, ought to contribute toward a development of national security by rigid control over the Hazardous chemicals.

• Strategy21
• /
• s.40
• /
• pp.190-215
• /
• 2016

As North Korea's asymmetric threats are growing, there have been numerous discussions to find out effective counter-measures and many official plans and procurements efforts have been established. However, discussions on ROK Navy's roles in countering North Korea's asymmetric threats have been taken place very limitedly. Decision makers and military planners put enormous efforts in getting counter-measures, however, most of the options on the table are systems of Army and Air Force. This is true if one looks at components of Kill-Chain, KAMD, and KMPR. With worsening security environment of the Korean peninsula, it has been said by many commentators that ROK Navy needs to consider expanding its roles in countering against North Korea's asymmetric military threats. They asked ROK Navy to go beyond the mind-set that has confined Navy's roles in deterring North Korean naval threats. That is, ROK Navy should fight 'from the sea' as well as fight 'on the sea.' If ROK Navy begins to think about fight 'from the sea,' there would be many possibilities for the Navy to be a part of countering North Korea's asymmetric military threats. In order to pursue proactive roles in countering North Korea's asymmetric threat, ROK Navy needs to consider various options. Massive missile forces, nuclear-propelled submarines, naval special forces may be some of them. With those measures, ROK Navy would launch massive and decisive attacks from the sea without risking survivability of our forces. Considering North Korean Navy's weakness, it is very probable that sea would be safer place than ground or sky. Expanding ROK Navy's roles and being a proactive deterrent forces against North Korean asymmetric threats would provide very reliable counter-measures to South Korean military. Thus, military planners should think how to take the best advantage of expanded ROK Navy's roles and capabilities against North Korean asymmetric threats.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• Korea and Global Affairs
• /
• v.2 no.2
• /
• pp.157-184
• /
• 2018

The study has applied the four stage "Model of State Behavior in Crisis" to trace the post 9/11 crisis foreign policy decision making process in Pakistan. It argues that ominous attacks on the United States by al-Qaeda and subsequent declaration of President Bush to fight against terrorism transformed the global and regional politico-security dimensions at t1 stage. Being a neighboring country, Pakistan's support was inevitable in the war on terror and Washington applied coercive diplomacy to win the cooperation from Islamabad. Consequently, in case of decline to accept American demands, Pakistan perceived threat to basic values/objectives of the country and simultaneous time pressure amplified the psychological stress in decision makers at t2 stage. Therefore, the decisional forum was setup at t3 stage and Pakistan decided to join the United States at t4 stage, which defused the foreign policy crisis.

• The Plant Pathology Journal
• /
• v.27 no.3
• /
• pp.207-224
• /
• 2011

Diseases caused by plant pathogenic bacteria constitute an emerging threat to global food security. Xanthomonas is a large genus of Gram-negative bacteria that cause disease in several host plants leading to considerable losses in productivity and quality of harvests. Despite the ranges of controlling techniques available, the microbiological safety of economically important crops and crop plants including fruits and vegetables continues to be a major concern to the agriculture industry. On the other hand, many of the currently available antimicrobial agents for agriculture are highly toxic, non-biodegradable and cause extended environmental pollution. Besides, the use of antibiotics has provoked an increased resistance among the bacterial pathogens and their pathovars. Thus, novel efficient and safe remedies for controlling plant bacterial diseases are necessary. There has been an increasing interest worldwide on therapeutic values of natural products such as essential oils, hence the purpose of this review is to provide an overview of the published data on the antibacterial efficacy of essential oils that could be considered suitable for application in agriculture as biocontrol measures against plant pathogenic bacteria of Xanthomonas species. The current knowledge on the use of essential oils to control Xanthomonas bacteria in vitro and in vivo models has been discussed. A brief description on the legal aspects on the use of essential oils against bacterial pathogens has also been presented. Through this review, a mode of antibacterial action of essential oils along with their chemical nature and the area for future research have been thoroughly discussed.