• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2610-2628
• /
• 2019

Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.81-87
• /
• 2018

Cloud computing is a computing environment in which users borrow as many IT resources as they need to, and use them over the network at any point in time. This is the concept of leasing and using as many IT resources as needed to lower IT resource usage costs and increase efficiency. Recently, cloud computing is emerging to provide stable service and volume of data along with major technological developments such as the Internet of Things, artificial intelligence and big data. However, for a more secure cloud environment, the importance of perimeter security such as shared resources and resulting secure data storage and access control is growing. This paper analyzes security threats in cloud computing environments and proposes a security architecture for effective response.

• Journal of Space Technology and Applications
• /
• v.2 no.2
• /
• pp.169-186
• /
• 2022

In this article, Russia's space threat assessment and space warfare in the Russia-Ukraine war (Russian invasion of Ukraine) were analyzed and summarized. Considering the probability that commercial satellites will also be potential targets of space warfare, it is suggested that not only military satellites but also commercial satellites develop and apply space technology that can be applied equally to space threats when developing space technology. Necessary space technologies is listed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.465-479
• /
• 2020

Regardless of the domestic and foreign governments/companies, SOC (Security Operation Center) has operated 24 hours a day for the entire year to ensure the security for their IT infrastructures. However, almost all SOCs have a critical limitation by nature, caused from heavily depending on the manual analysis of human agents with the text-based monitoring architecture. Even though, in order to overcome the drawback, technologies for a comprehensive visualization against complex cyber threats have been studying, most of them are inappropriate for the security monitoring in large-scale networks. In this paper, to solve the problem, we propose a novel visual approach for intuitive threats monitoring b detecting suspicious IP address, which is an ultimate challenge in cyber security monitoring. The approach particularly makes it possible to detect, trace and analysis of suspicious IPs statistically in real-time manner. As a result, the system implemented by the proposed method is suitably applied and utilized to the real-would environment. Moreover, the usability of the approach is verified by successful detecting and analyzing various attack IPs.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.279-287
• /
• 2022

With the advancement of cyber threats and the development of hacking technologies, cyber security is being emphasized in various fields such as automobiles and ships. According to this trend, various industrial fields are demanding cybersecurity, and related certifications. In this paper, cybersecurity type approval is compared with the RMF stage under the premise that there are common elements with RMF in that cybersecurity elements must be reflected in the entire system development cycle. For comparison, type approval of maritime cyber security of the Korean Register of Shipping was selected. In conclusion, although type approval of maritime cyber security acquisition procedure is not divided by development stage like the RMF, there are the commonalities in the procedure to apply the cybersecurity element to the System development lifecycle like the RMF. Accordingly, the possibility of determining that the cybersecurity element was applied to the entire development cycle was confirmed.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.39-50
• /
• 2003

Since the September 11, 2001, the United States has shift their national security policy for homeland from preventing or/and reducing foreign threats to ensuring domestic security. We learned from recent incident, 1.25 Internet Disaster, that it is urgent to establish cyber security policy for our nation. In this paper; therefore, I analyze the US homeland security policy, the Homeland Security Act of 2002 establishment, and cyber security-related part in this act.

• Electronics and Telecommunications Trends
• /
• v.35 no.7
• /
• pp.67-76
• /
• 2020

Because of the development and spread of artificial intelligence (AI) technology, new security threats and adverse AI functions have emerged as a real problem in the process of diversifying areas of use and introducing AI-based products and services to users. In response, it is necessary to develop new AI-based technologies in the field of information protection and security. This paper reviews topics such as domestic and international trends on false information detection technology, cyber security technology, and trust distribution platform technology, and it establishes the direction of the promotion of technology development. In addition, the development of international trends in ethical AI guidelines to ensure the human-centered ethical validity of AI development processes and final systems in parallel with technology development are analyzed and discussed. ETRI has developed AI policing technology, information protection, and security technologies as well as derived tasks and implementation strategies to prepare ethical AI development guidelines to ensure the reliability of AI based on its capabilities.