• Journal of information and communication convergence engineering
• /
• v.18 no.2
• /
• pp.94-99
• /
• 2020

Real cyberterrors are invisible and difficult to identify. Even after a cyberattack, its origin and cause are difficult to determine. Cyberterrorism results in invisible cyberwars, and it is believed that World War IV will begin with a cyberwarfare. For national cybersecurity, information on cybersecurity must be collected, shared, and disseminated. In this study, we investigate a blockchain system designed based on the World Cybersecurity Agreement. National cybersecurity information is linked to the hyperledger blockchain system network through the National Cybersecurity Center. National cybersecurity information designs and uses a secure protocol for protection; further, it is collected, shared, and disseminated to treaty countries. National cybersecurity information is shared and spread by the hyperledger blockchain system, and it uses a cyberdefense system that responds to the cyberattacks and their origin. This paper serves as a policy and legislation guideline for forming a World Cybersecurity Agreement between countries.

• ETRI Journal
• /
• v.43 no.3
• /
• pp.549-560
• /
• 2021

Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.282-290
• /
• 2022

A huge budget is spent on technological solutions to protect Information Systems from cyberattacks by organizations. However, it is not enough to invest alone in technology-based protection and to keep humans out of the cyber loop. Humans are considered the weakest link in cybersecurity chain and most of the time unaware that their actions and behaviors have consequences in cyber space. Therefore, humans' aspects cannot be neglected in cyber security field. In this work we carry out a systematic literature review to identify human factors in cybersecurity. A total of 27 papers were selected to be included in the review, which focuses on the human factors in cyber security. The results show that in total of 14 identified human factors, risk perception, lack of awareness, IT skills and gender are considered critical for organization as for as cyber security is concern. Our results presented a further step in understanding human factors that may cause issues for organizations in cyber space and focusing on the need of a customized and inclusive training and awareness programs.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.29-36
• /
• 2022

Smart grid (SG) software platforms and communication networks that run and manage the entire grid are increasingly concerned about cyber security. Characteristics of the smart grid networks, including heterogeneity, time restrictions, bandwidth, scalability, and other factors make it difficult to secure. The age-old strategy of "building bigger walls" is no longer sufficient given the rise in the quantity and size of cyberattacks as well as the sophisticated methods threat actor uses to hide their actions. Cyber security experts utilize technologies and procedures to defend IT systems and data from intruders. The primary objective of every organization's cybersecurity team is to safeguard data and information technology (IT) infrastructure. Consequently, further research is required to create guidelines and methods that are compatible with smart grid security. In this study, we have discussed objectives of of smart grid security, challenges of smart grid security, defensive cybersecurity techniques, offensive cybersecurity techniques and open research challenges of cybersecurity.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.155-161
• /
• 2023

In the process of remarkable progress in the medical and technical field and activating the role of technology in health care services and applications, and since the safety of medical data and its protection from security violations plays a major role in assessing the security of health facilities and the safety of medical servers Thus, it is necessary to know the cyber vulnerabilities in health information systems and other related services to prevent and address them in addition to obtaining the best solutions and practices to reach a high level of cybersecurity against attackers, especially due to the digital transformation of health care systems and the rest of the dealings. This research is about what cyberattacks are and the purpose of them, in addition to the methods of penetration. Then challenges, solutions and some of the security issues will be discussed in general, and a special highlight will be given to obtaining a safe infrastructure to enjoy safe systems in return.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.101-106
• /
• 2023

Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.3-9
• /
• 2024

Currently, cyberattacks and security threats are constantly evolving, and organizations need quick and efficient security response methods. This paper proposes ways to strengthen internal network security by utilizing Unified Threat Management (UTM) equipment to improve network security and effectively manage and analyze the log data of the internal network collected through these equipment using Elastic Stack (Elasticsearch, Logstash, Kibana, hereinafter referred to as ELK Stack).

• Korean Security Journal
• /
• no.49
• /
• pp.187-214
• /
• 2016

In the mordern society, the reliance on the cyber domain and the cyber connectivity has been increasingly strengthened. Due to this phenomenon, the cyberterror against critical infrastructures and state organs might lead to fatal consequences. Lately, North Korea's cyberattacks against South Korea's national organizations and financial computer networks are becoming more and more intelligent and sophisticated. The cyberattacks against such critical infrastructures have caused enormous economic loss and social disorder. This paper is designed to examine comparatively the cyberterror related laws and organizations of the advanced countries such as U.S. and U.K. and to draw implications. Although those countries are under different institutional and cultural backgrounds with varying security envrionments, they are identically pursuing measures by establishing government-wide counterterror system for coordination and cooperation. They are also commonly focusing upon creating new organizations equipped with new system and upon enhancing intelligence performance and devising punishment regulations. Korea is lack of framework laws regulating cyber security, having only scattered individual laws. Since such legal base is far from efficient counterterror activities, it is necessary that the legal and policy response of the advanced countries should be closely studied for selective introduction. That will eventually lead to legislation of cyber security law. With such legislation on hand, it is subsequently required to strengthen crisis management for prevention of cyberterror and to create joint response team, cooperating with private organizations.

• The Journal of the Korea Contents Association
• /
• v.21 no.10
• /
• pp.59-66
• /
• 2021

In this paper, an improved integrated security control procedure is newly proposed by applying artificial intelligence technology to integrated security control and unifying the existing security control and AI security control response procedures. Current cyber security control is highly dependent on the level of human ability. In other words, it is practically unreasonable to analyze various logs generated by people from different types of equipment and analyze and process all of the security events that are rapidly increasing. And, the signature-based security equipment that detects by matching a string and a pattern has insufficient functions to accurately detect advanced and advanced cyberattacks such as APT (Advanced Persistent Threat). As one way to solve these pending problems, the artificial intelligence technology of supervised and unsupervised learning is applied to the detection and analysis of cyber attacks, and through this, the analysis of logs and events that occur innumerable times is automated and intelligent through this. The level of response has been raised in the overall aspect by making it possible to predict and block the continuous occurrence of cyberattacks. And after applying AI security control technology, an improved integrated security control service model was newly proposed by integrating and solving the problem of overlapping detection of AI and SIEM into a unified breach response process(procedure).

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.