• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.277-279
• /
• 2014

In case of APT attacks, the update server is being used as a means of dissemination, the update program is running malicious code or data in applications such as anti-virus signature is vulnerable to manipulation, SW Update threat identification and prevention measures are urgently required. This paper presents a natiional and international SW update structure, update process exploits and response measures to examine, Through the extraction/analysis of a domestic famous SW update log, we are willing to select the necessary component of the normal program update to identify a white list.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.3
• /
• pp.101-109
• /
• 2019

In addition to enabling access, database accounts play a protective role by defending the database from external attacks. However, because only a single account is used in the database, the account becomes the subject of vulnerability attacks. This common practice is due to the lack of database support, large numbers of users, and row-based database permissions. Therefore if the logic of the application is wrong or vulnerable, there is a risk of exposing the entire database. In this paper, we propose a Least-Privilege Account Separation Model (LPASM) that serves as an information guardian to protect the database from attacks. We separate database accounts depending on the role of application services. This model can protect the database from malicious attacks and prevent damage caused by privilege escalation by an attacker. We classify the account control policies into four categories and propose detailed roles and operating plans for each account.

• International Journal of Internet, Broadcasting and Communication
• /
• v.11 no.2
• /
• pp.50-58
• /
• 2019

The clear and specific objective of this study is to design a false news discriminator algorithm for news articles transmitted on a text-based basis and an architecture that builds it into a system (H/W configuration with Hadoop-based in-memory technology, Deep Learning S/W design for bigdata and SNS linkage). Based on learning data on actual news, the government will submit advanced "fake news" test data as a result and complete theoretical research based on it. The need for research proposed by this study is social cost paid by rumors (including malicious comments) and rumors (written false news) due to the flood of fake news, false reports, rumors and stabbings, among other social challenges. In addition, fake news can distort normal communication channels, undermine human mutual trust, and reduce social capital at the same time. The final purpose of the study is to upgrade the study to a topic that is difficult to distinguish between false and exaggerated, fake and hypocrisy, sincere and false, fraud and error, truth and false.

• ETRI Journal
• /
• v.42 no.6
• /
• pp.965-975
• /
• 2020

This paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously independent devices are becoming accessible through new hardware and software attack vectors, and the existing taxonomies governing the development and deployment of honeypots are inadequate for evolving malicious programs and their variants. Malware-propagation and compromise methods are highly automated and repetitious. These automated and repetitive characteristics can be exploited by using embedded reinforcement learning within a honeypot. A honeypot for automated and repetitive malware (HARM) can be adaptive so that the best responses may be learnt during its interaction with attack sequences. HARM deployments can be agile through periodic policy evaluation to optimize redeployment. The necessary enhancements for adaptive, agile honeypots require a new development and deployment framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.187-199
• /
• 2011

Securing user authentication and transaction continuation is very critical in mobile banking. Malicious software, which is installed in user's smart phone, can either steal user's password or induce user to confirm manipulated transaction by handling transaction resource. In this paper, we propose schemes, that are aimed to secure user's password or to secure transaction confirmation, based on the security and usability analysis of existing schemes.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.277-283
• /
• 2022

Email phishing has become very prevalent especially now that most of our dealings have become technical. The victim receives a message that looks as if it was sent from a known party and the attack is carried out through a fake cookie that includes a phishing program or through links connected to fake websites, in both cases the goal is to install malicious software on the user's device or direct him to a fake website. Today it is difficult to deploy robust cybersecurity solutions without relying heavily on machine learning algorithms. This research seeks to detect phishing emails using high-accuracy machine learning techniques. using the WEKA tool with data preprocessing we create a proposed methodology to detect emails phishing. outperformed random forest algorithm on Naïve Bayes algorithms by accuracy of 99.03 %.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.611-613
• /
• 2023

모바일 멀웨어는 민감한 데이터의 도용, 기기 성능 저하, 금전적 피해 유발 등 다양한 위협을 내포하고 있으며 특히 피싱, 앱 기반 공격 및 네트워크 기반 공격과 같은 기술을 통해 모바일 장치를 악용할 수 있다. 이를 해결하기 위해 바이러스 백신 소프트웨어 및 강력한 암호 사용과 같은 보안 기술을 구현하면 모바일 멀웨어의 영향을 방지하고 완화하는 데 도움이 될 수 있다. 추가적으로 개인과 조직이 모바일 멀웨어와 관련된 위험을 인식하고 불리한 결과를 피하기 위해 이를 차단하기 위한 사전 조치를 취하는 것이 중요하다. 본 논문에서는 이러한 조치에 대한 보안 예방책을 제안하고자 하며 이를 통해 보다 안전한 모바일 환경을 갖출 수 있을 것이라 판단한다.

• Journal of Information Processing Systems
• /
• v.6 no.3
• /
• pp.269-294
• /
• 2010

The interconnection of mobile devices in urban environments can open up a lot of vistas for collaboration and content-based services. This will require setting up of a network in an urban environment which not only provides the necessary services to the user but also ensures that the network is secure and energy efficient. In this paper, we propose a secure, energy efficient dynamic routing protocol for heterogeneous wireless sensor networks in urban environments. A decision is made by every node based on various parameters like longevity, distance, battery power which measure the node and link quality to decide the next hop in the route. This ensures that the total load is distributed evenly while conserving the energy of battery-constrained nodes. The protocol also maintains a trusted population for each node through Dynamic Trust Factor (DTF) which ensures secure communication in the environment by gradually isolating the malicious nodes. The results obtained show that the proposed protocol when compared with another energy efficient protocol (MMBCR) and a widely accepted protocol (DSR) gives far better results in terms of energy efficiency. Similarly, it also outdoes a secure protocol (QDV) when it comes to detecting malicious nodes in the network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.55-62
• /
• 2018

The MTD-based approach changes various operating parameters dynamically so that the vulnerability of the system can be protected from the malicious attack. In this paper, random/serial scanning/jamming attack success probabilities have been mathematically analyzed and verified through simulation to improve the security of the wireless communication systems in which the MTD-SDR technologies are applied. As a result, for random scanning attacks, attack success probability increases as the change period of transmission channel increases, while for random jamming attacks there is no change. The attack success probability patterns for serial attacks are similar to those of random attacks, but when the change period of transmission channel approaches to the total number of transmission channels, the success probability of serial attack is getting greater than that of random attack, up to twice in jamming attacks and up to 36% in scanning attacks.

• The KIPS Transactions:PartC
• /
• v.12C no.6 s.102
• /
• pp.865-874
• /
• 2005

The information stored in the computer system needs to be protected from unauthorized access, malicious destruction or alteration and accidental inconsistency. In this paper, we propose an intrusion detection system based on sensor concept for defecting and preventing malicious attacks We use software sensor objects which consist of sensor file for each important directory and sensor data for each secret file. Every sensor object is a sort of trap against the attack and it's touch tan be considered as an intrusion. The proposed system is a new challenge of setting up traps against most interception threats that try to copy or read illicitly programs or data. We have implemented the proposed system on the Linux operating system using loadable kernel module technique. The proposed system combines host~based detection approach and network-based one to achieve reasonably complete coverage, which makes it possible to detect unknown interception threats.