• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.376-379
• /
• 2017

전 세계적으로 악성코드는 하루 100만개 이상이 새롭게 발견되고 있으며, 악성코드 발생량은 해마다 증가하고 있는 추세이다. 공격자는 보안장비에서 악성코드가 탐지되는 것을 우회하기 위해 기존 악성코드를 변형한 변종 악성코드를 주로 이용한다. 변종 악성코드는 자동화된 제작도구나 기존 악성코드의 코드를 재사용하므로 비교적 손쉽게 생성될 수 있어 최근 악성코드 급증의 주요 원인으로 지목되고 있다. 본 논문에서는 대량으로 발생하는 악성코드의 효과적인 대응을 위한 행위기반 악성코드 프로파일링 시스템 프로토타입을 제안한다. 동일한 변종 악성코드들은 실제 행위가 유사한 특징을 고려하여 악성코드가 실행되는 과정에서 호출되는 API 시퀀스 정보를 이용하여 악성코드 간 유사도 분석을 수행하였다. 유사도 결과를 기반으로 대량의 악성코드를 자동으로 그룹분류 해주는 시스템 프로토타입을 구현하였다. 악성코드 그룹별로 멤버들 간의 유사도를 전수 비교하므로 그룹의 분류 정확도를 객관적으로 제시할 수 있다. 실제 유포된 악성코드를 대상으로 악성코드 그룹분류 기능과 정확도를 측정한 실험에서는 평균 92.76%의 분류 성능을 보였으며, 외부 전문가 의뢰에서도 84.13%로 비교적 높은 분류 정확도를 보였다.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.153-163
• /
• 2024

Despite the increasing hacking threats and security threats as IT technology advances and many companies adopt security solutions, cyberattacks and threats still persist for years. APT attack is a technique of selecting a specific target and continuing to attack. The threat of an APT attack uses all possible means through the electronic network to perform APT for years. Zero-day attacks, malicious code distribution, and social engineering techniques are performed, and some of them directly invade companies. These techniques have been in effect since 2000, and are similarly used in voice phishing, especially for social engineering techniques. Therefore, it is necessary to study countermeasures against APT attacks. This study analyzes the attack cases of Korean-based APT groups in Korea and suggests the correct method of using intelligence to analyze APT attack groups.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.143-146
• /
• 2008

In this paper, It presents the method the player will be able to confront when the NPC approach to the player, the NPC which have the property which is similar form grouping. The property of the NPC follows in quality of Game and it decides with separate way. To attribute of the NPC it is composed of conduct pattern, an attack pattern and the weapon pattern back. It considers a priority on the group wild middle which is formed and it judges the attack yes or no of the player. The method that proposed will play an important role in development of a 3D FPS games.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.193-204
• /
• 2017

The security of Internet systems critically depends on the capability to keep anti-virus (AV) software up-to-date and maintain high detection accuracy against new malware. However, malware variants evolve so quickly they cannot be detected by conventional signature-based detection. In this paper, we proposed a malware classification method based on sequence patterns generated from the network flow of malware samples. We evaluated our method with 766 malware samples and obtained a classification accuracy of approximately 40.4%. In this study, malicious codes were classified only by network behavior of malicious codes, excluding codes and other characteristics. Therefore, this study is expected to be further developed in the future. Also, we can predict the attack groups and additional attacks can be prevented.

• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.764-767
• /
• 2009

이 논문에서는 데이터마이닝의 클러스터링을 이용한 경보 데이터 축약기법을 제안한다. 제안된 클러스터링 기반 경보데이터 축약기법은 데이터간의 유사성을 이용한 경보 데이터의 그룹화를 통해 생성된 모델을 이용하여 새로운 경보 데이터에 대한 분류를 자동화할 수 있다. 이것은 과거에 탐지된 공격의 형태뿐만 아니라 새로운 혹은 변형된 경보의 분류나 분석에도 이용할 수 있다. 또한 생성된 클러스터의 생성 원인의 분석을 이용한 클러스터 간의 시퀀스의 추출을 통해 사용자가 공격의 순차적인 구조나 그 이면에 감추어진 전략을 이해하는데 도움을 주며, 현재의 경보 이후에 발생 가능한 경보들을 예측할 수 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Annual Conference of KIPS
• /
• 2005.11a
• /
• pp.949-952
• /
• 2005

RS 시스템의 가장 큰 특징은 일대 다수의 그룹 및 지령 통신방식이다. TRS 시스템의 구성은 여러개의 그룹으로 구성되며, 각 그룹은 업무내용에 관련된 유사한 목적을 가진 사용자들의 단말기로 구성된다. 다양한 형태의 공격에 노출될 수 있으며, 대규모 통신을 위한 키 분배 혹은 설정에 많은 문제점을 가질 수 있다. 본 고에서는 TRS 상에서 안전한 통신을 수행하는데 있어 필수 요소인 회의용 키 분배 방식을 고찰한다. 본 방식은 통신 회수를 줄이면서도 사용자 인증을 수행할 수 있는 효율적인 Tree 기반의 회의용 키 분배 방식을 제안한다.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.51-59
• /
• 2013

Cyberspace, based on the dramatic development of information and communications technology, has brought enormous benefits to mankind. However, concerns over cyber terrorism and cyber attack are becoming serious. It is time to expand the global dialogue on international security issues in cyberspace. It is imperative to have a common understanding that cyberspace, the infrastructure for prosperity, should not be utilized as a space to create conflicts among states, and that all states agree to build confidence and peace in cyberspace. For this purpose, there are 3 tracks of international cooperations: 1)international cooperation such as UN and Conference on Cyberspace, 2)regional cooperations such as ARF and OSCE. 3)bilateral cooperations such US-Russia Cybersecurity Agreement, US-China presidential level dialogue. This paper will analyze the 1st track of international cooperations of UN and Conference on Cyberspace. With this, Korean government can prepare the forthcoming GGE activities and make our own strategy to deal with the global norms of good behaviour in cyberspace.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.913-922
• /
• 2006

It used exclusively the radio communication where is the TRS(Trunked Radio Service) at frequency where the person whom it does is specific with hitherto radio communication method differently frequency of the decimal which is allocated to the relay station it talks the at the room which the multiple user uses with commonness. The TRS system the most big feature is the region multiple group and order communication method. The TRS the composition of system is composed of the multi mind group, the each group is composed of the terminal of the users who have the objective which is similar relates in business contents. With above it follows in same multi objective and the connection of the form which is various or group communication accomplishes and quality case, a possibility a or of having many problem point in key distribution for a large scale communication there is it could be exposed to attack of the form which is various. There is a place where it accomplishes the communication which is safe at the TRS from research which it sees it investigates group key distribution method which is an essential element. The method which it sees when it reduces a communication frequency, it stands but is the user, it proposes the efficient group key distribution method it will be able to accomplish.