• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.5B
• /
• pp.489-499
• /
• 2003

This paper is a study about Honey-pot Model using CPN(Colored Petri Nets) that is a method of intrusion detection. Suggested Honey-pot model consists of two parts : \circled1 security kernel module for active induction of hacker's intrusion, intrusion detection and behavior pattern analysis. \circled2 virtual module for activity of induced hackers. However, suggested model was compared and analysed with conventional Denning model and Shieh nodel. The Honey-pot model using CPN can classify the characteristic of intrusion pattern, modeling intrusion pattern and pattern matching procedure, detect DDoS attack through multi hosts, and provide basis of study model for analysing intrusion pattern, finally.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.161-168
• /
• 2007

Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Journal of Internet Computing and Services
• /
• v.23 no.4
• /
• pp.87-94
• /
• 2022

Recently, with the development of information and communication infrastructure, the number of Internet access devices is rapidly increasing. Smartphones, laptops, computers, and even IoT devices are receiving information and communication services through Internet access. Since most of the device operating environment consists of web (WEB), it is vulnerable to web cyber attacks using web shells. When the web shell is uploaded to the web server, it is confirmed that the attack frequency is high because the control of the web server can be easily performed. As the damage caused by the web shell occurs a lot, each company is responding to attacks with various security devices such as intrusion prevention systems, firewalls, and web firewalls. In this case, it is difficult to detect, and in order to prevent and cope with web shell attacks due to these characteristics, it is difficult to respond only with the existing system and security software. Therefore, it is an automated defense system through the collection and analysis of web shells based on artificial intelligence machine learning that can cope with new cyber attacks such as detecting unknown web shells in advance by using artificial intelligence machine learning and deep learning techniques in existing security software. We would like to propose about. The machine learning-based web shell defense system model proposed in this paper quickly collects, analyzes, and detects malicious web shells, one of the cyberattacks on the web environment. I think it will be very helpful in designing and building a security system.

• Journal of Internet Computing and Services
• /
• v.24 no.6
• /
• pp.137-144
• /
• 2023

Cyberattack technology is evolving to an unpredictable degree, and it is a situation that can happen 'at any time' rather than 'someday'. Infrastructure that is becoming hyper-connected and global due to cloud computing and the Internet of Things is an environment where cyberattacks can be more damaging than ever, and cyberattacks are still ongoing. Even if damage occurs due to external influences such as cyberattacks or natural disasters, intelligent self-recovery must evolve from a cyber resilience perspective to minimize downtime of cyber assets (OS, WEB, WAS, DB). In this paper, we propose an intelligent self-recovery technology to ensure sustainable cyber resilience when cyber assets fail to function properly due to a cyberattack. The original and updated history of cyber assets is managed in real-time using timeslot design and snapshot backup technology. It is necessary to secure technology that can automatically detect damage situations in conjunction with a commercialized file integrity monitoring program and minimize downtime of cyber assets by analyzing the correlation of backup data to damaged files on an intelligent basis to self-recover to an optimal state. In the future, we plan to research a pilot system that applies the unique functions of self-recovery technology and an operating model that can learn and analyze self-recovery strategies appropriate for cyber assets in damaged states.

• Review of KIISC
• /
• v.24 no.5
• /
• pp.82-87
• /
• 2014

스마트그리드는 기존의 전력시스템에 ICT 기술을 융합하여 에너지 공급자와 소비자, 서비스 제공자가 실시간으로 상호작용할 수 있는 형태의 차세대 전력망을 의미하는 것으로, 최근 대두되고 있는 에너지 위기를 타개하기 위한 중요한 솔루션 중 하나로 인식되고 있다. 그 중에서도 특히 AMI 시스템은 다양한 부가서비스 제공을 가능케 하는 스마트그리드의 핵심요소로 주목받고 있다. AMI 시스템은 그 적용범위가 광범위하고 대부분의 시스템 구성 기기가 물리적 접근이 비교적 용이한 위치에 설치되어 물리적 공격 및 사이버 공격에 대해 비교적 취약한 특성을 띤다. 이러한 보안 위협에 대응하기 위해 DLMS/COSEM 및 국내 지능형전력량계-제2부 표준에서는 지능형전력량계가 갖추어야 하는 다양한 보안기능에 대해 정의하고 있다. 하지만 각 보안기능에 대한 세부 내용을 상기 표준에서 모두 정의하고 있는 것은 아니어서 이에 대한 검토 및 논의가 필요하다. 본 고에서는 DLMS/COSEM 표준과 지능형전력량계-제2부 표준에서 정의하고 있는 보안 기능에 대해 살펴보고, 상기 표준에서 정의하고 있지 않은 보안 기능 중 지능형전력량계 유지보수를 위한 안전한 현장접근 방안에 대해 제안한다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.8
• /
• pp.878-882
• /
• 2010

DaaS model that surrogates their data has a problem of privacy leakage by service provider. In this paper, we analyze inference attack that can occur on encrypted data that consist of multiple column through index, and we suggest b-anonymity to protect data against inference attack. We use R+-tree technique to minimize false-positive that can happen when we use an index for efficiency of data processing.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.373-376
• /
• 2006

전자봉인 장치는 능동형 RFID 장치로서, 화물 컨테이너의 문에 설치되어 컨테이너가 정당한 사용자가 아닌 다른 사용자가 개봉하였다는 사실을 인지하도록 하는 역할을 하는 장치이다. 전자 봉인장치는 RFID를 이용하므로 허용된 사용자 외에는 그 정보를 식별 할 수 없도록 할 필요가 있으며, 오랜 시간 고정된 장소에 존재하기 때문에 물리적으로 공격당하여 컨테이너의 내용물을 훔치거나 다른 물건으로 바꾸어 넣은 후 기존의 봉인의 내용을 복사한 새로운 봉인을 설치함으로서 봉인이 깨졌었다는 사실을 인지하지 못하도록 만드는 일을 막을 수 있어야만 한다. 본 논문에서는 리더와 태그가 통신하는 그 내용을 제 삼자가 인식하지 못하도록 함과 동시에, 봉인의 내용을 복사하더라도 원래 봉인을 대체할 수 없도록 하는 방법에 대해 제안 하고자 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.6
• /
• pp.833-842
• /
• 2002

Computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of use of computers. A attack of intruders using a vulnerability of operating system, protocol and application programs. And so, The attack methods is to be high technology and professional. Thus It must be necessity that we necessary a solution to structure, management for framework of information technology. This paper develope intrusion detecting system for separating intruders form critical system and design IDS model and implementation of it.

• Journal of the Korea Computer Graphics Society
• /
• v.11 no.1
• /
• pp.21-30
• /
• 2005

그래픽, 오디오, 텍스트 정보 등의 저작권 보호를 위해 사용되어오던 디지털 워터마킹은 이제 기하 정보의 저작권을 보호하는데에도 중요하게 쓰이게 되었다. 스펙트랄 영역에서의 다각형 모델에 대한 워터마킹은 여러가지 공격에 대하여 강건함을 갖는다. 우리는 기존의 스펙트랄 영역에서의 워터마킹 기법을 일반화하고 이에 기반한 새로운 방법을 제시한다. 워터마크를 삽입 할 때에 라플라시안 행렬의 고유값과 고유벡터를 찾지 않는다. 대신 스케일링 함수로 부터 얻어진 선형 작용소를 사용한다. 테스트 결과는 서로 상충되는 워터마크를 삽입하고 추출하는데 드는 비용과 공격에 대한 강건성을 어떻게 조정하였는지 보여준다.