• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.16 no.3
• /
• pp.161-166
• /
• 2023

In recent years, new and variant hacking of binary codes has increased, and the limitations of techniques for detecting malicious codes in source programs and defending against attacks are often exposed. Advanced software security vulnerability detection technology using machine learning and deep learning technology for binary code and defense and response capabilities against attacks are required. In this paper, we propose a malware clustering method that groups malware based on the characteristics of the taint information after entering dynamic taint information by tracing the execution path of binary code. Malware vulnerability detection was applied to a three-layered Few-shot learning model, and F1-scores were calculated for each layer's CPU and GPU. We obtained 97~98% performance in the learning process and 80~81% detection performance in the test process.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.855-863
• /
• 2024

The use of Deep Neural Network (DNN) is gradually increasing in various fields due to their high efficiency in data analysis and prediction. However, as the use of deep neural networks becomes more frequent, the security threats associated with them are also increasing. In particular, if a fault occurs in the forward propagation process and activation function that can directly affect the prediction of deep neural network, it can have a fatal damage on the prediction accuracy of the model. In this paper, we performed some fault injection attacks on the forward propagation process of each layer except the input layer in a deep neural network and the Softmax function used in the output layer, and analyzed the experimental results. As a result of fault injection on the MNIST dataset using a glitch clock, we confirmed that faut injection on into the iteration statements can conduct deterministic misclassification depending on the network parameters.

• The Journal of the Korea Contents Association
• /
• v.21 no.12
• /
• pp.896-905
• /
• 2021

In the field of SIEM(Security information and event management), many studies try to use a feedback system to solve lack of completeness of training data and false positives of new attack events that occur in the actual operation. However, the current feedback system requires too much human inputs to improve the running model and even so, those feedback from inexperienced analysts can affect the model performance negatively. Therefore, we propose "active model improving feedback technology" to solve the shortage of security analyst manpower, increasing false positive rates and degrading model performance. First, we cluster similar predicted events during the operation, calculate feedback priorities for those clusters and select and provide representative events from those highly prioritized clusters using XAI (eXplainable AI)-based event visualization. Once these events are feedbacked, we exclude less analogous events and then propagate the feedback throughout the clusters. Finally, these events are incrementally trained by an existing model. To verify the effectiveness of our proposal, we compared three distinct scenarios using PKDD2007 and CSIC2012. As a result, our proposal confirmed a 30% higher performance in all indicators compared to that of the model with no feedback and the current feedback system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.8B
• /
• pp.529-538
• /
• 2007

In this paper, we have analyzed a simulation model of Slammer worm propagation process which caused serious disruptions on the Internet in the year of 2003 by using NS-2. Previously we had presented and analyzed Abstract Network to Abstract Network(AN-AN) model being modified from the Detailed Network to Abstract Network(DN-AN) of NS-2. However, packet analysis in AN-AN model had a problem of taking 240 hours to simulate the initial 300 seconds of infection. We have reduced the AN-AN model to save the simulation time and analyzed total 3.5 hours of the network congestions within 107 hours. Moreover, we have derived optimal quarantine rate of 0.0022 considering service outage of network devices caused by the heavy infected traffics, which was not taken into consideration in previous works. As the result of simulation, Although the inbound traffic at the Korean international gateway was back in normal conditions at 4,787 second, due to the revese direction saturation was maintained until 12,600 seconds, the service outage was persisted for 3.5 hours.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.46 no.4
• /
• pp.297-305
• /
• 2018

The role of UCAV is to carry out various missions in hostile situations such as penetration and attack on the enemy territory. To this end, application of RF stealth technology is indispensable so as not to be caught by enemy radar. The X-47B UCAV with blended wing body configuration is a representative aircraft in which modern RCS reduction schemes are heavily applied. In this study, a model UCAV was first designed based on the X-47B platform and then an extensive RCS analysis was conducted to the model UCAV in the high-frequency regime using the Ray Launching Geometrical Optics (RL-GO) method. In particular, the effects of configuration of UCAV considering IR reduction on RCS were investigated. Finally, the effects of RAM optimized for the air intake of the model UCAV were analyzed.

• KIISE Transactions on Computing Practices
• /
• v.23 no.10
• /
• pp.579-587
• /
• 2017

Cyber Mission Impact Assessment is one of the essential tasks which many militaries and industrial major companies should perform to effectively achieve their mission. The unexpected damage to an organization's assets results in damage to the whole system's performance of the organizations. In order to minimize the damage, it is necessary to quantify the available capacity of the mission, which can be achieved only with the remaining assets, and to immediately prepare a new second best plan in a moment. We therefore need to estimate the exact cyber attack's impact to the mission when the unwanted damage occurs by modeling the relationship between the assets and the missions. In this paper, we propose a new model which deals with the dependencies between assets and missions for obtaining the exact impact of a cyber attack. The proposed model distinguishes task management from asset management for an efficient process, and it is implemented to be optimized using a vectorized operation for parallel processing and using a buffer to reduce the computation time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1197-1207
• /
• 2018

PowerShell is command line shell and scripting language, built on the .NET framework, and it has several advantages as an attack tool, including built-in support for Windows, easy code concealment and persistence, and various pen-test frameworks. Accordingly, malwares using PowerShell are increasing rapidly, however, there is a limit to cope with the conventional malware detection technique. In this paper, we propose an improved monitoring method to observe commands executed in the PowerShell and a deep learning based malware classification model that extract features from commands using Convolutional Neural Network(CNN) and send them to Recurrent Neural Network(RNN) according to the order of execution. As a result of testing the proposed model with 5-fold cross validation using 1,916 PowerShell-based malwares collected at malware sharing site and 38,148 benign scripts disclosed by an obfuscation detection study, it shows that the model effectively detects malwares with about 97% True Positive Rate(TPR) and 1% False Positive Rate(FPR).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.293-302
• /
• 2015

With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.