• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.25-32
• /
• 2018

Cyber hackings are increasing and becoming more intelligent. The government and private companies conduct various information protection activities by investing lots of money and employing security personnel to protect import ant assets and personal information. It is important to evaluate the efficiency of the information protection activities that cost lots of money and manpower. However, the studies on the efficiency of the information protection activities were mainly conducted for government agencies the information of which is more readily available. This study suggests a model that can evaluate the efficiency of the activities of information protection and information security certification of various private companies. Our model evaluates the efficiency of the information protection activities by applying AHP and DEA on the information that are publicly announced by the private companies. Our model identifies the DMUs that are efficiently operated and suggests the improvement policies for the DMU that are non-efficiently operated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.795-805
• /
• 2019

Recently, there is a growing interest in network anomaly detection technology to tackle unknown attacks. For this purpose, diverse studies using data mining, machine learning, and deep learning have been applied to detect network anomalies. In this paper, we evaluate the decision tree to see its feasibility for network anomaly detection on NSL-KDD data set, which is one of the most popular data mining techniques for classification. In order to handle the over-fitting problem of decision tree, we select 13 features from the original 41 features of the data set using chi-square test, and then model the decision tree using TensorFlow and Scik-Learn, yielding 84% and 70% of binary classification accuracies on the KDDTest+ and KDDTest-21 of NSL-KDD test data set. This result shows 3% and 6% improvements compared to the previous 81% and 64% of binary classification accuracies by decision tree technologies, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.785-794
• /
• 2019

Recently Deep Learning technology, one of the fourth industrial revolution technologies, is used to identify the hidden meaning of network data that is difficult to detect in the security arena and to predict attacks. Property and quality analysis of data sources are required before selecting the deep learning algorithm to be used for intrusion detection. This is because it affects the detection method depending on the contamination of the data used for learning. Therefore, the characteristics of the data should be identified and the characteristics selected. In this paper, the characteristics of malware were analyzed using network data set and the effect of each feature on performance was analyzed when the deep learning model was applied. The traffic classification experiment was conducted on the comparison of characteristics according to network characteristics and 96.52% accuracy was classified based on the selected characteristics.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.2
• /
• pp.223-228
• /
• 2019

Recently, the United States has been trying to strengthen its cybersecurity by upgrading its position as an Unified Combatant Command that focuses on the Cyber Command in the United States, strengthening operations in cyberspace, and actively responding to cyber threats. Other major powers are also working to strengthen cyber capabilities, and they are working to strengthen their organization and power. The world demands economic power for its own interests rather than its own borders. But Cyber World is a world without borders and no defense. Therefore, a cyber weapon system is necessary for superiority in cyberspace (defense, attack) for national cybersecurity. In this paper, we analyze operational procedures for cyber weapons operation. And we design cyber weapons to analyze and develop the best cyber weapons to lead victory in cyberwarfare. It also conducts cyber weapons research to solve the confrontation between Cyber World.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.501-511
• /
• 2022

In 2021, ransomware attacks became popular, and the number is rapidly increasing every year. Since PowerShell is used as the primary ransomware technique, the need for PowerShell-based malware detection is ever increasing. However, the existing detection techniques have limits in that they cannot detect obfuscated scripts or require a long processing time for deobfuscation. This paper proposes a simple and fast deobfuscation method and a deep learning-based classification model that can detect PowerShell-based malware. Our technique is composed of Word2Vec and a convolutional neural network to learn the meaning of a script extracting important features. We tested the proposed model using 1400 malicious codes and 8600 normal scripts provided by the AI-based PowerShell malicious script detection track of the 2021 Cybersecurity AI/Big Data Utilization Contest. Our method achieved 5.04 times faster deobfuscation than the existing methods with a perfect success rate and high detection performance with FPR of 0.01 and TPR of 0.965.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.201-211
• /
• 2022

According to the recent change in the cybersecurity paradigm, research on anomaly detection methods using machine learning and deep learning techniques, which are AI implementation technologies, is increasing. In this study, a comparative study on data preprocessing techniques that can improve the anomaly detection performance of a GRU (Gated Recurrent Unit) neural network-based intrusion detection model using NGIDS-DS (Next Generation IDS Dataset), an open dataset, was conducted. In addition, in order to solve the class imbalance problem according to the ratio of normal data and attack data, the detection performance according to the oversampling ratio was compared and analyzed using the oversampling technique applied with DCGAN (Deep Convolutional Generative Adversarial Networks). As a result of the experiment, the method preprocessed using the Doc2Vec algorithm for system call feature and process execution path feature showed good performance, and in the case of oversampling performance, when DCGAN was used, improved detection performance was shown.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.12
• /
• pp.169-180
• /
• 2009

Generally home networks are based on wired network and wireless network. This makes customers be capable of using electric home appliances and full-duplex multimedia services and controlling the machines without any restrictions of place or time. Now that the scope of home security is being extended, the home networks can be formed with not only personal computer but also home automation, electric home appliances, and etc. But this causes many of attacks of invasion and damages. Therefore in this paper we suggest the SSIP(Secure Session Initiate protocol) model for solving those problems. The SSIP model is able to provide an efficient authentication and reduce the time of session re-establishment and set-up by adding ability of SIP authentication to Cluster-to-Cluster environment performed on home gateway.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.12
• /
• pp.1872-1879
• /
• 2022

Recently, with the development of artificial intelligence technology, research to use artificial intelligence to detect hacking attacks is being actively conducted. However, the fact that security data is a representative imbalanced data is recognized as a major obstacle in composing the learning data, which is the key to the development of artificial intelligence models. Therefore, in this paper, we propose a W-VAE oversampling technique that applies VAE, a deep learning generation model, to data extraction for oversampling, and sets the number of oversampling for each class through weight calculation using K-NN for sampling. In this paper, a total of five oversampling techniques such as ROS, SMOTE, and ADASYN were applied through NSL-KDD, an open network security dataset. The oversampling method proposed in this paper proved to be the most effective sampling method compared to the existing oversampling method through the F1-Score evaluation index.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.33-39
• /
• 2022

Recently, cyberattacks on infrastructure have been continuously occurring with the starting of neutralizing the user authentication function of information systems. Accordingly, the vulnerabilities of system are increasing day by day, such as the increase in the vulnerabilities of the encryption system. In this paper, an alternative technique for the symmetric key algorithm has been developed in order to build the encryption algorithm that is not easy for beginners to understand and apply. Vigenere Cipher is a method of encrypting alphabetic text and it uses a simple form of polyalphabetic substitution. The encryption application system proposed in this study uses the simple form of polyalphabetic substitution method to present an application model that integrates the three steps of encryption table creation, encryption and decryption as a framework. The encryption of the original text is done using the Vigenère square or Vigenère table. When applying to the automatic generation of secret keys on the information system this model is expected that integrated authentication work, and analysis will be possible on target system. ubstitution alphabets[3].

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2022

Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.