• Journal of Intelligence and Information Systems
• /
• v.16 no.1
• /
• pp.45-56
• /
• 2010

Sensor Networks are composed of many sensor nodes, which are capable of sensing, computing, and communicating with each other, and one or more sink node(s). Sensor networks collect information of various objects' identification and surrounding environment. Due to the limited resources of sensor nodes, use of wireless channel, and the lack of infrastructure, sensor networks are vulnerable to security threats. Most research of sensor networks have focused on how to detect and counter one type of attack. However, in real sensor networks, it is impractical to predict the attack to occur. Additionally, it is possible for multiple attacks to occur in sensor networks. In this paper, we propose the Secure Routing Mechanism to Defend Multiple Attacks in Sensor Networks. The proposed mechanism improves and combines existing security mechanisms, and achieves higher detection rates for single and multiple attacks.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Korean Security Journal
• /
• no.26
• /
• pp.29-58
• /
• 2011

Since 11 September 2001, warnings of risk in the nexus of terrorism and nuclear weapons and materials which poses one of the gravest threats to the international community have continued. The purpose of this study is to analyze the aim, principles, characteristics, activities, impediments to progress and developmental recommendation of the Global Initiative to Combat Nuclear Terrorism(GICNT). In addition, it suggests implications of the GICNT for the ROK policy. International community will need a comprehensive strategy with four key elements to accomplish the GICNT: (1) securing and reducing nuclear stockpiles around the world, (2) countering terrorist nuclear plots, (3) preventing and deterring state transfers of nuclear weapons or materials to terrorists, (4) interdicting nuclear smuggling. Moreover, other steps should be taken to build the needed sense of urgency, including: (1) analysis and assessment through joint threat briefing for real nuclear threat possibility, (2) nuclear terrorism exercises, (3) fast-paced nuclear security reviews, (4) realistic testing of nuclear security performance to defeat insider or outsider threats, (5) preparing shared database of threats and incidents. As for the ROK, main concerns are transfer of North Korea's nuclear weapons, materials and technology to international terror groups and attacks on nuclear facilities and uses of nuclear devices. As the 5th nuclear country, the ROK has strengthened systems of physical protection and nuclear counterterrorism based on the international conventions. In order to comprehensive and effective prevention of nuclear terrorism, the ROK has to strengthen nuclear detection instruments and mobile radiation monitoring system in airports, ports, road networks, and national critical infrastructures. Furthermore, it has to draw up effective crisis management manual and prepare nuclear counterterrorism exercises and operational postures. The fundamental key to the prevention, detection and response to nuclear terrorism which leads to catastrophic impacts is to establish not only domestic law, institution and systems, but also strengthen international cooperation.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.25-28
• /
• 2007

최근 인터넷에서는 붓넷을 기반으로 한 스팸 발송, 분산 서비스 거부 공격 등이 급증하고 있으며 이는 인터넷 기반 서비스에 큰 위협이 되고 있다. 간접 통신 메커니즘을 사용하는 봇넷 공격에 대한 근본적인 대응을 지원하는 역추적 기술의 개발이 필요하다. 본 논문에서는 메모리 감시 기반의 봇넷 역추적 기술을 제안한다. 이 기술은 메모리 감시 기술을 이용하여 봇 서버의 행위를 감시하며, 네트워크 감시를 통하여 봇 서버로 감염된 허니팟이 오용될 위험성을 낮춘다. 또한 봇 서버 정보에 대한 자동분석기능을 제공하여 공격탐지와 동시에 봇넷의 C&C 서버를 빠르게 추적한다.

• Annual Conference of KIPS
• /
• 2003.05a
• /
• pp.51-54
• /
• 2003

인터넷 사용이 보편화되면서 웹을 통한 광고, 사이버 쇼핑, 인터넷 뱅킹 등 다양한 서비스가 네트워크를 이용하여 제공되면서 웹 보안에 대한 필요성이 증가하고 있다. 또한, 시스템을 다양한 유형의 해킹 위협과 외부의 불법적인 침입으로부터 정보자산의 보호를 위한 감시시스템을 요구하게 된다. 본 논문의 웹 침입 탐지 도구는 웹에 대한 개별적인 모니터링을 통해 소요되는 자원 및 인력의 손실을 방지할 수 있도록 하여 보안 수준을 향상시켜는 것이다. 웹 감시 시스템은 웹 환경에서의 보안 취약성과 정보 노출에 대한 문제점의 원인을 분석하고 보안의 빠른 지원을 결정하기 위해서 모니터링을 이용하여 정보 보안 취약성과 정보 노출을 보호하는데 그 목적이 있다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.703-704
• /
• 2023

학교폭력은 교육 환경에서 심각한 문제이다. 피해자에게 심리적 고통과 육체적 상해를 입히고 학교 내 안전과 안정성을 위협한다. 이에 많은 교육기관과 정부 기관이 학교폭력 예방과 대처를 위한 다양한 방안을 제시하고 있지만, 여전히 어려운 문제이다. 최근에는 인공지능 기술을 활용하여 학교폭력 방지와 대처에 관한 연구가 이루어지고 있다. 본 연구에서는 YOLOv5(You Only Look Once version 5) 딥러닝 알고리즘을 활용하여 학교 내부에서 발생하는 폭력 행위를 실시간으로 탐지하는 모델을 제안한다. 이 모델은 CCTV와 같은 영상 데이터를 입력으로 받아들여 학교 내부에서 발생하는 폭력 행위를 실시간으로 식별하는 것을 목표로 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.611-613
• /
• 2023

모바일 멀웨어는 민감한 데이터의 도용, 기기 성능 저하, 금전적 피해 유발 등 다양한 위협을 내포하고 있으며 특히 피싱, 앱 기반 공격 및 네트워크 기반 공격과 같은 기술을 통해 모바일 장치를 악용할 수 있다. 이를 해결하기 위해 바이러스 백신 소프트웨어 및 강력한 암호 사용과 같은 보안 기술을 구현하면 모바일 멀웨어의 영향을 방지하고 완화하는 데 도움이 될 수 있다. 추가적으로 개인과 조직이 모바일 멀웨어와 관련된 위험을 인식하고 불리한 결과를 피하기 위해 이를 차단하기 위한 사전 조치를 취하는 것이 중요하다. 본 논문에서는 이러한 조치에 대한 보안 예방책을 제안하고자 하며 이를 통해 보다 안전한 모바일 환경을 갖출 수 있을 것이라 판단한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1197-1213
• /
• 2014

Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.355-364
• /
• 2023

As advanced cyber threats continue to increase in recent years, it is difficult to detect new types of cyber attacks with existing pattern or signature-based intrusion detection method. Therefore, research on anomaly detection methods using data learning-based artificial intelligence technology is increasing. In addition, supervised learning-based anomaly detection methods are difficult to use in real environments because they require sufficient labeled data for learning. Research on an unsupervised learning-based method that learns from normal data and detects an anomaly by finding a pattern in the data itself has been actively conducted. Therefore, this study aims to extract a latent vector that preserves useful sequence information from sequence log data and develop an anomaly detection learning model using the extracted latent vector. Word2Vec was used to create a dense vector representation corresponding to the characteristics of each sequence, and an unsupervised autoencoder was developed to extract latent vectors from sequence data expressed as dense vectors. The developed autoencoder model is a recurrent neural network GRU (Gated Recurrent Unit) based denoising autoencoder suitable for sequence data, a one-dimensional convolutional neural network-based autoencoder to solve the limited short-term memory problem that GRU can have, and an autoencoder combining GRU and one-dimensional convolution was used. The data used in the experiment is time-series-based NGIDS (Next Generation IDS Dataset) data, and as a result of the experiment, an autoencoder that combines GRU and one-dimensional convolution is better than a model using a GRU-based autoencoder or a one-dimensional convolution-based autoencoder. It was efficient in terms of learning time for extracting useful latent patterns from training data, and showed stable performance with smaller fluctuations in anomaly detection performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1455-1463
• /
• 2015

If the industrial control system is infected by malicious worm such as Stuxnet, national disaster could be caused inevitably. Therefore, most of the industrial control system defence is focused on intrusion detection in network to protect against these threats. Conventional method is effective to monitor network traffic and detect anomalous patterns, but normal traffic pattern attacks using MITM technique are difficult to be detected. This study analyzes the PROFINET/DCP protocol and weaknesses with the data collected in real industrial control system. And add the authentication data field to secure the protocol, find out the applicability. Improved protocol may prevent the national disaster and defend against MITM attacks.