• Title/Summary/Keyword: 방어행위

Search Result 119, Processing Time 0.025 seconds

The reserch of method of succession on ROK marine's spirit and tradition - Based on the Incheon landing Operation- (해병대 전통정신계승 방안에 관한 연구 - 인천상륙작전 중심으로 -)

  • Kim, Ho Chun
    • Convergence Security Journal
    • /
    • v.16 no.6_1
    • /
    • pp.15-24
    • /
    • 2016
  • Operation Chromite was the first combined landing operation executed by ROK marine corp's and allied forces on Sept 15, 1950. Its historical significance is that it provided Korea with an opportunity to retake capital city Seoul because it helped to fight back from Nakdong river defense Front. During the landing, ROK marine corp's was highly praised from US commanders that "No any defect was found from ROK marine corp's perfect battle performance." and ROK marine corp's spirit of sacrifice with serving our country presented a grant spectacle to all over the world. In these days, the reason why ROK marine corp's gains trust and has grow successfully as national army force is that it prepares national emergency though strong training during peacetime. However, bad tradition like beating and harsh treatment must be fixed. ROK marine corp's should improve and take over the hard earned tradition from former marines and do our best to be trusted from people.

Adaptive Anomaly Movement Detection Approach Based On Access Log Analysis (접근 기록 분석 기반 적응형 이상 이동 탐지 방법론)

  • Kim, Nam-eui;Shin, Dong-cheon
    • Convergence Security Journal
    • /
    • v.18 no.5_1
    • /
    • pp.45-51
    • /
    • 2018
  • As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

  • PDF

A Study on the Problems of Procedural Law Against Cyber Crimes in Korea - On the Trend of Procedural Law Against Cyber Crimes of U.S - (우리 사이버범죄 대응 절차의 문제점에 관한 연구 - 미국의 사이버범죄대응절차법을 중심으로 -)

  • Lim Byoung-Rak;Oh Tae-Kon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.4 s.42
    • /
    • pp.231-241
    • /
    • 2006
  • When current cyber attacks to information and communication facilities are examined, technologies such as chase evasion technology and defense deviation technology have been rapidly advanced and many weak systems worldwide are often used as passages. And when newly-developed cyber attack instruments are examined, technologies for prefect crimes such as weakness attack, chase evasion and evidence destruction have been developed and distributed in packages. Therefore, there is a limit to simple prevention technology and according to cases, special procedures such as real-time chase are required to overcome cyber crimes. Further, cyber crimes beyond national boundaries require to be treated in international cooperation and relevant procedural arrangements through which the world can fight against them together. However, in current laws, there are only regulations such as substantial laws including simple regulations on Punishment against violation. In procedure, they are treated based on the same procedure as that of general criminal cases which are offline crimes. In respect to international cooperation system, international criminal private law cooperation is applied based on general criminals, which brings many problems. Therefore, this study speculates the procedural law on cyber crimes and presents actual problems of our country and its countermeasures.

  • PDF

A Practical Design and Implementation of Android App Cache Manipulation Attacks (안드로이드 앱 캐시 변조 공격의 설계 및 구현)

  • Hong, Seok;Kim, Dong-uk;Kim, Hyoungshick
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.205-214
    • /
    • 2019
  • Android uses app cache files to improve app execution performance. However, this optimization technique may raise security issues that need to be examined. In this paper, we present a practical design of "Android app cache manipulation attack" to intentionally modify the cache files of a target app, which can be misused for stealing personal information and performing malicious activities on target apps. Even though the Android framework uses a checksum-based integrity check to protect app cache files, we found that attackers can effectively bypass such checks via the modification of checksum of the target cache files. To demonstrate the feasibility of our attack design, we implemented an attack tool, and performed experiments with real-world Android apps. The experiment results show that 25 apps (86.2%) out of 29 are vulnerable to our attacks. To mitigate app cache manipulation attacks, we suggest two possible defense mechanisms: (1) checking the integrity of app cache files; and (2) applying anti-decompilation techniques.

A Study of Worm Propagation Modeling extended AAWP, LAAWP Modeling (AAWP와 LAAWP를 확장한 웜 전파 모델링 기법 연구)

  • Jun, Young-Tae;Seo, Jung-Taek;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.5
    • /
    • pp.73-86
    • /
    • 2007
  • Numerous types of models have been developed in recent years in response to the cyber threat posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical modeling techniques such as Epidemic, AAWP (Analytical Active Worm Propagation Modeling) and LAAWP (Local AAWP). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the entire nv4 network and fail to consider the effects of countermeasures, making it difficult to analyze the extent of damage done by them and the effects of countermeasures in a specific network. This paper extends the equations and parameters of AAWP and LAAWP and suggests ALAAWP (Advanced LAAWP), a new worm simulation technique that rectifies the drawbacks of existing models.

Design and Theoretical Analysis of a Stepwise Intrusion Prevention Scheme (단계적 비정상 트래픽 대응 기법 설계 및 이론적 분석)

  • Ko Kwangsun;Kang Yong-hyeog;Eom Young Ik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.1
    • /
    • pp.55-63
    • /
    • 2006
  • Recently, there is much abnormal traffic driven by several worms, such as Nimda, Code Red, SQL Stammer, and so on, making badly severe damage to networks. Meanwhile, diverse prevention schemes for defeating abnormal traffic have been studied in the academic and commercial worlds. In this paper, we present the structure of a stepwise intrusion prevention system that is designed with the feature of putting limitation on the network bandwidth of each network traffic and dropping abnormal traffic, and then compare the proposed scheme with a pre-existing scheme, which is a True/False based an anomaly prevention scheme for several worm-patterns. There are two criteria for comparison of the schemes, which are Normal Traffic Rate (NTR) and False Positive Rate (FPR). Assuming that the abnormal traffic rate of a specific network is $\beta$ during a predefined time window, it is known that the average NTR of our stepwise intrusion prevention scheme increases by the factor of (1+$\beta$)/2 than that of True/False based anomaly prevention scheme and the average FPR of our scheme decrease by the factor of (1+$\beta$)/2.

A Empirical Study on the Patch Impact Assessment Method for Industrial Control Network Security Compliance (산업제어망 보안 컴플라이언스를 위한 패치 영향성 평가 방안에 관한 실증 연구)

  • Choi, Inji
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1141-1149
    • /
    • 2020
  • Most of the industrial control network is an independent closed network, which is operated for a long time after installation, and thus the OS is not updated, so security threats increase and security vulnerabilities exist. The zero-day attack defense must be applied with the latest patch, but in a large-scale industrial network, it requires a higher level of real-time and non-disruptive operation due to the direct handling of physical devices, so a step-by-step approach is required to apply it to a live system. In order to solve this problem, utility-specific patch impact assessment is required for reliable patch application. In this paper, we propose a method to test and safely install the patch using the regression analysis technique and show the proven results. As a patch impact evaluation methodology, the maximum allowance for determining the safety of a patch was derived by classifying test types based on system-specific functions, performance, and behavior before and after applying the patch. Finally, we report the results of case studies applied directly to industrial control networks, the OS patch has been updated while ensuring 99.99% availability.

A Study on Novel Steganography Communication Technique based on Thumbnail Images in SNS Messenger Environment (SNS 메신저 환경에서의 썸네일 이미지 기반의 새로운 스테가노그래피 통신 기법 연구)

  • Yuk, Simun;Cho, Youngho
    • Journal of Internet Computing and Services
    • /
    • v.22 no.6
    • /
    • pp.151-162
    • /
    • 2021
  • Steganography is an advanced technique that hides secret messages by transforming them into subtle noise and spreading them within multimedia files such as images, video and audio. This technology has been exploited in a variety of espionage and cyber attacks. SNS messenger is an attractive SNS Service platform for sending and receiving multimedia files, which is the main medium of steganography. In this study, we proposed two noble steganography communication techniques that guarantee the complete reception rate through the use of thumbnail images in the SNS messenger environment. In addition, the feasibility was verified through implementation and testing of the proposed techniques in a real environment using KakaoTalk, a representative SNS messenger in south korea. By proposing new steganography methods in this study, we re-evaluate the risk of the steganography methods and promoted follow-up studies on the corresponding defense techniques.

Practicality Evaluation of the Drone and LiDAR for the Management of River and Flood Retention Facility (하천 및 우수저류지 유지관리를 위한 드론 및 LiDAR의 활용성 평가)

  • Yi, Sank Kuk;Kim, Ju;Kim, Jong Buk;Chung, Moo Soon;Kim, Sung Hun;Kim, Byung Sik
    • Proceedings of the Korea Water Resources Association Conference
    • /
    • 2021.06a
    • /
    • pp.19-19
    • /
    • 2021
  • 최근 드론 및 ICT 융·복합기술은 산업 전반에 걸쳐 새로운 대안을 제시하고 있으며, 종전의 산업은 데이터 생성·가공·활용의 효율성, 경제성, 안전성 등의 장점을 들어 빠른 속도로 관련 ICT와 의 접목을 시도해 왔다. 이를 통해 과거의 기술과 방식에서는 찾아보기 힘들었던 다양한 형태의 결과물을 제시하는 등 데이터 기반의 4차산업혁명이 선도하는 변화가 곳곳에서 일어나고 있다. 국토교통부에서는 2018년부터 중앙·지자체·공공기관 소속직원을 대상으로 드론 조종인력 양성사업을 시작으로 2019년 국방·치안·환경·안전·측량 등 10개 분야에 드론 활용 임무특화교육을 진행해왔으며, 2020년도에는 시설물 점검, 불법행위 추적 감시, 수자원 관리 등으로 교육 분야 추가하는 등 활용범위를 확대해나가고 있다. 경기도 안전관리실(안전특별점검단)에서는 이러한 국가정책의 방향에 맞춰 새로운 기술과 융합을 시도하고자 2020년부터 '드론 등을 활용한 시설물 안전점검 고도화 연구'를 시작으로 절토사면 및 옹벽 등 시설물 안전점검과 하천 및 우수저류지의 유지관리에 ICT 융·복합 기술 및 분석용 S/W 등을 적용하고자 하였다. 본 연구에서는 드론 및 LiDAR 등을 활용하여 하천, 배수로, 우수저류지 등에 대해 공공관리주체가 실시할 수 있는 유지관리점검 및 현황분석 방법에 관한 것으로서 「하천법」, 「자연재해대책법」, 「시설물의 안전 및 유지관리 실시 세부지침」, 「우수유출저감시설의 종류·구조·설치 및 유지관리 기준」 등에서 정한 사항에 대해 적용하였다. 이를 통해 하천, 우수저류지 등 수공구조물의 홍수위 변동성 평가, 홍수조절부 용량검토 등 홍수방어 능력에 대한 유지관리 차원의 공공관리주체 역할을 강화하는 제도적 측면을 검토하고, 드론, LiDAR 등의 ICT 융·복합 기술 활용 확대를 통해 예산절감 및 공공안전 강화에 기여할 수 있을 것으로 판단된다.

  • PDF

Machine Learning Based APT Detection Techniques for Industrial Internet of Things (산업용 사물인터넷을 위한 머신러닝 기반 APT 탐지 기법)

  • Joo, Soyoung;Kim, So-Yeon;Kim, So-Hui;Lee, Il-Gu
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.449-451
    • /
    • 2021
  • Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

  • PDF