• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• Review of KIISC
• /
• v.23 no.6
• /
• pp.76-89
• /
• 2013

최근의 사이버 위협은 공격자에 의해 지속적이고 지능화된 위협으로 진화하고 있다. 이러한 위협은 장기간에 걸쳐 이루어지기 때문에 보안체계를 잘 갖추고 있는 회사라 하더라도 탐지하는데 한계가 있다. 본 논문에서는 차세대 보안관제 프레임워크의 지향점을 네트워크 가시성 강화, 상황인식 기반 지능형 보안관제, 관련 업무조직과의 정보 통합 및 협업 강화로 제시하고 있으며 구조적, 수집 파싱, 검색 분석, 이상 탐지 등 총 9개 관점에서 이를 지원하는 필요 기술들을 분류하였다. 아울러 침투 경로 및 공격 단계와 내부 자원 간 연관성 분석을 통한 수집 정보 범위 설정, 사례 기반 상관분석 규칙 생성 적용, 정보연동, 업무처리, 컴플라이언스, 조사 분석 등 지원 기능의 연계를 보안관제 모델링의 필요 요소로 도출하였다.

• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• Review of KIISC
• /
• v.31 no.3
• /
• pp.29-38
• /
• 2021

산업안보위협은 개인 또는 전·현직자의 이익을 위해 다양한 경로를 통해 지속적으로 산업기술들을 유출하였지만, 최근에 는 국가에서 지원하는 사이버 공격자 그룹을 활용하여 신기술을 탈취하려는 목적의 사이버공격을 감행하고 있어 현재 산업체뿐만 아니라, 국가경제의 손실이 매우 크다. 따라서 본 논문에서는 정보탈취를 목적으로 하는 국가 배후 해킹조직의 침투 경로 및 공격 단계와 국가핵심기술 유출 사례와 연계하여 MITRE사(社) ATT&CK 프레임워크를 활용하여 산업기술위협에 대응할 수 있는 기술을 소개 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.319-325
• /
• 2016

Cloud computing-related security incidents have occurred recently are beyond the scope of a enterprise's security incident is expanded to the entire range of customers who use the cloud computing environment. The control technology for the overall integrated security of the cloud data center is required for this purpose. This study research integrated and additional security elements for the cloud data center control to understand the existing control technology. It is a better understanding of the IaaS cloud environment to build the IaaS cloud environment by CloudStack. SW-IaaS cloud structure by combining CloudStack and IaaS cloud model presented by NIST is proposed in this study. This paper derive a security framework to consider in each layer of The SW-IaaS cloud components, which are composed of the Cloud Manager, Cluster Manager, and Computer Manager.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.407-415
• /
• 2013

Recently, Interest variety of IT services and computing resources are increasing. As a result, the interest in the security of cloud environments is also increasing. Cloud environment is stored that to provide services to a large amount of IT resources on the Cloud. Therefore, Cloud is integrity of the stored data and resources that such as data leakage, forgery, etc. security incidents that the ability to quickly process is required. However, the existing developed various solutions or studies without considering their cloud environment for development and research to graft in a cloud environment because it has been difficult. Therefore, we proposed wire-wireless integrated Security management Model in cloud environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.989-992
• /
• 2012

본 논문에서는 안전한 공장 원격제어를 위한 시스템 프레임 워크를 제안한다. 공장기계와 IT의 융합으로 기술 발전함에 따라 공장 제어 시스템을 공장내부에서는 무선 제어시스템, 공장 외부에서는 원격 시스템의 필요성이 대두되어 많은 연구들이 진행되고 있다. 기존의 공장 자동화 시스템 SCADA(Supervisory Control And Data Acquisition)는 생산 공정 및 플랜트의 상태를 감시하고 제어하기 위한 목적으로 개발되었지만 원격제어 관련 내용이 부족하다. 공장 내부 보안을 위한 표준으로 ISA99 Security Standards에서도 통합 공정 제어 Zone & Conduits 방식 제시 공장의 각 영역을 Zone으로 나누고 허가된 사용자만 Conduit를 통해 다른 Zone의 노드와 통신을 하는 방식을 제안하였다. 하지만, 전체적인 프레임워크는 정의를 하고 있으나 외부 원격 제어 내용 부족하다. 따라서 본 논문에서는 스마트폰을 활용한 공장 외부에서의 안전한 원격 제어를 제공하는 통합관제시스템 프레임워크 구조를 제시하여 향후 관련 기술에 대한 기준점을 제시한다.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.2
• /
• pp.99-110
• /
• 2023

This study proposed a classification of malicious network traffic using the cyber threat framework(Mitre ATT&CK) and machine learning to solve the real-time traffic detection problems faced by current security monitoring systems. We applied a network traffic dataset called UNSW-NB15 to the Mitre ATT&CK framework to transform the label and generate the final dataset through rare class processing. After learning several boosting-based ensemble models using the generated final dataset, we demonstrated how these ensemble models classify network traffic using various performance metrics. Based on the F-1 score, we showed that XGBoost with no rare class processing is the best in the multi-class traffic environment. We recognized that machine learning ensemble models through Mitre ATT&CK label conversion and oversampling processing have differences over existing studies, but have limitations due to (1) the inability to match perfectly when converting between existing datasets and Mitre ATT&CK labels and (2) the presence of excessive sparse classes. Nevertheless, Catboost with B-SMOTE achieved the classification accuracy of 0.9526, which is expected to be able to automatically detect normal/abnormal network traffic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.141-152
• /
• 2011

Growing efforts and interests of security techniques in a diverse surveillance environment, the intelligent surveillance system, which is capable of automatically detecting and tracking target objects in multi-cameras environment, is actively developing in a security community. In this paper, we propose an effective visual surveillance system that is avaliable to track objects continuously in multiple non-overlapped cameras. The proposed object tracking scheme consists of object tracking module and tracking management module, which are based on hand-off scheme and protocol. The object tracking module, runs on IP camera, provides object tracking information generation, object tracking information distribution and similarity comparison function. On the other hand, the tracking management module, runs on video control server, provides realtime object tracking reception, object tracking information retrieval and IP camera control functions. The proposed object tracking scheme allows comprehensive framework that can be used in a diverse range of application, because it doesn't rely on the particular surveillance system or object tracking techniques.