• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.939-946
• /
• 2023

In the hyper-connected network, which network equipment is diverse and network structure is complex, the attack surface has also increased. In this environment, MTD(Moving Target Defense) technology is being researched as a method to fundamentally defend against cyber attacks by actively changing the attack surface. network-based MTD technologies are being widely studied. However, in order for network address mutation technology to be applied within the existing fixed IP-based system, research is needed to determine what impact it will have. In this paper, we studied the impact of applying network address mutation technology to the existing network protection system. As a result of the study, factors to be considered when firewall, NAC, IPS, and network address mutation technologies are operated together were derived, and elements that must be managed in network address mutation technology for interoperability with the network analysis system were suggested.

• Review of KIISC
• /
• v.31 no.3
• /
• pp.13-19
• /
• 2021

IT 기술이 발전함에 따라 사이버 공격은 더욱더 지능화 대량화 되고 있다. 이로 인해 기존의 전통적인 보안 접근만으로는 모든 위협을 탐지하고 분석, 대응하기에는 한계에 이르렀다. 이를 해결하고자 사이버 보안관제에 머신러닝 기술을 적용하고자 하는 연구 및 사례가 증가하고 있다. 이에 본 논문에서는 기존 보안관제 체계 및 문제점에 대해서 알아보고, 이를 해결하고자 적용된 머신러닝 기술 현황에 대해 조사하였다. 그리고 해당 기술이 보안관제에 성공적으로 적용되기 위해 고려해야 할 관리적 측면과 기술적 측면을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.301-304
• /
• 2016

Cyber world constitute the infrastructure of the country and its people and control. Cyber attacks and leakage of personal information are being threatened damage to the national economy and national security. December 2014 had been cyber hacking attacks on Korea Hydro & Nuclear Power Nuclear cooling system design drawings of a spill, and Cheong Wa Dae website hacked, KBS stations occurred in cyber hacking accidents. As a result, ICT-based Protection Act, Promotion of Information and Communications Network Utilization and Information Act on Protection, etc., privacy laws are being enforced, personal information in the form of requirements from leading high-tech eoryeowoona is to prevent the attacks of armed hackers Internet information society It proposes positive measures to keep your personal information officer and laws.

• Review of KIISC
• /
• v.27 no.2
• /
• pp.57-68
• /
• 2017

원자력시설에 대한 사이버보안 위협이 증가됨에 따라 "원자력시설 등의 방호 및 방사능 방재 대책법"에 의거 원자력통제기술원은 사이버보안 이행에 관한 세부 기준을 제시하는 KINAC/RS-015 "원자력시설 등의 컴퓨터 및 정보시스템 보안기술기준"을 마련하고 원자력 사업자로 하여금 사이버보안계획(CSP)을 이행토록 하였다. 따라서 원자력사업자는 사이버공격으로부터 필수디지털자산(CDA)을 보호하기 위해 운영적 관리적 기술적 사이버 보안조치를 적용 및 이행하여야 한다. 본 논문에서는 원자력시설의 최상위 설계요건인 안전성 및 신뢰성 확보를 위해 사이버보안 기술을 적용하는데 많은 어려움이 따르는 기술적 보안조치인 접근통제, 감사 및 책임, 시스템 및 통신의 보호, 식별 및 인증, 시스템 보안강화에 대한 이행방안을 살펴보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.905-917
• /
• 2018

The sovereign state has the right to engage in self-defense or war with the approval of the Security Council when it receives an invasion of territory from a foreign country. War is conducted under the principle of the necessity and proportionality of self-defense. In case of cyber attack, proportional countermeasure must be made through attack means and effect analysis, and cyber weapons need to be classified for this purpose. Therefore, this study aims to provide a rational and legitimate response according to the necessity and proportionality of the self - defense right by suggesting definition and classification criteria of cyber weapons. In this study, cyber weapons were defined as "means of collecting, attacking, and protecting information using cyber technology in the cyber space according to military objectives. Based on existing weapon systems and public cyber weapons cases, cyber weapons were classified as (1) cyber weapons for information gathering, (2) cyber weapons for attack, and (3) cyber weapons for protection. We suggest the considerations for applying the proportional response according to this functional classification. In order to guarantee the principle of proportionality to cyber attacks in the future, the classification study based on the cyber weapon effect should be conducted. This study has conducted an exploratory study on the classification of cyber clusters which constitutes one axis of the proportionality principle.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.4
• /
• pp.175-181
• /
• 2024

The U.N. Security Council's North Korea Sanctions Committee estimated that the amount of North Korea's cyberattacks on virtual asset-related companies from 2017 to 2023 was about 4 trillion won. North Korea's cyberattacks have secured funds through cryptocurrency hacking as it has been restricted from securing foreign currency due to economic sanctions by the international community, and it also shows the form of technology theft against defense companies, and illegal assets are being used to maintain the Kim Jong-un regime and develop nuclear and missile development. When North Korea conducted its sixth nuclear test on September 3, 2017, and declared the completion of its national nuclear armament following the launch of an intercontinental ballistic missile on November 29 of the same year, the U.N. imposed sanctions on North Korea, which are considered the strongest economic sanctions in history. In these difficult economic situations, North Korea tried to overcome the crisis through cyberattacks, but as a result of analyzing the changes through the North's cyber attack cases, the strategic goal from the first period from 2009 to 2016 was to verify and show off North Korea's cyber capabilities through the neutralization of the national network and the takeover of information, and was seen as an intention to create social chaos in South Korea. When foreign currency earnings were limited due to sanctions against North Korea in 2016, the second stage seized virtual currency and secured funds to maintain the Kim Jong-un regime and advance nuclear and missile development. The third stage is a technology hacking of domestic and foreign defense companies, focusing on taking over key technologies to achieve the five strategic weapons tasks proposed by Chairman Kim Jong-un at the 8th Party Congress in 2021. At the national level, security measures for private companies as well as state agencies should be established against North Korea's cyberattacks, and measures for legal systems, technical problems, and budgets related to science are urgently needed. It is also necessary to establish a system and manpower to respond to the ever-developing cyberattacks by focusing on cultivating and securing professional manpower such as white hackers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.115-124
• /
• 2009

Internet is in rapid growth from technology to total social environment, so technical and syntax based cyber crime is evolved but also psychological and semantic based one is showing. In this paper, we analyze the cyber-crime cases announced by police, then classify it into social and technical influence. After that, we study the profiling method on psychological view point of cyber-crimes. We expect that it is possible to classify cyber-crimes into the categories rapidly and take less time to analyze and response.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.710-711
• /
• 2015

최근 사이버 공격이사회, 국가적 위협으로 대두되고 있다. 최근 신종 악성코드에 의한 A.P.T 공격이 사회적으로 큰 혼란을 야기하고 있다. 이에 따라 기업 내에서 방화벽, IPS, VPN 등의 네트워크 보안 시스템의 통합 관리를 목적으로 하는 통합관제시스템(ESM)의 필요성이 제기되었다. 그러나 기존의 ESM의 방식은 외부에서 내부로 유입되는 트래픽만을 모니터링하는 네트워크 기반 공격 탐지기법을 사용하기 때문에, 외부 사이버 공격만을 차단할 수 있다는 한계점을 가지고 있다. 따라서 본 연구는 주요 IT 기반시설의 네트워크, 시스템, 응용 서비스 등으로부터 발생하는 데이터 및 보안 이벤트 간의 연관성을 분석하여 보안 지능을 향상시키는 빅데이터를 활용한 보안로그시스템을 제안한다. 본 연구에서 제안한 빅데이터를 활용한 보안로그시스템을 통해 분산 기반의 저장/처리 기술 적용하고자 한다.본 기술을 적용한 지능형 정보 분석 플랫폼 구성을 통해, 가용성과 확장성을 확보하여 통합적 보안 관제가 가능하도록 한다. 뿐만 아니라 기업 내로의 악성코드 유입, 감염(전파) 그리고 실시간 모니터링이 가능하여 고객 서비스 만족도가 향상되는 파급효과가 기대된다.

• 정보보호뉴스
• /
• s.126
• /
• pp.8-9
• /
• 2008

사이버 공간에서의 보안은 공격자와 방어자가 서로의 행동에 연속적으로 반응하는 일종의 군비확장 경쟁(Arms Race)에 비유된다. 정보기술과 사이버 공간이 현재와 같은 속도로 진화하는 동안에는 이런 경쟁이 계속될 가능성이 높다. 따라서 방어자의 입장에서 사이버 보안에 대한 접근은 보호하고자 하는 정보자산의 가치에 따라 예방적(Preventive)이고 선제적(Preemptive)인 대책을 구사할 필요가 있다. 그렇지 않으면 일이 터지고 그때서야 대책 마련에 부지런을 떠는 '소 잃고 외양간 고치는'식의 대응적(Responsive) 수준에 머무를 수 밖에 없다. 상황에 따라 대응적 수준의 보안대책이 최선인 경우도 있으나, 정보기술 환경 또는 사이버 공간의 안전.신뢰성을 적극적으로 확보하기 위해서는 예방적이고 선제적인 보안 수단을 다양한 조직과 시스템에 광범위하게 적용할 필요가 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.57-64
• /
• 2022

In this paper, the definition and overview of digital health care that has emerged recently, core technology, and We would like to propose a plan to establish a next-generation information protection system that can protect digital healthcare devices and data from cyber attacks. Various vulnerabilities exist for digital healthcare devices and data, and cyber attacks are possible for those vulnerabilities. Through an attack on digital health care devices and information and communication networks, it can directly adversely affect human life and health, Since digital healthcare data contains sensitive and personal information, it is essential to safely protect it from cyber attacks. In the case of this proposal, for continuous safe management of data and cyber attacks on equipment and communication networks for digital health devices, It is expected to be able to respond more effectively and continuously through the establishment of the next-generation information protection system.