• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.11
• /
• pp.1082-1089
• /
• 2012

Recent malicious attempts in Cyber space are intended to emerge national threats such as Suxnet as well as to get financial benefits through a large pool of comprised botnets. The evolved botnets use the Domain Name System(DNS) to communicate with the C&C server and zombies. DNS is one of the core and most important components of the Internet and DNS traffic are continually increased by the popular wireless Internet service. On the other hand, domain names are popular for malicious use. This paper studies on DNS-based cyber threats domain detection by data classification based on supervised learning. Furthermore, the developed cyber threats domain detection system using DNS traffic analysis provides collection, analysis, and normal/abnormal domain classification of huge amounts of DNS data.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.21-31
• /
• 2018

Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.

• Annual Conference of KIPS
• /
• 2017.11a
• /
• pp.314-317
• /
• 2017

최근 ICT 기술이 발달함에 따라 전쟁의 양상이 물리적에서 사이버전으로 이동되고 있으며 이미 사이버 공간을 제 5의 전장으로 불리운다. 또한 오랜 기간 동안 단계적으로 준비 과정을 거쳐 공격하는 APT 사례가 증가함에 따라 공격 징후를 사전에 탐지해 선제 대응하는 사이버 킬 체인이라는 방안이 각광받고 있다. 이러한 사이버 킬 체인 중 가장 기초가 되는 감시/정찰을 수행하기 위한 방안을 연구하면서 적의 영역에 침투했다는 가정하에서 정보를 수집하는 프로그램을 설계 및 제작해 보았다.

• Smart Media Journal
• /
• v.5 no.2
• /
• pp.65-76
• /
• 2016

Cloud Computing has recently begun to emerge as a new attack target. The malice DDoS attacks are ongoing to delay and disturb the various services of the Cloud Computing. In this paper, we propose the Hornet-Cloud using security Honeypot technique and resources of Cloud Computing, define and design the concept of security functions about active low-interaction framework by cyber resilience simply. In addition, for virtual honeypot service, we simulated and vitrified the possibility of functions of the low-interaction vHoneypot using cyber resilience.

• Review of KIISC
• /
• v.29 no.2
• /
• pp.16-22
• /
• 2019

ICT 기술을 이용하여 업무 공정의 효율성을 높이기 위한 사이버물리시스템(CPS)은 구성요소 간 연결성 강화로 인한 사이버 공격 요인이 증가하고 있으며, 이에 따른 보안대책 수립이 CPS 구축 단계에서부터 고려되어야 한다. 본 논문에서는 CPS를 위한 보안대책의 온전한 수립을 위한 국제표준 동향을 ITU-T SG17의 표준화 활동을 중심을 살펴보고자 한다. ITU-T SG17에서 진행되고 있는 IoT 보안 표준, 스마트그리드 보안 표준, ITS 보안 표준 등 CPS 관련 보안 표준화 동향을 기술하고, 향후 표준화 추진 방향에 대해서도 다룬다.

• Electronics and Telecommunications Trends
• /
• v.35 no.1
• /
• pp.34-48
• /
• 2020

Currently, cybersecurity technologies are primarily focused on defenses that detect and prevent cyberattacks. However, it is more important to regularly validate an organization's security posture in order to strengthen its cybersecurity defenses, as the IT environment becomes complex and dynamic. Cyberattack simulation technologies not only enable the discovery of software vulnerabilities but also aid in conducting security assessments of the entire network. They can help defenders maintain a fundamental level of security assurance and gain control over their security posture. The technology is gradually shifting to intelligent and autonomous platforms. This paper examines the trends and prospects of cyberattack simulation technologies that are evolving according to these requirements.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.113-121
• /
• 2019

With the development of the Internet and Information Communication Technology, there has been an increase in the amount of Open Source Intelligence(OSINT). OSINT can be highly effective, if well refined and utilized. Recently, it has been assumed that almost 95% of all information comes from public sources and the utilization of open sources has sharply increased. The ISVG and START programs, for example, collect information about open sources related to terrorism or crime, effectively used to detect terrorists and prevent crime. The open source information related to the cyber attacks is, however, quite different from that in terrorism (or crime) in that it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage. In addition, the data itself of cyber attacks is relatively unstructured. So, a totally new approach is required to establish and utilize an OSINT database for cyber attacks, which is proposed in this paper.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.25-34
• /
• 2016

This paper shall suggest the improvement model for invigorating cyber threat information sharing from the national level, which includes, inter alia, a comprehensive solutions such as the legislation of a guideline for information sharing, the establishment of so-called National Center for Information Sharing, the construction and management of a integrated information system, the development of techniques for automatizing all the processes for gathering, analyzing and delivering cyber threat information, and the constitution of a private and public joint committee for sharing information, so much so that it intends to prevent cyber security threat to occur in advance or to refrain damage from being proliferated even after the occurrence of incidents.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.31-37
• /
• 2011

Recently on tile network to ensure the anonymity of Mixed networking has been actively researched. It uses encrypted communications between Nodes and communications path is changed often to the attacker traceback and response, including the difficult thing is the reality. National institutions and infrastructure in these circumstances, the attack on the national level, if done on a large scale can be disastrous in. However, an anonymous network technology to cover up their own internet communication, it malicious form of Internet use by people who enjoy being continually updated and new forms of technology being developed is a situation continuously. In addition, attacks in the future application of these technologies is expected to continue to emerge. However, this reality does not deserve this thesis is prepared. In this paper, anonymously using a network to respond effectively to a cyber attack on the early detection research is to proceed.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.65-72
• /
• 2015

Recent cyberthreats are emerging as big issues that need to be addressed to both developed countries and South Korea. Our government has implemented and established comprehensive measures whenever major incidents were happened. It is still insufficient, even though the national and social level of cybersecurity are improved with continuous investments and efforts to strengthen the country than in the past. Comprehensive measures have been exposed to limit the effectiveness because they are focused on short-term measures. In this paper, we try to analyze the problems of incidents and assess the implementation process of establishing comprehensive measures in order to suggest ways ultimately to improve the country's overall level of cybersecurity.