• Proceedings of the Korea Society for Simulation Conference
• /
• 2002.05a
• /
• pp.219-225
• /
• 2002

최근 정보화 사회의 정착으로 인해 개인의 정보통신 인프라에 대한 의존도가 높아졌고, 정보통신 인프라에 대한 사이버테러의 위협이 증가되었다. 이로 인해 정보통신 기술 영역의 화두로 등장하고 있는 요소 기술 중 하나가 정보보안 기술이다. 해킹기술과 정보보안기술은 창과 방패의 관계를 갖으며, 다양한 해킹기술의 등장과 함께 나날이 새로운 정보보안 기술이 등장하고 있다. 특히, 공격자의 행동 특성에 대한 연구와 네트워크와 시스템의 특성 연구는 이들 중 중요한 연구 주제이다. 본 논문은 이러한 정보보안기술 영역에서 시뮬레이션 기술이 활용되고 있는 영역에 대해서 소개하고자 한다. 특히, 본 영역에서 두각을 나타내고 있는 몇 가지 연구 결과를 소개하여 국내 시뮬레이션 관련 기술연구자들이 정보보안분야에 기여할 수 있는 방향을 고려해 고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.417-430
• /
• 2024

As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2689-2694
• /
• 2012

In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spam. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this paper, we propose IRC (Internet Relay Chat) that is used to control the botnet communication in a session channel of IRC servers connected through the analysis of the relationship of the channel and the connection with the server bot-infected hosts and how to detect.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.688-690
• /
• 2003

현대인의 삶에서 인터넷에 대한 의존도는 나날이 높아지고 있고 더불어 시스템의 취약성을 공격하는 해킹방식은 대규모의 트래픽을 발생하는 형태로 네트워크 자체에 대해 위협적인 존재로 발전하고 있다. 따라서 이러한 사이버 위협을 차단하고 미연에 예방하기 위해서 다양한 네트워크 보안 제품들이 등장하고 있다. 본 논문에서는 네트워크 보안 기술의 흐름을 파악하기 위하여 현재의 네트워크 보안 기술을 트래픽 제어 기술과 네트워크 보안이 접목된 기술, 침입차단 기술. VPN 기술, 침입탐지 및 침입방지 기술, 정책 기반 관리 기술로 분류하여 동향 및 제품들을 비교하고, 이를 통해 네트워크 보안 기술의 향후 발전 방향을 예측한다.

• Review of KIISC
• /
• v.33 no.1
• /
• pp.77-88
• /
• 2023

인터넷 사용매체 및 네트워크 접속방법이 다양해지면서 인터넷 사용량은 매우 빠르게 증가하고 있다. 이러한 인터넷은 현대사회에서 꼭 필요한 자원이지만 악성코드, 스팸, 개인정보 유출 등 이를 악용한 범죄도 증가하고 있다. 또한 전 세계적으로 유행중인 코로나로 인해 관련된 접종정보, 동선, 재난문자 등으로 위장한 피싱 공격도 증가하고 있다. 대다수의 공격자들은 사이버 범죄를 저지르기 위해 악성코드 유포사이트를 통해 악성코드를 유포한다. 이러한 범죄를 예방하기 위해선 악성코드 유포사이트에 대한 초기 대응이 필수이며, 사용자가 악성코드 유포사이트에 접근하기 전에 차단할 수 있는 실시간 탐지 기술이 필요하다. 본 논문에서는 이러한 탐지 기술 중 URLDeep, POSTER, Random-Forest, XGBoost와 같은 기계학습을 이용한 탐지 기술의 연구동향을 조사하였다.

• Review of KIISC
• /
• v.33 no.4
• /
• pp.57-63
• /
• 2023

Industry 4.0의 진행으로 이기종의 IoT 장비들 간의 통신을 위해 다양한 산업용 통신 미들웨어들이 등장했다. 그 중 Robotics 분야에서 활발히 사용되는 Robot Operating System (ROS)는 개발자 커뮤니티와 로봇 개발 도구들을 기반으로 지속적인 시장 점유율 증가세를 보이고 있다. 초기 발표된 ROS1의 경우 보안이 전혀 고려되지 않은 설계로 Packet Injection 공격등의 사이버 보안 위협에 취약했지만, ROS2의 경우 통신 미들웨어인 Data Distribution Service (DDS) 통신규격을 전송 계층에 적용하여 메시지 전송에 대한 보안 기능을 제공하고 있다. 그러나 최근 연구에서는 DDS와 관련된 ROS2 취약점이 발표되고 있다. 따라서 본 논문에서는 DDS와 관련된 ROS2의 공격 기술 동향을 소개한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.2
• /
• pp.357-364
• /
• 2015

Tags and Readers is receiving and sending the data using the wireless communication in the RFID environment. Therefore, it could allow an attacker to participate in the network without the physical constraints, which can be easily exposed to a variety of attacks, such as taps and data forgery. Also, it is not easy to apply the security techniques to defend external attacks because the resource constraints of RFID tags is high. In this paper, new tag-reader mutual authentication protocol is proposed to protect the external cyber attacks such as spoofing attacks, replay attacks, traffic analysis attacks, location tracking attacks. The performance evaluation of the proposed mutual authentication protocol is performed and the simulation results are presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.281-292
• /
• 2017

It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.39-49
• /
• 2014

Cyber threats on the Internet are tremendously increasing and their techniques are also evolving constantly. Intrusion Detection System (IDS) is one of the powerful solutions for detecting and analyzing the cyber attacks in realtime. Most organizations deploy it into their networks and operate it for security monitoring and response service. However, IDS has a fatal problem in that it raises a large number of alerts and most of them are false positives. In order to cope with this problem, many approaches have been proposed for the purpose of automatically identifying whether the IDS alerts are caused by real attacks or not. In this paper, we present an alert verification method based on correlation analysis between vulnerability inspection results for real systems that should be protected and the IDS alerts. In addition, we carry out practical experiments to demonstrate the effectiveness of the proposed verification method using two types of real data, i.e., the IDS alerts and the vulnerability inspection results.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.11-19
• /
• 2019

The blockchain is a technique for managing transaction data in distributed computing manner without the involvement of central trust authority. The blockchain has been used in various area such as manufacturing, culture, and public as well as finance because of its advantage of the security, efficiency and applicability. In the blockchain, it was considered safe against 51% attack because the adversary could not have more than 50% hash power. However, there have been cases caused by large-scale computing attacks such as 51% and selfish mining attack, and the frequency of these attacks is increasing. In addition, since the development of quantum computers can hold exponentially more information than their classical computer, it faces a new type of threat using quantum algorithms. In this paper, we perform the security analysis of blockchain attacks composing the large computing capabilities including quantum computing attacks. Finally, we suggest the technologies and future direction of the blockchain development in order to be safe against large-scale computing attacks.