• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.27-34
• /
• 2017

Network security visualization technique using security alerts provide the administrator with intuitive network security situation by efficiently visualizing a large number of security alerts occurring from the security devices. However, most of these visualization techniques represent events using overlap the timelines of the alerts or Top-N analysis by their frequencies resulting in failing to provide information such as the attack trend, the relationship between attacks, the point of occurrence of attack, and the continuity of the attack. In this paper, we propose an effective visualization technique which intuitively explains the transition of the whole attack and the continuity of individual attacks by arranging the events spirally according to timeline and marking occurrence point and attack type. Furthermore, the relationship between attackers and victims is provided through a single screen view, so that it is possible to comprehensively monitor not only the entire attack situation but also attack type and attack point.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.2
• /
• pp.144-155
• /
• 2019

One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

• Annual Conference of KIPS
• /
• 2011.11a
• /
• pp.774-777
• /
• 2011

산업제어시스템(ICS: Industrial Control System)은 전력 생산, 댐 운영, 가스 생산, 수자원 관리, 원자력 발전 설비 등의 운영을 제어하고 관리하는 시스템이다. 대부분의 국가 기반 시설은 이러한 제어시스템에 의해 관리되고 있으며, 정보통신 기술이 발전하면서 업무망과 제어시스템망을 나누워 구축하며 점차 개방화되어 가고 있다. 이로 인한 IT측면에서 발생하는 사이버 공격이 비교적 폐쇄적인 제어 시스템 망으로 언제든지 이루어질 수 있으며, 실제 국내에서 독립적인 네트워크를 사용함에도 불구하고 금융권의 전산망이 마비되는 사태가 발생하였다. 또한 국외에서는 이란의 원자력 발전소 제어 시스템을 목적으로 하는 'Stuxnet' 악성코드로 인해 발전소 운용이 중단돼는 사례도 발생하였다. 산업용 시스템의 목적과 특성상 사이버 침해사고 발생 시 국가적 손실 및 생명에도 위협을 받을 수 있다. 본 논문은 과거에 보안을 고려하지 않고 구축되었던 제어시스템을 사이버 침해로부터 보호하기 위해 제어시스템을 위한 통신 프로토콜 암호화 및 화이트리스트보안 기술을 이용한 시스템 적용 방안을 소개하며, 네트워크 접속시 인가된 산업용 PC의 안전성을 평가하기 위해 요구되는 보안 플렛폼 설계를 한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.131-134
• /
• 2020

스마트시티로 가는 첫걸음이자 핵심이라 할 수 있는 IoT 기술이 우리의 삶을 변화시키고 있다. 원격에서 집 내부의 상태를 확인하며 조정할 수 있고, 집 내부의 상황도 영상을 통해 확인할 수 있게 되었다. 이처럼 IoT 기술은 우리 삶의 편리함을 제공하고 중요한 요소가 되었지만, IoT 환경 관리의 주체가 사용자 개인이거나 IoT 환경상태를 모니터링하며 관리할 수 있는 수단이 없어 관리가 되지 않고 있고 공격을 받아도 사용자가 알 수 없다는 특성 때문에 IoT 보안에 있어 심각한 문제를 일으킬 수 있다. 이러한 문제에도 불구하고 IoT 보안에 대한 인식과 IoT 환경에 특화된 관리 시스템은 갖춰지지 않고 있다. 본 논문에서는 오픈 소스 데이터 분석 및 시각화 솔루션인 Elastic Stack을 활용하여 손쉽게 IoT 환경을 관리하고 상태를 시각화하여 제공하는 IoT 환경 관리 시스템을 제안한다.

• Review of KIISC
• /
• v.19 no.4
• /
• pp.65-71
• /
• 2009

기존의 전력망에 정보기술을 융합하여 전력 공급자와 소비지가 양방향 통신을 통하여 에너지 생산과 소비 효율을 최적화 할 수 있는 지능형 전력망이 개발되고 있다. 특히 우리나라는 이 기술의 세계 선도국가로 지정되어 스마트 그리드 구축을 위한 로드맵을 수립할 예정으로 있다. 그러나 전력망이 통신망에 융합되면서 정보통신 인프라에서 발생하고 있는 보안 문제가 전력망에서도 그대로 재현되고 있다. 따라서 전력 인프라에 대한 사이버 공격을 방지하고 대응하기 위하여 정보보호 기술이 개발단계 초기부터 고려될 필요가 있다. 본 논문에서는 스마트 그리드와 같은 국가적인 주요 인프라를 보호하기 위한 정보보호 기술의 필요성과 요구사항 등에 대하여 살펴보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.51-61
• /
• 2009

Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.8
• /
• pp.352-361
• /
• 2019

The purpose of this research is to verify the mediation effect of emotional regulation on the relationship between social anxiety and relational aggression in higher-grade elementary school girls. The research was conducted with 177 female students in grades 4, 5, and 6 attending an elementary school in Inchon, South Korea, and the results were used as a social anxiety scale, an emotional regulation ability scale, and a relational aggression scale. From using the data for multiple regression analysis, the results of this study are as follows. First, social anxiety showed a significant negative correlation with emotional regulation, and showed a significant positive correlation with relational aggression. Emotional regulation and social anxiety showed a significant negative correlation with relational aggression. Second, emotional regulation was fully mediated from the effect of social anxiety on relational aggression. Third, as a result of verifying the mediating effects from subordinate factors of emotional regulation on the relationship between social anxiety and relational aggression, positive emotional regulation, such as problem-centered coping support seeking was found to be partially mediated, whereas negative emotional regulation, such as emotional divergence, aggressive expression, and avoidance, was found to be fully mediated. Finally, the implications and limitations of this study are discussed.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.73-79
• /
• 2023

Cyber threats are evolving and becoming more sophisticated with the development of new technologies, and consequently the number of service failures caused by DDoS attacks are continually increasing. Recently, DDoS attacks have numerous types of service failures by applying a large amount of traffic to the domain address of a specific service or server. In this paper, after generating the data of the Syn Flooding attack, which is the representative attack type of bandwidth exhaustion attack, the data were compared and analyzed using Random Forest, Decision Tree, Multi-Layer Perceptron, and KNN algorithms for the effective detection of attacks, and the optimal algorithm was derived. Based on this result, it will be useful to use as a technique for the detection policy of Syn Flooding attacks.