• Review of KIISC
• /
• v.30 no.6
• /
• pp.7-16
• /
• 2020

1980년대 아날로그 이동전화서비스로 시작된 이동통신 기술은 매 10년을 주기로 빠르게 발전해 오고 있다. 디지털화를 거쳐 모바일 광대역 서비스에 초점을 맞춘 이전 세대와는 달리, 5G 이동통신서비스는 다양한 미래 정보통신 융합서비스의 플랫폼으로서, 산업구조 혁신을 통해 새로운 스마트 비즈니스 모델 및 산업 생태계를 창출하는 4차 산업혁명의 핵심 인프라로 주목받고 있다. 이러한 변화의 흐름속에서 이동통신서비스는 우리 실생활과 더욱 밀접해지고 있으나, 다른 한편으로 이동통신 환경의 취약점을 악용한 사이버 공격 위험에 노출될 가능성도 점차 확대되고 있다. 이런 배경에는 국제전기통신연합(ITU)의 IMT-2020 비전 및 요구사항을 충족시키기 위한 5G 네트워크의 구조적인 변화에 따라 공격접점이 크게 확대 되었기 때문이다. 본 고에서는 5G 시대의 도래와 함께 가장 큰 구조적 변화를 겪으며 5G 융합서비스의 핵심 인프라로서 새롭게 주목받고 있는 5G 엣지의 주요 특징을 살펴보고, 5G 엣지에서 제기되고 있는 보안위협과 이에 대한 대응 기술의 동향에 대해 살펴보고자 한다.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.28 no.7
• /
• pp.1140-1147
• /
• 2022

With the development of digital technology, the marine environment is expected to change rapidly. In the case of autonomous vessels, technology is being developed in many countries, and the international community has begun to discuss ways to operate it. Changes in ships cause changes in the marine traffic environment and urge changes to aids to navigation. This study aims to analyze the cyber security management awareness of VTS personnel to improve the cyber security system for aids to navigation. To this end, the current status of cyber security management was reviewed with a focus on VTS, and a survey was conducted on VTS personnel. The survey analysis used the IPA methodology, and as a result of the analysis, a clear difference was observed in the perception of cybersecurity between those with experience in security and those without experience. In addition, technical measures related to cyber-attack detection and blocking should be implemented with the highest priority. The results of this study can be used as basic data for improving the cyber security management system for aids to navigation.

• Journal of Navigation and Port Research
• /
• v.47 no.6
• /
• pp.437-447
• /
• 2023

By actively adopting technologies from the Fourth Industrial Revolution, the port industry is trending toward new types of ports, such as automated and smart ports. However, behind the development of these ports, there is an increasing risk of cyber security incidents and threats within ports and container terminals, including information leakage through cargo handling equipment and ransomware attacks leading to disruptions in terminal operations. Despite the necessity of research to enhance cyber security within ports, there is a lack of such studies in the domestic context. This study focuses on Busan Port, a representative port in South Korea that actively incorporates technology from the Fourth Industrial Revolution, in order to discover variables for improving cyber security in container terminals. The research results categorized factors for enhancing cyber security in Busan Port's container terminals into network construction and policy support, standardization of education and personnel training, and legal and regulatory factors. Subsequently, multiple regression analysis was conducted based on these factors, leading to the identification of detailed factors for securing and enhancing safety, reliability, performance, and satisfaction in Busan Port's container terminals. The significance of this study lies in providing direction for enhancing cyber security in Busan Port's container terminals and addressing the increasing incidents of cyber security attacks within ports and container terminals.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.947-950
• /
• 2014

The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. This implies that essentially, advanced security management is required, from the perspective of 5A. The changes of IT environment are represented by Mobile, Cloud and BYOD. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. This study suggested an application method of the risk-based Airport model to the cyber security environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.333-336
• /
• 2022

With the development of IT technology, cybercrime is becoming sophisticated and intelligent. In particular, in the case of BackDoor, which is used in the APT attack (intelligent continuous attack), it is very important to detect malicious behavior and respond to infringement because it is often unaware that it has been damaged by an attacker. This paper aims to build an EDR platform that can monitor, analyze, and respond to malicious behavior in real time by collecting, storing, analyzing, and visualizing logs in an endpoint environment in real time using open source-based analysis solutions ELK Stack and Sysmon.

• Annual Conference of KIPS
• /
• 2009.04a
• /
• pp.1489-1492
• /
• 2009

현대 사회는 IT 기술의 발전과 인터넷 및 디바이스의 발전으로 인해 다양한 기술이 융합된 컨버전스 현상이 급진전되고 있으며, 방송과 통신의 융합 흐름은 더욱 가속화될 전망을 보이고 있으며, 특히 현재 제공되고 있는 IPTV(Internet Protocol Television) 서비스를 통해 빠른 성장세를 보이고 있다. 그러나 이와 같은 IPTV는 기존 IP 네트워크 기반으로 서비스를 제공하고 있으며, 이는 이전의 사이버공격 기술이 그대로 적용될 수 있는 문제점을 내포하고 있다. 따라서 본 연구에서는 IPTV 실시간 방송 서비스 환경에서 AAA 서버를 이용한 멀티캐스트 키 관리 기술을 제안하였다. 멀티캐스트 키 구조는 계층적 트리 방식을 적용하였으며, ID 기반 멀티캐스트 키 관리 기술을 제안하여 안전하고 효율적인 서비스를 제공할 수 있도록 하였다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.15-23
• /
• 2021

In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

• Journal of Digital Contents Society
• /
• v.17 no.6
• /
• pp.499-507
• /
• 2016

The era of IoT, which figures exchanging data from the internet between things is coming. Recently, former electric power energy policy paradigm, namely Supply side paradigm, is changing, because electric power energy consumption is rapidly increasing. As new paradigm for this limit, convergence of existing electric power grid and ICT(Information and Communication Technology) will accelerate intellectualization of electric power device, its operation system. This change brought opened electric power grid. Consequently, attacks to the national electric power grid are increasing. On this paper, we will analyze security threats of existing IoT, discuss security weakness on electric power industry IoT and suggest needed security requirements, security technology.

• Annual Conference of KIPS
• /
• 2013.11a
• /
• pp.800-803
• /
• 2013

이메일을 기반으로 좀비PC 및 봇넷그룹을 탐지하는 알고리즘은 기존에 연구가 되었으나, 기존의 검증방식은 가상의 메일계정을 이용해 스팸메일을 수집하는 스팸트랩 시스템에서 추출한 이메일을 대상으로 하였다. 본 논문에서는 상용환경의 이메일을 대상으로 좀비PC를 탐지하고, 좀비PC를 이용한 추가 사이버 공격을 예방하기 위해 기존의 알고리즘을 보완하고, 이에 대한 좀비PC 탐지결과를 분석한다. 이를 통해, 주요 포탈 및 기업의 메일서버에서 수신하는 이메일을 대상으로 좀비IP를 탐지하여, 스팸메일을 차단하고 ISP와 연계하여 실제 조치를 유도할 수 있을 것으로 기대한다.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.231-236
• /
• 2018

Recently, a wide variety of IoT environment is being created due to the rapid development of information and communication technology. And accordingly in a variety of network structures, a countless number of attack techniques and new types of vulnerabilities are producing a social disturbance. In May of 2018, Talos Intelligence, the Cisco threat intelligence team has newly discovered 'VPN-Filter', which constitutes a large-scale IoT-based botnet, is infecting consumer routers in over 54 countries around the world. In this paper, types of IoT-based botnets and the attack techniques utilizing botnet will be examined and the countermeasure technique through EXIF metadata removal method which is the cause of connection method of C & C Server will be proposed by examining the characteristics of attack vulnerabilities and attack scenarios of VPN-Filter.