• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.420-423
• /
• 2004

Advance of computer technique becomes efficient of business in recent years. It has become high-speed data transmission and large data transmission. Network and computer system need to increasingly security because advance of computer technique. So this paper analyzes IP Traceback system that prevent cyber attack as hacking and security vulnerability of network. And this paper design IP Traceback system that based on active network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.955-963
• /
• 2022

The Internet of Things (IoT), combined with various technologies, is rapidly becoming an integral part of our daily life. While it is rapidly taking root in society, security considerations are relatively insufficient, making it a major target for cyber attacks. Since all devices in the IoT environment are connected to the Internet and are closely used in daily life, the damage caused by cyber attacks is also serious. Therefore, encryption communication using a network security protocol must be considered for a service in a more secure IoT environment. A representative network security protocol includes TLS (Transport Layer Protocol) defined by the IETF. This paper analyzes the performance measurement results for TLS version 1.2 and version 1.3 in an IoT device open platform environment to predict the load of TLS, a representative network security protocol, in IoT devices with limited resource characteristics. In addition, by analyzing the performance of each major cryptographic algorithm in version 1.3, we intend to present a standard for setting appropriate network security protocol properties according to IoT device specifications.

• Smart Media Journal
• /
• v.13 no.6
• /
• pp.9-15
• /
• 2024

In recent trends, there has been an increase in 'Qshing' attacks, a hybrid form of phishing that exploits fake QR (Quick Response) codes impersonating government agencies to steal personal and financial information. Particularly, this attack method is characterized by its stealthiness, as victims can be redirected to phishing pages or led to download malicious software simply by scanning a QR code, making it difficult for them to realize they have been targeted. In this paper, we have developed a classification technique utilizing machine learning algorithms to identify the maliciousness of URLs embedded in QR codes, and we have explored ways to integrate this with existing QR code readers. To this end, we constructed a dataset from 128,587 malicious URLs and 428,102 benign URLs, extracting 35 different features such as protocol and parameters, and used AutoML to identify the optimal algorithm and hyperparameters, achieving an accuracy of approximately 87.37%. Following this, we designed the integration of the trained classification model with existing QR code readers to implement a service capable of countering Qshing attacks. In conclusion, our findings confirm that deriving an optimized algorithm for classifying malicious URLs in QR codes and integrating it with existing QR code readers presents a viable solution to combat Qshing attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.537-547
• /
• 2023

As Internet of Things (IoT) technology evolves, IoT devices are being utilized in a variety of fields. However, it has become a new surface of cyber attacks and is affecting industries that did not previously consider cyber breaches. After a intrusion occurs, post-processing and damage spread prevention are important, but it is difficult to respond due to the lackof standards and guidelines. Therefore, in order to respond to such incidents, this paper establishes an incident data collection procedure and presents the data that can be collected to improve the intrusion data acquisition method for general IoT devices. In addition, we proved the efficiency and feasibility of the data collection procedure through experiments.

• Annual Conference on Human and Language Technology
• /
• 2018.10a
• /
• pp.584-586
• /
• 2018

사이버 공격 기법이 다양해지고 지능화됨에 따라 침해사고 발생이 증가하고 있으며, 그에 따른 피해도 확산되고 있다. 이에 따라 보안 기업들은 다양한 침해사고를 파악하고 빠르게 대처하기 위하여 위협정보를 정리한 인텔리전스 리포트를 배포하고 있다. 하지만 인텔리전스 리포트의 형식이 정형화되어 있지 않고 점점 증가하고 있어, 인텔리전스 리포트를 수작업을 통해 분류하기 힘들다는 문제점이 있다. 이와 같은 문제를 해결하기 위해 본 논문에서는 개체명 인식 시스템을 활용하여 비정형 인텔리전스 리포트에서 위협정보를 자동으로 탐지하고 추출할 수 있는 모델을 제안한다.

• Review of KIISC
• /
• v.29 no.5
• /
• pp.21-30
• /
• 2019

우리나라는 세계 최초로 초고속 초연결 초저지연의 5G 이동통신 상용화에 성공하였다. 비록 아직은 4G LTE 코어망과 연계하여 5G 서비스를 제공하고 있지만, 향후 5G 코어망이 구축된 이후에는 완전한 5G 네트워크를 통해 5G 융합서비스가 본격화될 전망이다. 그러나, 우리 실생활과 밀접한 새로운 미래 혁신 서비스에 대한 기대와 열망 때문에 5G 네트워크 환경이 갖고 있는 잠재적 보안위협이나 취약점을 간과해서는 안된다. 보다 고도화되고 지능화되는 사이버 공격에 대응하기 위해 위협 대응전략 또한 고도화되어야 한다. 본 논문에서는 5G 보안 기술을 이해하기 위해 3GPP의 5G 보안 기술규격인 TS 33.501을 바탕으로 5G 보안의 근간을 이루는 구조적 특징과 4G 대비 주요 개선사항을 중심으로 소개한다.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.51-59
• /
• 2015

JavaScript is a popular technique for activating static HTML. JavaScript has drawn more attention following the introduction of HTML5 Standard. In proportion to JavaScript's growing importance, attacks (ex. DDos, Information leak using its function) become more dangerous. Since these attacks do not create a trail, whether the JavaScript code is malicious or not must be decided. The real attack action is completed while the browser runs the JavaScript code. For these reasons, there is a need for a real-time classification and determination technique for malicious JavaScript. This paper proposes the Analysis Engine for detecting malicious JavaScript by adopting the requirements above. The analysis engine performs static analysis using signature-based detection and dynamic analysis using behavior-based detection. Static analysis can detect malicious JavaScript code, whereas dynamic analysis can detect the action of the JavaScript code.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1119-1127
• /
• 2018

Most of the cyber attacks are caused by malicious codes. The damage caused by cyber attacks are gradually expanded to IoT and CPS, which is not limited to cyberspace but a serious threat to real life. Accordingly, various malicious code analysis techniques have been appeared. Dynamic analysis have been widely used to easily identify the resulting malicious behavior, but are struggling with an increase in Anti-VM malware that is not working in VM environment detection. On the other hand, static analysis has difficulties in analysis due to various packing techniques. In this paper, we proposed malware classification techniques regardless of known packers or unknown packers through the proposed model. To do this, we designed a model of supervised learning and unsupervised learning for the features that can be used in the PE structure, and conducted the results verification through 98,000 samples. It is expected that accurate analysis will be possible through customized analysis technology for each class.