• Title/Summary/Keyword: 사이버 공격 및 방어

Search Result 93, Processing Time 0.026 seconds

iRF: Integrated Red Team Framework for Large-Scale Cyber Defence Exercise (iRF: 대규모 사이버 방어 훈련을 위한 통합 레드팀 프레임워크)

  • Jang, In Sook;Cho, Eun-Sun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.1045-1054
    • /
    • 2021
  • As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

A Study on the Integrated Account Management Model (위험기반 통합계정관리모델에 관한 연구)

  • Kang, Yong-Suk;Choi, Kook-Hyun;Shin, Yong-Tae;Kim, Jong-Bae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.10a
    • /
    • pp.947-950
    • /
    • 2014
  • The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. This implies that essentially, advanced security management is required, from the perspective of 5A. The changes of IT environment are represented by Mobile, Cloud and BYOD. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. This study suggested an application method of the risk-based Airport model to the cyber security environment.

  • PDF

Research on Federated Learning with Differential Privacy (차분 프라이버시를 적용한 연합학습 연구)

  • Jueun Lee;YoungSeo Kim;SuBin Lee;Ho Bae
    • Annual Conference of KIPS
    • /
    • 2024.05a
    • /
    • pp.749-752
    • /
    • 2024
  • 연합학습은 클라이언트가 중앙 서버에 원본 데이터를 주지 않고도 학습할 수 있도록 설계된 분산된 머신러닝 방법이다. 그러나 클라이언트와 중앙 서버 사이에 모델 업데이트 정보를 공유한다는 점에서 여전히 추론 공격(Inference Attack)과 오염 공격(Poisoning Attack)의 위험에 노출되어 있다. 이러한 공격을 방어하기 위해 연합학습에 차분프라이버시(Differential Privacy)를 적용하는 방안이 연구되고 있다. 차분 프라이버시는 데이터에 노이즈를 추가하여 민감한 정보를 보호하면서도 유의미한 통계적 정보 쿼리는 공유할 수 있도록 하는 기법으로, 노이즈를 추가하는 위치에 따라 전역적 차분프라이버시(Global Differential Privacy)와 국소적 차분 프라이버시(Local Differential Privacy)로 나뉜다. 이에 본 논문에서는 차분 프라이버시를 적용한 연합학습의 최신 연구 동향을 전역적 차분 프라이버시를 적용한 방향과 국소적 차분 프라이버시를 적용한 방향으로 나누어 검토한다. 또한 이를 세분화하여 차분 프라이버시를 발전시킨 방식인 적응형 차분 프라이버시(Adaptive Differential Privacy)와 개인화된 차분 프라이버시(Personalized Differential Privacy)를 응용하여 연합학습에 적용한 방식들에 대하여 특징과 장점 및 한계점을 분석하고 향후 연구방향을 제안한다.

Design and Implementation of a Real-time Integrated Analysis Framework based on Multiprocessor Search Modules against Malicious Codes (악성코드 대응 MPSM기반 실시간통합분석체계의 설계 및 구현)

  • Moon, Yoon Jong
    • Convergence Security Journal
    • /
    • v.15 no.1
    • /
    • pp.69-82
    • /
    • 2015
  • This dissertation introduce how to react against the cybercrime and analysis of malware detection. Also this dissertation emphasize the importance about efficient control of correspond process for the information security. Cybercrime and cyber breach are becoming increasingly intelligent and sophisticated. To correspond those crimes, the strategy of defense need change soft kill to hard kill. So this dissertation includes the study of weak point about OS, Application system. Also this dissertation suggest that API structure for handling and analyzing big data forensic.

Attack and Defense Plan, Attack Scenarios on Voice of Internet Protocol (인터넷전화의 공격 시나리오 및 공격과 방어 방안)

  • Chun, Woo-Sung;Park, Dea-Woo;Chang, Young-Hyun
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.10a
    • /
    • pp.245-248
    • /
    • 2011
  • Voice over Internet protocol(VoIP) is call's contents using the existing internet. Thus, in common with the Internet service has the same vulnerability. In addition, unlike traditional PSTN remotely without physical access to hack through the eavesdropping is possible. Cyber terrorism by anti-state groups take place when the agency's computer network and telephone system at the same time work is likely to get upset. In this paper is penetration testing for security threats(Call interception, eavesdropping, misuse of services) set out in the NIS in the VoIP. In addition, scenario writing and penetration testing, hacking through the Voice over Internet protocol at the examination center will study discovered vulnerabilities. Vulnerability discovered in Voice over Internet protocol presents an attack and defense plan.

  • PDF

Trend and Prospect of Security System Technology for Network (네트워크를 위한 보안 시스템의 기술 개발 동향 및 전망)

  • Yang, Kyung-Ah;Shin, Dong-Woo;Kim, Jong-Kyu;Bae, Byung-Chul
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.18 no.5
    • /
    • pp.1-8
    • /
    • 2018
  • The latest cyber attack utilizing advanced technologies is more rapidly advancing than developing speed of defense technology, thereby escalates the security risk. In responding to this recent threat, academia and industries are developing some sophisticated security technologies applying various methods. Based on these technologies, security systems are used in many fields. This article aims to select noticeable network security related technologies for the security systems. In particular, we compared and analyzed the trend, performance, and functions of both foreign and domestic technologies in regard to UTM having the largest portions among network security systems so far. We will also discuss the prospect for the change in network infrastructure due to the emergence of the next-generation network technology.

Machine Learning Based APT Detection Techniques for Industrial Internet of Things (산업용 사물인터넷을 위한 머신러닝 기반 APT 탐지 기법)

  • Joo, Soyoung;Kim, So-Yeon;Kim, So-Hui;Lee, Il-Gu
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.449-451
    • /
    • 2021
  • Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

  • PDF

Design of N-IDS Log optimization system using correlativity of asset, vulnerability and threat (네트워크의 자산, 취약점 및 위협의 상관성을 이용한 N-IDS Log 최적화 시스템 설계)

  • 문호건;최진기
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.153-159
    • /
    • 2003
  • 수많은 정보자산들이 네트워크를 통해 연결된 환경에서 사이버 공격으로부터 정보자산들을 효과적으로 방어하기 위한 기본적인 수단으로 네트워크 침입탐지 시스템과 취약점 분석 시스템이 활용되고 있다. 그러나 네트워크 보안을 위해 개별적으로 운용되고 있는 네트워크 침입탐지 시스템과 취약점 분석 시스템이 보안관리 측면에서 오히려 보안 운용자의 부담을 가중시키는 요인으로 작용하고 있는 것이 현실이다. 따라서, 본 연구에서는 네트워크 보안 관리에 필수적인 정보 요소인 네트워크 자산, 취약점 및 위협이 갖는 의미와 상관성을 분석하고, 네트워크 침입탐지 시스템과 취약점 분석 시스템이 제공하는 정보들을 상호 연동하여 네트워크 침입탐지 시스템이 탐지하는 불필요한 경보정보의 양을 대폭 줄여 Log관리를 최적화할 수 있는 시스템을 구축하기 위한 설계방법을 제시하였다.

  • PDF

Cyber Attack and Defense Modeling Using Vulnerability Metrics (취약성 매트릭스를 이용한 사이버 공격 및 방어 모델링)

  • Lee Jang-Se;Chi Sung-Do;Choi Gyoo-Seok
    • Journal of the Korea Society for Simulation
    • /
    • v.13 no.3
    • /
    • pp.11-20
    • /
    • 2004
  • The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (i) it is able to analyze behaviors of systems being emerged by interaction between functional elements of network components, (ii) it is able to analyze vulnerability in quantitative manner, and (iii) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

  • PDF

Cyber Attack and Defense Modeling Using Vulnerability Metrics (취약성 매트릭스를 이용한 사이버 공격 및 방어 모델링)

  • 이장세;지승도
    • Proceedings of the Korea Society for Simulation Conference
    • /
    • 2003.06a
    • /
    • pp.191-198
    • /
    • 2003
  • The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (ⅰ) it is able to analyze behaviors of system emerged by interaction with functional elements of components composing network and each other, (ⅱ) it is able to analyze vulnerability in quantitative manner, and (ⅲ) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

  • PDF