• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.5
• /
• pp.397-401
• /
• 2023

The study presents milestones for the Korean military to win the future battlefield based on the 4th Industrial Revolution. Chapter 1 deals with the necessity of research on how advanced countries operate industrial technology in the defense sector based on the 4th Industrial Revolution. Chapter 2 examines the current technology status of the 4th Industrial Revolution in Korea and the concept of Korean combat. Chapter 3 analyzes the military robotic technology of advanced military countries through examples of unmanned combat robots in the United States, Israel, and Germany. In the end, in future battles, it will be possible to dominate the battlefield only by taking a leap into a super-connected and super-intelligent military based on a high-tech platform. Our military should also research and develop military robotics in accordance with the characteristics of each combat system, and further expand and develop the concept of combat performance to protect our core capabilities and centers from enemy cyber, electronic warfare, and space attacks.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.295-310
• /
• 2014

DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.847-857
• /
• 2018

As the number of malicious code increases steeply, cyber attack victims targeting corporations, public institutions, financial institutions, hospitals are also increasing. Accordingly, academia and security industry are conducting various researches on malicious code detection. In recent years, there have been a lot of researches using machine learning techniques including deep learning. In the case of research using Convolutional Neural Network, ResNet, etc. for classification of malicious code, it can be confirmed that the performance improvement is higher than the existing classification method. However, one of the characteristics of the target attack is that it is custom malicious code that makes it operate only for a specific company, so it is not a form spreading widely to a large number of users. Since there are not many malicious codes of this kind, it is difficult to apply the previously studied machine learning or deep learning techniques. In this paper, we propose a method to classify malicious codes when the amount of samples is insufficient such as targeting type malicious code. As a result of the study, we confirmed that the accuracy of 97% can be achieved even with a small amount of data by applying the Memory Augmented Neural Networks model.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.9
• /
• pp.504-509
• /
• 2019

Recently, both wireless communications technology and the performance of small devices have developed exponentially, while the number of services using various types of Internet of Things (IoT) devices has also massively increased in line with the ongoing technological and environmental changes. Furthermore, ever more devices that were previously used in the offline environment-including small-size sensors and CCTV-are being connected to the Internet due to the huge increase in IoT services. However, many IoT devices are not equipped with security functions, and use vulnerable open source software as it is. In addition, conventional network equipment, such as switches and gateways, operates with vulnerabilities, because users tend not to update the equipment on a regular basis. Recently, the simple vulnerability of IoT devices has been exploited through the distributed denial of service (DDoS) from attackers creating a large number of botnets. This paper proposes a system that is capable of identifying Internet-connected devices quickly, analyzing and managing the vulnerability of such devices using Internet-wide scan technology. In addition, the vulnerability analysis rate of the proposed technology was verified through collected banner information. In the future, the company plans to automate and upgrade the proposed system so that it can be used as a technology to prevent cyber attacks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.