• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.411-422
• /
• 2021

The autonomous driving system mounted on the unmanned vehicle recognizes the external environment through several sensors and derives the optimum control value through it. Recently, studies on physical level attacks that maliciously manipulate sensor data by performing signal-injection attacks have been published. signal-injection attacks are performed at the physical level and are difficult to detect at the software level because the sensor measures erroneous data by applying physical manipulations to the surrounding environment. In order to detect a signal-injection attack, it is necessary to verify the dependability of the data measured by the sensor. As so far, various methods have been proposed to attempt physical level attacks against sensors mounted on autonomous driving systems. However, it is still insufficient that methods for defending and detecting the physical level attacks. In this paper, we demonstrate signal-injection attacks targeting MEMS sensors that are widely used in unmanned vehicles, and propose a method to detect the attack. We present a signal-injection detection model to analyze the accuracy of the proposed method, and verify its effectiveness in a laboratory environment.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.151-162
• /
• 2021

Steganography is an advanced technique that hides secret messages by transforming them into subtle noise and spreading them within multimedia files such as images, video and audio. This technology has been exploited in a variety of espionage and cyber attacks. SNS messenger is an attractive SNS Service platform for sending and receiving multimedia files, which is the main medium of steganography. In this study, we proposed two noble steganography communication techniques that guarantee the complete reception rate through the use of thumbnail images in the SNS messenger environment. In addition, the feasibility was verified through implementation and testing of the proposed techniques in a real environment using KakaoTalk, a representative SNS messenger in south korea. By proposing new steganography methods in this study, we re-evaluate the risk of the steganography methods and promoted follow-up studies on the corresponding defense techniques.

• Journal of Industrial Convergence
• /
• v.20 no.3
• /
• pp.23-31
• /
• 2022

Recently, the importance of the role of the university information security department in nurturing security experts to defend against cyber attacks is increasing day by day. The current university security curriculum has a problem in that the proportion of theoretical education is high and the professionalism of practical education is relatively low. This study analyzed the recent educational programs of domestic and foreign security education institutions for the purpose of improving the practical ability of the Department of Security, designing a class model suitable for the core specialization process, and suggesting the direction. The proposed model improves the existing problems of basic class connection and security practice curriculum roadmap, and additionally explains the practice program of the five core specialized subjects. This study intends to contribute to the improvement of the quality of the curriculum and educational model of each university's security department.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.77-94
• /
• 2015

As Internet has become a popular media for sharing information, users create and share tremendous volume of information including large amount of personal information in cyberspace. Sharing private information online can enhance strength of social relationship but it could also bring negative consequences like information privacy invasion. Although many companies and governments address the importance of information privacy online, there are countless cases of crimes and hackings relating personal information online world wide. Since there are some researches investigating the role of governments and organizations on online privacy domain but there is little research regarding users' privacy protection behaviors. This study investigates relationship between Internet users' information privacy protection behavior and environmental factors. Especially, this study focuses on users' behaviors regarding information privacy protection technology adoption. According to our research results, users' online privacy protective behaviors positively affected by governmental regulations expressed as an information privacy protection law. In addition, if user is allowed to use anonymity when he or she uses online services, they have more tendencies to adopt privacy protection technologies. The detailed research findings and contribution are discussed as well.

• Journal of Internet Computing and Services
• /
• v.22 no.4
• /
• pp.1-11
• /
• 2021

As the Internet developed, various and complex cyber attacks began to emerge. Various detection systems were used outside the network to defend against attacks, but systems and studies to detect attackers inside were remarkably rare, causing great problems because they could not detect attackers inside. To solve this problem, studies on the lateral movement detection system that tracks and detects the attacker's movements have begun to emerge. Especially, the method of using the Remote Desktop Protocol (RDP) is simple but shows very good results. Nevertheless, previous studies did not consider the effects and relationships of each logon host itself, and the features presented also provided very low results in some models. There was also a problem that the model could not explain why it predicts that way, which resulted in reliability and robustness problems of the model. To address this problem, this study proposes an interpretable RDP-based lateral movement detection system using page rank algorithm and SHAP(Shapley Additive Explanations). Using page rank algorithms and various statistical techniques, we create features that can be used in various models and we provide explanations for model prediction using SHAP. In this study, we generated features that show higher performance in most models than previous studies and explained them using SHAP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1087-1101
• /
• 2020

Various security devices are used to protect internal networks and valuable information from rapidly evolving cyber attacks. Firewall, which is the most commonly used security device, tries to prevent malicious attacks based on a text-based filtering rule (i.e., access control policy), by allowing or blocking access to communicate between inside and outside environments. However, in order to protect a valuable internal network from large networks, it has no choice but to increase the number of access control policy. Moreover, the text-based policy requires time-consuming and labor cost to analyze various types of vulnerabilities in firewall. To solve these problems, this paper proposes a 3D-based hierarchical visualization method, for intuitive analysis and management of access control policy. In particular, by providing a drill-down user interface through hierarchical architecture, Can support the access policy analysis for not only comprehensive understanding of large-scale networks, but also sophisticated investigation of anomalies. Finally, we implement the proposed system architecture's to verify the practicality and validity of the hierarchical visualization methodology, and then attempt to identify the applicability of firewall data analysis in the real-world network environment.

• The Journal of Society for e-Business Studies
• /
• v.26 no.4
• /
• pp.37-52
• /
• 2021

Due to the spread of COVID-19, it is rapidly changing from face-to-face to non-face-to-face work environments and is changing to a digital work environment that can be accessed anytime, anywhere, providing convenience to all lives. However, the number of breaches, personal information leakage, and technology leakage targeting SMEs that are vulnerable to security continues to increase. Accordingly, the government has been continuously promoting the information security consulting support project for SMEs every year since 2014. Therefore, this study intends to develop a performance model and measurement methodology for continuous and more systematic support and efficient management of information protection support projects in consideration of the importance of information security for SMEs. It is intended to be used as basic data when setting future operational directions and goals. The main method of this study is to derive performance models and indicators for SME information security support projects based on domestic literature, case studies, and survey results, utilize expert advice to verify the developed performance measurement indicators, and use pilot-test questionnaires. Conduct evaluation through surveys. Based on the verified indicators, we would like to present a performance model and measurement index for the information security support project for SMEs.