• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.2
• /
• pp.483-491
• /
• 2023

Due to the spread of mobile devices, the use of mobile electronic notification services is increasing. For the mobile electronic notification service, the connecting information is required to identify the owner of the mobile device and the recipient of the notification. The connecting information is an online resident registration number, and safe management is essential. Therefore, in this paper, the processing flow, interconnecting standard, and management plan are proposed when a mobile electronic notification requesting agency requests the identity verification agency to convert the resident registration number of the recipient of the electronic notification to connecting information. In the proposed method, it is suggested that a safe mobile electronic notification service is possible by defining the process of collective conversion of connecting information between private organizations and personal identity proofing agency, information transmission and reception methods, and interworking standards.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.159-166
• /
• 2023

Humanities are as crucial as the technology itself in the intelligent information society. Human-centered convergence information technology (IT), which reflects emotional and human nature, can be considered a unique technology with an optimistic outlook in the unpredictable future. Based on this research background, this paper proposed an education model that can improve the IT humanities capabilities of various learners, including elementary and secondary students, prospective teachers, incumbent teachers, school managers, and the general public, through analysis of previous studies on convergence education models. Furthermore, the practical aspects of the proposed model were closely examined so that the proposed education model could be stably incorporated and utilized in the educational field. There are seven strategies for implementing the education model proposed in this paper, including research on textbooks, teaching and learning materials, activation of research results, maker space creation, global joint research, online education operation, developing living lab governance, and diversification of self-sustaining platforms for sustainable and practical education. In the future, validity verification through expert Delphi is required as a follow-up study.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.5
• /
• pp.165-170
• /
• 2023

With the recent rise of blockchain technology, cryptocurrency platforms using it are increasing, and currency transactions are being actively conducted. However, crimes that abuse the characteristics of cryptocurrency are also increasing, which is a problem. In particular, phishing scams account for more than a majority of Ethereum cybercrime and are considered a major security threat. Therefore, effective phishing scams detection methods are urgently needed. However, it is difficult to provide sufficient data for supervised learning due to the problem of data imbalance caused by the lack of phishing addresses labeled in the Ethereum participating account address. To address this, this paper proposes a phishing scams detection method that uses both Trans2vec, an effective graph embedding techique considering Ethereum transaction networks, and semi-supervised learning model Tri-training to make the most of not only labeled data but also unlabeled data.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.43-50
• /
• 2019

With the development of IT technology, computer-related crimes are rapidly increasing, and in recent years, the damage to ransomware infections is increasing rapidly at home and abroad. Conventional security solutions are not sufficient to prevent ransomware infections, and to prevent threats such as malware and ransomware that are evolving, a combination of deep learning technologies is needed to detect abnormal behavior and abnormal symptoms. In this paper, a method is proposed to detect user abnormal behavior using CNN-LSTM model and various deep learning models. Among the proposed models, CNN-LSTM model detects user abnormal behavior with 99% accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.707-724
• /
• 2024

Recently, Golang has been gaining attention in programming language rankings each year due to its cross-compilation capabilities and high code productivity. However, malware developers have also been increasingly using it to distribute malware such as ransomware and backdoors. Interestingly, Golang, being an open-source language, frequently changes the important values and configuration order of a crucial structure called Pclntab, which includes essential values for recovering deleted symbols whenever a new version is released. While frequent structural changes may not be an issue from a developer's perspective aiming for better code readability and productivity, it poses challenges in cybersecurity, as new versions with modified structures can be exploited in malware development. Therefore, this paper proposes GoAsap, a detection and analysis system for Golang executables targeting the new versions, and validates the performance of the proposed system by comparing and evaluating it against six existing binary analysis tools.

• The Transactions of the Korea Information Processing Society
• /
• v.13 no.9
• /
• pp.429-436
• /
• 2024

As Large Language Models (LLMs) continue to advance, effectively harnessing their potential has become increasingly important. LLMs, trained on vast datasets, are capable of generating text across a wide range of topics, making them useful in applications such as content creation, machine translation, and chatbots. However, they often face challenges in generalization due to gaps in specific or specialized knowledge, and updating these models with the latest information post-training remains a significant hurdle. To address these issues, Retrieval-Augmented Generation (RAG) models have been introduced. These models enhance response generation by retrieving information from continuously updated external databases, thereby reducing the hallucination phenomenon often seen in LLMs while improving efficiency and accuracy. This paper presents the foundational architecture of RAG, reviews recent research trends aimed at enhancing the retrieval capabilities of LLMs through RAG, and discusses evaluation techniques. Additionally, it explores performance optimization and real-world applications of RAG in various industries. Through this analysis, the paper aims to propose future research directions for the continued development of RAG models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.785-802
• /
• 2017

As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.

• Vending industry
• /
• v.3 no.1 s.9
• /
• pp.64-69
• /
• 2004

고수익을 미끼로 한 자판기 분양사기가 최근 급증하고 있어 큰 문제가 되고 있다. 무조건 자판기 수익성만을 과대포장하여 투자자들의 `묻지마` 투자를 유도한 후 돈만 챙기고 사업에서 손을 떼어버리는 사기행각은 그 피해대상이 대부분 서민이라는 점에서 문제의 심각성을 더한다. 자판기가 불법 자금 모집을 통해 사기의 대상으로 외부 인식이 악화되어 버린다면 자판기 산업의 입지 역시 크게 좁혀 질 수 밖에 없다. 자판기 품목에 있어서는 불법자금모집의 대표적인 사례가 되는 경우는 확정수익을 보장한다며 투자자를 모집하는 경우이다. 그 후 일정기간동안 수익을 보장하며 투자자를 안심시킨 다음 일순간 돌변하여 자금을 챙겨 잠적을 하는 수순을 밝는다. 선의의 투자자들은 이럴 경우 엄청난 피해를 입게 되는 게 보통이다. 대개의 경우 기계 1~2대의 소량물량이 아닌 5대~l0대 단위의 투자를 유도하기 때문이다. 이제는 자판기 산업에 있어 이러한 악성 불법자금 모집업체들이 근절되어야 한다. 이 불법 사기행각의 대상이 더 이상 자판기 분야에 발을 붙이지 못하도록 하는 제도적 비책이 시급히 강구 되어야 한다. 이러한 가운데 금융감독원 비은행감독국 비제도금융조사팀에서는 올들어 지난 9월말까지 고수익을 미끼로 투자자금을 모집하다가 금감원에 적발된 유사 금융업체 85개사 명단을 사법당국에 통보했다. 불법자금모집 업체들이 투자자들을 유혹하기위해 미끼로 내세운 사업을 종류별로 보면 자판기, 게임기, 컴퓨터단말기 등 특정상품 운영권 제공이 29개사로 가장 많고, 사이버 쇼핑몰 및 인터넷사업(18개사), 납골당 등 부동산 투자(12개사), 영화등 문화 및 레저사업(10개사), 영화문화 및 레저산업(10개사), 벤처투자사(9개사) 등이었다. 자판기 분야에 있어서는 주로 성인용품자판기, 복권자판기 등의 품목이 불법자금 모집의 집중 타킷이 되었다. 금감원은 최근들어 유사 금융업체의 자금모집이 전문가도 속을 정도로 지능화하고 있다며 개인투자자들이 피해를 예방할 수 있는 불법업체 식별법을 금감원 인터넷 사이트(www.fss.or.kr)에 게시했다. 금감원은 특히 사업현황에 대해 지나치게 보안을 유지하는 업체, 1백$\%$이상의 터무니없는 고수익을 보장한다고 광고하는 업체, 제도권 금융회사의 지급보증을 강조하는 업체에 대해서는 투자에 앞서 금감원이나 업종 관련 정부당국에 사실여부를 확인해 보고 투자여부를 결정하라고 통보했다. 아울러 금감원은 금융소비자들이나 자판기 업계에서 불법자금 모집업체를 발견하여 전화(02-3786-8155~9)나 인터넷소비자 보호센터와 경찰에 신고해줄 것을 요청했다. 이제는 산업계도 더 이상 자판기 분야의 불법자금업체를 방치하지 말고 적극적인 금감원 신고를 통해 시장을 정화할 수 있게 해야 한다. 미꾸라지 한두마리가 온 개천 물 다 흐려놓는 이치처럼 자판기불법자금업체들로 인해 전체 산업에 미치는 영향이 실로 심각함을 인식해야 할 때이다. 금호 산업정보에서는 산업계에서 불법자금업체 근절에 많은 관심을 가질 수 있게 하기 위해 금융감독원 비은행감독국 비제도금융조사팀에서 배포한 $\ulcorner$불법자금 모집업체 고수익 보장 유혹에 주의$\lrcorner$ 에 대한 보도자료의 세부내용을 게재한다.

• Journal of the Korea Convergence Society
• /
• v.8 no.8
• /
• pp.41-49
• /
• 2017

The 'NIST Framework and Road Map for Smart Grid Interoperability Standards' proposes an architecture framework to secure the direction of development and standard interoperability of smart grid and provides a list of identified standard, standard cyber security strategies, and certification framework. In particular, SEP 2.0 and OpenADR 2.0 are the examples. SEP 2.0 and OpenADR 2.0 can functionally link HEMS and Smart Grid, but interoperability standards between the two protocols are not planned in above document. The OpenADR Alliance also announced that work is underway to define mapping tables for interoperability between OpenADR 2.0 and SEP 2.0, but no information is yet available. Therefore, In this paper, in developing energy efficiency improvement HEMS, we propose a mapping model that supports syntactic and semantic founded interoperability between SEP 2.0 and OpenADR 2.0b for ICT grid convergence based on the standard specification document of each protocol and confirmed through an example of the semantic mapping function based on the demand response service scenario.