• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.225-238
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. In this paper, we propose a framework for user behavior analysis for bot detection in online games. Specifically, we focus on party play that reflects the social activities of gamers: In a Massively Multi-user Online Role Playing Game (MMORPG), party play log includes a distinguished information that can classify game users under normal-user and abnormal-user. That is because the bot users' main activities target on the acquisition of cyber assets. Through a statistical analysis of user behaviors in game activity logs, we establish the threshold levels of the activities that allow us to identify game bots. Also, we build a knowledge base of detection rules based on this statistical analysis. We apply these rule reasoner to the sixth most popular online game in the world. As a result, we can detect game bot users with a high accuracy rate of 95.92%.

• Smart Media Journal
• /
• v.9 no.4
• /
• pp.109-117
• /
• 2020

Recently, with the advent of the 4th industrial revolution, digital twins are emerging as an important technology that connects and integrates physical systems and cyber systems. In this article, we analyzed the major requirements of digital twins required for the construction of digital twins of power equipments in the energy field, focusing on the industry 4.0-based Asset Administration Shell(AAS). However, since not so many studies have been conducted yet on a common platform or demonstration model for implementing digital twins both domestically and internationally, digital twin requirements are analyzed with the consideration of digital twinning of power equipment in the energy field. Also, we suggested necessary procedures and specific functions of AAS to establish a smart energy digital twin in the future by analyzing the core requirements necessary for the construction and designing the AAS design for specific power equipment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.243-253
• /
• 2022

Recently, cyber attacks on national infrastructure facilities have continued to occur. As a result, the vulnerabilities of ICS-CERTs have more than doubled from last year, and the vulnerabilities to industrial control systems such as nuclear facilities are increasing day by day. Most control system operators formulate vulnerability countermeasures based on the vulnerability information sources of industrial control systems provided by ICS-CERT in the United States. However, it is difficult to apply this to the security of domestic control systems because ICS-CERT does not contain all relevant vulnerability information and does not provide vulnerabilities to domestic manufacturer's products. In this research, we will utilize publicly available vulnerability-related information such as CVE, CWE, ICS-CERT, and CPE to discover vulnerabilities that may exist in control system assets and may occur in the future. I proposed a plan that can predict possible vulnerabilities and applied it to information on major domestic control systems.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.2
• /
• pp.301-306
• /
• 2023

Convergeance in the military operations can be attained by simultaneously integrating effects based on sensor, C2, shooter asset in multi-domain and there is no exception to special operations. However, because of challenges from enemy, terrain, geopraphy, and weather, it's not easy to intertwine effects created from ground, sea, air, cyber and electromagnetic spectrum, and space in special operations conducted in deep area. This study presented how to intertwine high-tech such as long-rane reconnaissance·strike drone, cutting-edge sensor, jamming pod, and modular repeater in order to offset aforementioned challenges. Several new high-tech are able to strengthen convergeance of special operations in accordance with the development of the 4th industrial revolution. Therefore, follow-up studies need to be continued making an efforts to search for them.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.19-26
• /
• 2023

The impact of environmental, social and governance (ESG) performance on investors' decision-making is growing. Investors' focus on the financial performance of firms in the past is expanding to the non-financial performance of the interests of stakeholders surrounding firms. Against this backdrop, this study conducted a panel regression analysis on firms evaluated by Korea Corporate Governance Service to analyze the impact of ESG performance, a firm's non-financial performance, on firm risk. According to the analysis, ESG performance has a negative (-) effect on all three firm risks (systematic risk, unsystematic risk, and total risk), indicating that the stakeholder theory and risk management theory are supported. The implications of this study are: First, ESG reduces not only unsystematic risk but also broad and indiscriminate systematic risk; Second, investors can reduce the risk of their investment portfolio by executing ESG investments; Third, companies can achieve stable financial performance even in adverse circumstances by utilizing the insurance function of ESG management; Lastly, the government can enhance the stability of the financial market while improving the financial soundness of firms through reasonable ESG-related regulations.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.73-81
• /
• 2023

The progress in science and technology has widened the scope of the battlefield, leading to the emergence of cyber electronic warfare that exploits electromagnetic waves and networks. Drones have become more important due to advancements in battery technology and navigation systems. Nevertheless, tackling drone threats comes with its own set of difficulties. Radar plays a vital role in detecting drones, offering long-range capabilities and independence from weather conditions. However, the battlefield presents unique challenges like dealing with high levels of signal noise and ensuring the safety of the detection assets. This paper proposes various approaches to improve the operation of drone detection radar in cyber electronic warfare, with a focus on enhancing signal processing techniques, utilizing low probability of interception (LPI) radar, and implementing optimized deployment strategies.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.7
• /
• pp.99-107
• /
• 2024

In an environment where computer-related technologies are rapidly changing, cyber threats continue to emerge as they are advanced and diversified along with new technologies. Therefore, in this study, we would like to collect security-related news articles, conduct LDA topic modeling, and examine trends. To that end, news articles from January 2020 to August 2023 were collected and major topics were derived through LDA analysis. After that, the flow by topic was grasped and the main origin was analyzed. The analysis results show that ransomware attacks in 2021 and hacking of virtual asset exchanges in 2023 are major issues in the recent security sector. This allows you to check trends in security issues and see what research should be focused on in the future. It is also expected to be able to recognize the latest threats and support appropriate response strategies, contributing to the development of effective security measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.123-131
• /
• 2015

Bright development of information communication is caused by usabilities and another case to our society. That is, the surveillance which is unlimited to electronic equipment is becoming a transfiguration to a possible society, and there is case that was able to lay in another disasters if manage early error. Be what is living on at traps of surveillance through the Smart phones which a door of domicile is built, and the plane western part chaps, and we who live on in these societies are installed to several places, and closed-circuit cameras (CCTV-Closed Circuit Television) and individual use. On one hand, while the asset value which was special of enterprise for marketing to enterprise became while a collection was easily stored development of information communication and individual information, the early body which would collect illegally was increased, and affair actually very occurred related to this. An investigation agency is endeavored to be considered the digital trace that inquiry is happened by commission act to the how small extent which can take aim at a duty successful of the inquiry whether you can detect in this information society in order to look this up. Therefore, procedures to be essential now became while investigating affair that confiscation search regarding employment trace of a computer or the telephone which delinquent used was procedural, and decisive element became that dividing did success or failure of inquiry whether you can collect the act and deed which was these electronic enemy. By the way, at this time a lot of, in the investigation agencies the case which is performed comprehensively blooms attachment while rummaging, and attachment is trend apprehension to infringe discretion own arbitrary information rising. Therefore, a lot of nation is letting you come into being until language called exile 'cyber' while anxiety is exposed about comprehensive confiscation search of the former information which an investigation agency does. Will review whether or not there is to have to set up confiscation search ambit of electronic information at this respect how.