• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.60-69
• /
• 2013

Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

• The Journal of Korean Society for Radiation Therapy
• /
• v.30 no.1_2
• /
• pp.153-160
• /
• 2018

Purpose : We retrospectively analyzed doses of each radiation therapy technique used in the treatment for left breast cancer patients after partial mastectomy through dose results for normalorgans and tumor volume to use this as a clinical reference for radiation therapy of domestic left breast cancer patients. Materials and Methods : 40 patients who underwent partial mastectomy on left breast cancer were classified in 3 treatment methods. The treatment plan was evaluated by HI(homogeneity index), $D_{95%}$, and CI(conformity index), and the $V_{hot}$ for gross tumor volume and clinical target volume of each treatment method. In Cyberknife treatment, tumor volume was the same as high dose volume in the other techniques, so no consideration was given to clinical target volume. Treatment plan evaluation for normal organs were evaluated by mean dose on ipsilateral lung, heart, left anterior descending artery, opposite breast and lung, and non-target tissue. Result : Treatment with volumetric arc radiotherapy(VMAT) showed $95.84{\pm}0.75%$ of $D_{95%}$ on the clinical target volume, significantly higher than that of 3D-CRT. The $D_{95%}$ value of the total tumor volume was slightly higher than the other treatments. In Cyberknife treatment, the dose to the normal organs was significantly lower than other treatments. Overall, the maximum dose and mean dose to the heart were $26.2{\pm}6.12Gy$ and $1.88{\pm}0.2Gy$ in VMAT treatment and $20.25{\pm}9.35Gy$ and $1.04{\pm}0.19Gy$ in 3D-CRT therapy, respectively. Conclusion : In comparison on 3D-CRT and VMAT, most of the dosimetric parameters for the evaluation of the treatment plan showed similar values, so that there is no significant difference in treatment plan evaluation. It is possible to select the treatment method according to the patient's anatomical structure or possibility of breath control. Cyberknife treatment is very useful treatment for normal organs because of its accurate dose exposure to the tumor volume However, it has restrictions to treat the local area, to have relatively long treatment time and to involve invasive procedure.

• Annual Conference of KIPS
• /
• 2016.04a
• /
• pp.259-262
• /
• 2016

최근 중요 인프라 업계에서 주로 다뤄지는 제어시스템을 표적으로 한 사이버 공격으로 Stuxnet에 이어 Havex RAT, BlackEnergy2 라고 하는 멀웨어(Malware)를 이용한 사건이 많이 증가하고 있다. 제어시스템의 새로운 공격 방법에 대한 대책으로 시스템 입구와 내부조직에 대한 대책을 강화하기 위한 필요성이 요구되어 왔지만 그러한 대책은 한정되어 있다. 본 논문에서는 보안대책에 필요한 인증 취득에 있어서 기준이 되는 국제 표준인 ISASecure(R)EDSA 인증제도에 착목했다. 인증평가는 요구요건이 중복되는 불필요한 인증평가 작업을 최소화 하는 것으로 인증 취득 시 발생되는 코스트를 절감할 수 있으며 기존의 정보 보안 관리체계(lSMS)의 인증을 취득하고 있는 기업이나 조직이면 제어시스템의 인증 기준으로 추가된 차분 요건만으로 취득이 가능 할 수 있을 것으로 상정된다. 이러한 제어시스템의 보안을 구현하기 위해 IACS(Industrial Automation and Control System)에서 표준화로 제정한 IEC62443 시리즈를 참조하여 세계각국에서 사용되는 제어시스템을 대상으로 인증(EDSA) 요구사항의 차분을 도출하는 수법을 제안하고자 한다.

• Korean Journal of Culture and Social Issue
• /
• v.26 no.1
• /
• pp.1-23
• /
• 2020

The purpose of this study was to analyze responses as bystanders of middle school girls in a simulated cyberbullying situation. This study also aimed to examine effects of bullying, victimization, anger-out, and state-anger on responses from girls as bystanders. The participants were composed of 2nd or 3rd grade middle school girls(N=59). Responses were classified into 7 categories(using explicit language, attacking, pass, changing topic, comforting victims, others, and conformity). Of these, attackings were classified according to the target(bully, victim, both, and ambiguous object). It was again classified as 'attacking response' and 'helping response' and was scored and summed according to the strength of the response and used as a dependent variable. Collected data were analyzed by correlation analysis and multiple regression analysis. The results of this study are as follows: First, the most frequent response was 'the others'(41.69%) followed by 'using explicit language'(20.34%), 'passing'(13.56%), 'attacking bully'(8.81%), 'conformity'(8.64%), 'changing topic'(6.61%), and 'comforting victim'(0.34%). Second, responses of attacking victim were positively influenced by the previous bullying experiences and acting anger-out, and were negatively influenced by the previous victimization experience. State-anger has a positively influenced on responses of the attacking bully and the helping victim. None of the variables were significant influenced on responses of the attacking both and ambiguous object. These results will be useful data to help middle school girls as bystanders properly intervene in cyberbullying situation. Finally, the limitations of this study were discussed along with suggestions for further research.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.15-23
• /
• 2021

In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.198-201
• /
• 2022

Recently, new cyber threats targeting new technologies are increasing, and hackers' attack targets are becoming broader and more intelligent. To counter these attacks, major security companies are using traditional EDR (Endpoint Detection and Response) solutions. However, the conventional method does not consider the context, so there is a limit to the accuracy and efficiency of responding to an advanced attack. In order to improve this problem, the need for a security solution centered on XDR (Extended Detection and Response) has recently emerged. In this study, we present effective threat detection and countermeasures in a changing environment through XDR trends and development roadmaps using machine learning-based context analysis.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.