• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.209-212
• /
• 2021

현재 IT 보안 관제 시스템을 구축하여 사용하고 있는 기업들은 여러 보안 솔루션을 도입하고 있어 각 솔루션에 따라 서로 다른 IT 이상징후 탐지 모델을 필요로 하고 있다. 이에 따라 솔루션별로 상이한 모델이 필요하며, 유지보수에 어려움이 대두되었다. 이러한 보안 관제 시장의 문제를 해결하기 위해 요구된 것이 이기종 보안 솔루션의 공통 정보 모델로의 표준화 및 탐지 모델 체계화이다. 현재 JCIM은 보안 관제 시장에서 데이터를 공통 정보 모델로 표준화하고, 선택한 솔루션의 시나리오를 보여주며 즉시 탐지까지 가능한 제품을 구현하였다. 이를 통해 AI 기반의 이상 탐지 시나리오를 구현할 수 있는 인력을 양성하고, 이를 기반으로 다양한 고객(산업군)사에 적응하는 것을 기대한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.299-301
• /
• 2017

최근 다양한 산업들이 IT기술과 융합되어 비즈니스 환경이 변화하고, 핵심자산이 정보화됨에 따라 기업정보 유출의 위험성이 높아지고 있다. 이러한 유출 사건 사고는 끊임없이 증가하고 있기 때문에, 선행적으로 기업정보를 보호할 수 있는 보안환경이 구축되어야 한다. 이에 따라 기업정보 보안기술에 대한 연구와 투자는 꾸준히 증가하고 있으며, 다양한 보안 시스템이 개발되고 있다. 그러나 기업정보 보안기술에 대한 적절한 구분이 되어있지 않아 보안 시스템들이 서로 중복된 기능을 수행하고 있다. 중복된 기능의 보안 시스템 사용은 비용을 낭비할 뿐만 아니라, 효율적인 보안 관리를 하지 못하게 되는 문제가 발생한다. 따라서 본 논문에서는 이러한 문제점을 해결하고 균형 잡힌 기업정보 보안 시스템의 발전을 위해 선행연구를 통해 기업정보 보안 시스템에 관한 분류체계를 설계하였다. 향후 이 분류체계를 기반으로 메타분석을 실시하여, 그동안 진행된 기업정보 보안 시스템 분야에 대한 연구동향을 파악하고 학술적으로 연구자들에게 연구 방향성을 제시하고자 한다.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.103-110
• /
• 2019

Recently security related attacks occur in very diverse ways, aiming at people who operate the system rather than the system itself by exploiting vulnerabilities of the system. However, to the our best knowledge, there has been very few works to analyze and strategically to deal with the risks of social engineering attacks targeting people. In this paper, in order to access risks of social engineering attacks we analyze those attacks in terms of attack routes, attack means, attack steps, attack tools, attack goals. Then, with the purpose of accessing the organizational risks we consider the characteristics and environments of the organizations because the impacts of attacks on the organizations obviously depend on the characteristics and environments of the organizations. In addition, we analyze general attack risk assessment methods such as CVSS, CWSS, and OWASP Risk Rating Methodolog. Finally, we propose the risk access scheme of social engineering attacks for the organizations. The proposed scheme allows each organization to take its own proper actions to address social engineering attacks according to the changes of its environments.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.23-32
• /
• 2023

Container-based virtualization has attracted many attentions as an alternative to virtual machine technology because it can be used more lightly by sharing the host operating system instead of individual guest operating systems. However, this advantage may owe some vulnerabilities. In particular, excessive resource use of some containers can affect other containers, which is known as the noisy neighbor problem, so that the important property of isolation may not be guaranteed. The noisy neighbor problem can threat the availability of containers, so we need to consider the noisy neighbor problem as a security problem. In this paper, we investigate vulnerabilities on guarantee of isolation incurred by the noisy neighbor problem in container-based virtualization. For this we first analyze the structure of container-based virtualization environments. Then we present vulnerabilities in 3 functional layers and general directions for solutions with limitations.

• Journal of Industrial Convergence
• /
• v.20 no.3
• /
• pp.23-31
• /
• 2022

Recently, the importance of the role of the university information security department in nurturing security experts to defend against cyber attacks is increasing day by day. The current university security curriculum has a problem in that the proportion of theoretical education is high and the professionalism of practical education is relatively low. This study analyzed the recent educational programs of domestic and foreign security education institutions for the purpose of improving the practical ability of the Department of Security, designing a class model suitable for the core specialization process, and suggesting the direction. The proposed model improves the existing problems of basic class connection and security practice curriculum roadmap, and additionally explains the practice program of the five core specialized subjects. This study intends to contribute to the improvement of the quality of the curriculum and educational model of each university's security department.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.49-59
• /
• 2022

Cyber security in the automobile sector is a key factor in the life cycle of automobiles, and cyber security evaluation standards are being strengthened worldwide. In addition, not only manufacturers who design and produce automobiles, but also due to the nature of automobiles consisting of complex components and various parts, the safety of cybersecurity can be secured only when the implementation level of the cybersecurity management system of companies participating in the entire supply chain is evaluated and managed. In this study, I analyzed the requirements of ISO/SAE 21434 and TISAX, which are representative standards for evaluating automotive cybersecurity. Through a survey conducted on domestic/overseas company security officers and related experts, suitability and feasibility were reviewed according to priorities and industries, so 6 areas and 45 evaluation criteria were derived and presented as final evaluation items. This study is meaningful as a study in that it presented a model that allows companies participating in the automotive supply chain to evaluate the current cybersecurity management level of the company by first applying ISO/SAE 21434 and TISAX overall control processes before uniformly introducing them.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.101-110
• /
• 2017

The purpose of this study is to examine possibilities of industry secret information leakage through IoT devices and to prevent information leakage from the perspective of administrative and technique security. From the administrative security perspective, first, it is important to face the possibility of industry information data leakage through anyone who can access companies and should establish guidelines to limit the use of IoT devices when entering companies. Second, security management guideline should be prepared by companies or upon user's request and use of any electronic devices sharing wireless internet connection should be eliminated or restricted. From technique security perspective, channels that sharing IoT devices in computers should be controlled since industry secret information are stored in computers and servers. Furthermore, IoT devices that accessing wireless internet network or devices that already registered should be regularly checked in order to minimize any information leakage. Lastly, data and information stored in computers and servers should be encrypted.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.69-76
• /
• 2018

One of the most remarkable technologies in the era of the 4th industrial revolution is the interest in the field of smart cars. In the near future, it will not only be possible to move to a place where you want to ride a smart car, but smart cars, including artificial intelligence elements, can avoid sudden car accidents. However, as the field of smart automobiles develops, the risks are expected to increase. Therefore, based on the understanding of security vulnerabilities that may occur in smart car networks, we can apply safe information security technology using FIDO and attribute-based authorization delegation technique to provide smart car control technology that is safe and secure. I want to. In this paper, we show that the proposed method can solve security vulnerabilities by using secure smart car control technology. We will further study various proposals to solve security vulnerabilities in the field of smart car networks through future research.