• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.669-677
• /
• 2020

As the number of Internet users exploded, attacks on the web increased. In addition, the attack patterns have been diversified to bypass existing defense techniques. Traditional web firewalls are difficult to detect attacks of unknown patterns.Therefore, the method of detecting abnormal behavior by artificial intelligence has been studied as an alternative. Specifically, attempts have been made to apply natural language processing techniques because the type of script or query being exploited consists of text. However, because there are many unknown words in scripts and queries, natural language processing requires a different approach. In this paper, we propose a new classification model which uses byte pair encoding (BPE) technology to learn the embedding vector, that is often used for web attack payloads, and uses an attention mechanism-based Bi-GRU neural network to extract a set of tokens that learn their order and importance. For major web attacks such as SQL injection, cross-site scripting, and command injection attacks, the accuracy of the proposed classification method is about 0.9990 and its accuracy outperforms the model suggested in the previous study.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.119-132
• /
• 2006

The network based security techniques well-known until now have week points to be passive in attacks and susceptible to roundabout attacks so that the misuse detection based intrusion prevention system which enables positive correspondence to the attacks of inline mode are used widely. But because the Misuse detection based Intrusion prevention system is proportional to the detection rules, it causes excessive false alarm and is linked to wrong correspondence which prevents the regular network flow and is insufficient to detect transformed attacks, This study suggests an Intrusion prevention system which uses Support Vector machines(hereinafter referred to as SVM) as one of rule based Intrusion prevention system and Anomaly System in order to supplement these problems, When this compared with existing intrusion prevention system, show performance result that improve about 20% and could through intrusion prevention system that propose false positive minimize and know that can detect effectively about new variant attack.

• Journal of Satellite, Information and Communications
• /
• v.10 no.3
• /
• pp.121-126
• /
• 2015

This paper proposes a novel reconfigurable microstrip antenna based on alternating a perturbation structure to achieve circular polarization diversity. The proposed antenna consists of an annular ring microstrip radiator for simultaneously loading stub and slot perturbations which support right- and left-handed circular polarization senses and two PIN diodes for choosing the operating polarization sense. By controlling the states of two PIN diodes between perturbing slot and stub at one diagonal corner of the radiator, reconfigurable circular polarization senses of the proposed antenna are successfully obtained and alternated. The proposed antenna has been theoretically analyzed and experimentally demonstrated at 2.4 GHz of S-band for satellite communication system. The simulation and measurement results of the proposed antenna show in good agreement with the reflection coefficients, axial-ratios, realized antenna gains, and radiation patterns.

• Journal of KIISE
• /
• v.41 no.9
• /
• pp.605-610
• /
• 2014

Now, virtualization is no more emerging research area, and we can easily find its application in our circumstance. Nevertheless, I/O workloads are reluctant to be applied in virtual environment since they still suffer from unacceptable performance degradation due to virtualization latency. Many previous papers identified that virtual I/O overhead is mainly caused by exits and redundant I/O stack, and proposed several techniques to reduce them. However, they still have some limitations. In this paper, we introduce a novel I/O virtualization framework which improves I/O performance by exploiting multicore architecture. We applied our framework to the virtual network, and it improves TCP throughput up to 169%, and decreases UDP latency up to 38% on the network with the 10Gbps NIC.

• Journal of Advanced Navigation Technology
• /
• v.12 no.1
• /
• pp.46-53
• /
• 2008

The ITS(Intelligent Transport System) enables us to provide solutions on traffic problems, while maximizing safety and efficiency of road and transportation systems, by combining technologies from information and communication, electrical engineering, electronics, mechanics, control and instrumentation with transportation systems. The issues that an integration system for massive traffic data sources must face are due to several factors such as the variety and amount of data available, the representational heterogeneity of the data in the different sources, and the autonomy and differing capabilities of the sources. In this paper, we describe how to extract and load of the heterogeneous massive traffic data from the operational databases, such as FTMS and ARTIS using commercial tools. Also, we experiment on traffic data warehouses with integrated quality management techniques for providing high quality data.

• Journal of Korean Society of Transportation
• /
• v.17 no.3
• /
• pp.47-60
• /
• 1999

In this study, the dynamic route choice behavior of driver is assumed to be affected by the current conditions of traffic environments as well as the Past traffic environments and activities. The repeated survey of multi-timed to owner drove in Chon-ju city by the virtual traffic information system was performed by the stated preference method. And the LISREL(An analysis of linear structural relationship) model was used. As the results. the variable Parameter and t-value of travel time information on applied model was high and their results have an effect greatly to the route choice. After all, the route choice was negative from Kirin-ro, which Penetrates the downtown, and positive from Chunbyun-ro which was a roundabout way was confirmed. Estimated result of the reasonability, the highest suitable model was ode which applied the concept of serial correlation and stated dependence and was shown applying rightfulness to dynamic model. As the serial correlation and stated dependence parameter value, when time interval was large, parameter value was small and the serial correlation and stated dependence was in inverse proportion ratio to the time interval.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.321-330
• /
• 2015

There have been found many modified malwares which could avoid detection simply by replacing a sequence of characters or a part of code. Since the existing anti-virus program performs signature-based analysis, it is difficult to detect a malware which is slightly different from the well-known malware. This paper suggests a method of detecting modified malwares by extending a hash-value based code comparison. We generated hash values for individual functions and individual code blocks as well as the whole code, and thus use those values to find whether a pair of codes are similar in a certain degree. We also eliminated some numeric data such as constant and address before generating hash values to avoid incorrectness incurred from them. We found that the suggested method could effectively find inherent similarity between original malware and its derived ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.197-212
• /
• 2020

With the advent of virtual currency and electronic wallets creating a way to make financial gains based on anonymity, malicious code dissemination using malicious mail has continued to increase. In order to minimize the damage, the human factors, security awareness and the ability to respond, which are technical factors, should be improved evenly, which can be improved through malicious mail training. This study presented a model considering the performance of malicious mail training, such as practice. It was classified as a training for enhancing awareness of security for employees and detection and response to improve their ability to respond to malicious mail. A training system suitable for the purpose, the core functions of malware training, implementation and camouflage skills, and bypass techniques were described. Based on the above model, the training data conducted over three years were collected and the effectiveness of the training was studied through analysis of the results according to the number of training sessions, training themes and camouflage techniques.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.16 no.1
• /
• pp.78-89
• /
• 2017

This study derived the algorithm of a public transportation route search that adds safety and environmental costs according to user preference. As the means of an algorithm application and evaluation, Macro Simulation, VISUM was conducted for an analysis. The route using the subway, which is relatively low in safety and environment resistance value was preferred, and it was analyzed to select the safe and environmental route even though it detours. This study can be applicable when to verify the algorithm of route search considering safety and environment, and when introducing the algorithm of route search according to user preference in the smart-phone application in the future, it can provide users with very useful information by choosing a route as for safety and environment, and through this, the quality of user-friendly information provision can be promoted.