• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.29-40
• /
• 2006

Recent trends for cyber threat such as worm and virus exploit vulnerabilities inherent to main information communication infrastructures like the internet to achieve economical and political goals. It needs to develop checking programs for new vulnerabilities published in prompt and apply them to vulnerable systems for the defense of those cyber threats. In this paper, we study of methodologies for new vulnerability checking module development proper to user level. First, we analyze current 7 methodologies for the development of new vulnerability checking modules including GFI LANGuard and Nessus and then compare them. Second, We define and propose the 5 unique methodologies for the development of new vulnerability checking modules in depth. Finally, we induct the best methodology proper to a certain user level by assessing each methodology according to conditions which is set virtually.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.11-16
• /
• 2016

In modern society, the development of Information and Communication Technology has given people a lot of opportunities. But on the other side cyber attack also gives enormous damage to people. Recently Korea has become the target of cyber attack. The threat of it is growing. Especially North Korea has committed hostile actions against South Korea. North Korea has recently attacked the computer networks of South Korea's important national facilities. The types of North Korea's cyber attacks include the followings. First, if we see it with the viewpoint of software, it tries to destroy or control the Internet, infects the networks with viruses, worms, Trojan Horse and Distributed Denial of Service. I suggest the following to solve the problem. First, South Korea should unify the organizations to respond to the attacks of North Korea, as North Korea has a unified organization for the cyber attack. Second, they should think about the establishment of "Cyber Terrorism Prevention Act" to systematically respond to the software attacks.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.121-126
• /
• 2015

Exposure of personal information that is held by hacking accident near the company has led to severe water level. And, it has changed security threat elements generated according to businessenterprise. Therefore, in this paper, I looked at security threat elements and proposed the way of appropriate information security consulting according type of company. First, In the financial and insurance industries, and should not have been compromised by a worm virus infection due to lack of awareness inside of members, by collectively apply in the same way the internal security standards of the organization to members, the risk of customer information. It shall be provided in advance that the security accident occurs due to a higher job group. Therefore, information security consulting method based on people and information is applied. Secondly, in industry of company, to perform consulting information security based on the attributes of the case industry groups.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.127-136
• /
• 2007

With the construction of vast networks, Internet based services such as online games and Internet banking are steadily increasing. As dysfunctions of the trend, various threats from worms/viruses to hacking are proliferating and new types and variations of worms/viruses are emerging. In response to the problems, telecommunication carriers and the government we establishing systems to cope with infringement accidents and resultant damages. However, in case of nationwide emergencies like the 1.25 Accident, infringement may spread rapidly while analyzing what kind of infringement it is and that may result in enormous losses. Thus, the paper purposed to analyze the states of infringement accidents occurring at each network and coping methods and checklist, based on the results. and to propose strategies for controlling services in case of large scale infringement accidents.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.107-114
• /
• 2011

Today the company adopts to use information management method at the network base such as internet, intranet and so on for the speed of business. Therefore the security of information asset protection and continuity of business within company in relation to this is directly connected to the credibility of the company. This paper secures continuity to the certified users using queuing model for the business interruption issue caused by DDoS attack which is faced seriously today. To do this I have reflected overloaded traffic improvement process to the queuing model through the analysis of related traffic information and packet when there occurs DDoS attack with worm/virus. And through experiment I compared and analyzed traffic loading improvement for general network equipment.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.67-72
• /
• 2005

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. In order to solve a same problem, this paper researched early detection techniques for only early warning of cyber threats with separate way the detection due to and existing security equipment from the large network. It researched the cyber example alert system which applies the module of based honeynet from the actual large network and this technique against the malignant traffic how many probably it will be able to dispose effectively from large network.

• The KIPS Transactions:PartA
• /
• v.12A no.6 s.96
• /
• pp.493-498
• /
• 2005

P2P service is a method that can share various information through direct connection between computer of a person who have information and a Person who have information without server in the Internet and it is getting a lot of popularity by method for free ex change of file. P2P file sharing systems have become popular as a new paradigm for information exchange. Because all users who use service in P2P file sharing system can use shared files of several users freely by equal access privilege, it is happening the 'free rider' that only download shared file of other users without share own files. Although a user share a malicious file including virus, worm or file that have title differing with actuality contents, can use file sharing service without limitation. In this paper, we propose a method that restrict access of 'free rider' that only download using reputation information that indicate reliability of user. Also, we restrict usage ons hared file of other users about users who share harmful file.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.920-925
• /
• 2010

A home network system is made up of home devices and wire and wireless network can not only be the subject of cyber attack from a variety factors of threatening, but also have security weakness in cases of hacking, vicious code, worm virus, DoS attack, tapping of communication network, and more. As a result, a variety of problems such as abuse of private life, and exposure and stealing of personal information arose. Therefore, the necessity for a security protocol to protect user asset and personal information within a home network is gradually increasing. Thus, this dissertation designs and suggests a home network security protocol using user authentication and approach-control technology to prevent the threat by unauthorized users towards personal information and user asset in advance by providing the gradual authority to corresponding devices based on authorized information, after authorizing the users with a Public Key Certificate.