• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.710-711
• /
• 2015

최근 사이버 공격이사회, 국가적 위협으로 대두되고 있다. 최근 신종 악성코드에 의한 A.P.T 공격이 사회적으로 큰 혼란을 야기하고 있다. 이에 따라 기업 내에서 방화벽, IPS, VPN 등의 네트워크 보안 시스템의 통합 관리를 목적으로 하는 통합관제시스템(ESM)의 필요성이 제기되었다. 그러나 기존의 ESM의 방식은 외부에서 내부로 유입되는 트래픽만을 모니터링하는 네트워크 기반 공격 탐지기법을 사용하기 때문에, 외부 사이버 공격만을 차단할 수 있다는 한계점을 가지고 있다. 따라서 본 연구는 주요 IT 기반시설의 네트워크, 시스템, 응용 서비스 등으로부터 발생하는 데이터 및 보안 이벤트 간의 연관성을 분석하여 보안 지능을 향상시키는 빅데이터를 활용한 보안로그시스템을 제안한다. 본 연구에서 제안한 빅데이터를 활용한 보안로그시스템을 통해 분산 기반의 저장/처리 기술 적용하고자 한다.본 기술을 적용한 지능형 정보 분석 플랫폼 구성을 통해, 가용성과 확장성을 확보하여 통합적 보안 관제가 가능하도록 한다. 뿐만 아니라 기업 내로의 악성코드 유입, 감염(전파) 그리고 실시간 모니터링이 가능하여 고객 서비스 만족도가 향상되는 파급효과가 기대된다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1429-1434
• /
• 2010

Generally, the simulator for mobile device tests automatically an application software after instilling again the event, which is saved in log file according to an event generation sequence, into the application software of device. But, the simulator performance for mobile device can be different according to a extraction layer even if the events are same. And, the sequence of events extracted from an application is changeable in the environment that multiple applications are operated concurrently. Therefore, even though the same applications is executed to the same sequence, the generation sequence of events is revised in accordance with the state of mobile device system, and whether the errors occur according to circumstances or not. This kind of application software error is very difficult to perform a debugging operation. In this paper, the execution state of various applications is verifiable through the re-editing of events after analyzing the events which is generated in application, kernel, middleware layer, and the event arrange/editor is designed and implemented to understand efficiently the influence on application, kernel, and middleware layer for events.

• The KIPS Transactions:PartD
• /
• v.16D no.5
• /
• pp.691-700
• /
• 2009

An event means a flow which has a time attribute such as the a symptom of patients, an interval event has the time period between the start-time-point and the end-time-point. Although there are many studies for temporal data mining, they do not deal with discovering knowledge from interval event such as patient histories and purchase histories. In this paper, we suggest a method of temporal data mining that finds association rules of event causal relationships and predicts an occurrence of effect event based on discovered rules. Our method can predict the occurrence of an event by summarizing an interval event using the time attribute of an event and finding the causal relationship of event. As a result of simulation, this method can discover better knowledge than others by considering a lot of supports of an event and finding the significant rare relation on interval events which means an essential cause of an event, regardless of an occurrence support of an event in comparison with conventional data mining techniques.

• Bulletin of the Korean Space Science Society
• /
• 2007.10a
• /
• pp.118-118
• /
• 2007

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.223-232
• /
• 2017

Previous research on data recovery in Microsoft SQL Server has focused on restoring data based on in the transaction log that might have deleted records exist. However, there was a limit that was not applicable if the related transaction log did not exist or the physical database file was not connected to Server. Since the suspect in the crime scene may delete the data records using a different deletion statements besides "delete", we need to check the remaining data and a recovery possibility of the deleted record. In this paper, we examined the changes "Page Allocation information" of the table, "Unallocation deleted data", "Row Offset Array" in the page according to "delete", "truncate" and "drop" events. Finally it confirmed the possibility of data recovery and availability of management tools in Microsoft SQL Server digital forensic investigation.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.251-260
• /
• 2005

On the internet phone or PSTN(Public Switched Telephone Network), the automatic callback is an useful service in the case of busy state when one user calls the other. By using this service, automatic redial is possible when the other party hangs up. However, in the basic automatic callback service, the user who wants callback should wait until the other party hangs up even in the case of emergency. Therefore in this paper, to solve this problem we have extended CPL(Call Processing Language) and, within user system we have included and linked this extended CPL processing module and dialog event package which processes SIP INVITE initiated dialog state informations. We have implemented this system for being used in SIP(Session Initiation Protocol)-based VoIP(Voice over IP) system.

• The Journal of the Acoustical Society of Korea
• /
• v.39 no.6
• /
• pp.600-605
• /
• 2020

In this paper, we propose a sound event detection method using a multi-channel multi-scale neural networks for sound sensing home monitoring for the hearing impaired. In the proposed system, two channels with high signal quality are selected from several wireless microphone sensors in home. The three features (time difference of arrival, pitch range, and outputs obtained by applying multi-scale convolutional neural network to log mel spectrogram) extracted from the sensor signals are applied to a classifier based on a bidirectional gated recurrent neural network to further improve the performance of sound event detection. The detected sound event result is converted into text along with the sensor position of the selected channel and provided to the hearing impaired. The experimental results show that the sound event detection method of the proposed system is superior to the existing method and can effectively deliver sound information to the hearing impaired.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.