• Title/Summary/Keyword: 지능형 지속 위협

Search Result 40, Processing Time 0.025 seconds

Preprocessor Implementation of Open IDS Snort for Smart Manufacturing Industry Network (스마트 제조 산업용 네트워크에 적합한 Snort IDS에서의 전처리기 구현)

  • Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1313-1322
    • /
    • 2016
  • Recently, many virus and hacking attacks on public organizations and financial institutions by internet are becoming increasingly intelligent and sophisticated. The Advanced Persistent Threat has been considered as an important cyber risk. This attack is basically accomplished by spreading malicious codes through complex networks. To detect and extract PE files in smart manufacturing industry networks, an efficient processing method which is performed before analysis procedure on malicious codes is proposed. We implement a preprocessor of open intrusion detection system Snort for fast extraction of PE files and install on a hardware sensor equipment. As a result of practical experiment, we verify that the network sensor can extract the PE files which are often suspected as a malware.

Security Knowledge Classification Framework for Future Intelligent Environment (미래 융합보안 인력양성을 위한 보안교육과정 분류체계 설계)

  • Na, Onechul;Lee, Hyojik;Sung, Soyung;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.3
    • /
    • pp.47-58
    • /
    • 2015
  • Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM (SIEM 기반 사이버 침해사고 대응을 위한 데이터 보완 메커니즘 비교 분석)

  • Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.8 no.5
    • /
    • pp.1-9
    • /
    • 2022
  • As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

Extraction of Network Threat Signatures Using Latent Dirichlet Allocation (LDA를 활용한 네트워크 위협 시그니처 추출기법)

  • Lee, Sungil;Lee, Suchul;Lee, Jun-Rak;Youm, Heung-youl
    • Journal of Internet Computing and Services
    • /
    • v.19 no.1
    • /
    • pp.1-10
    • /
    • 2018
  • Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.

An Intrusion Detection System based on the Artificial Neural Network for Real Time Detection (실시간 탐지를 위한 인공신경망 기반의 네트워크 침입탐지 시스템)

  • Kim, Tae Hee;Kang, Seung Ho
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.31-38
    • /
    • 2017
  • As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.

Network Intrusion Detection with One Class Anomaly Detection Model based on Auto Encoder. (오토 인코더 기반의 단일 클래스 이상 탐지 모델을 통한 네트워크 침입 탐지)

  • Min, Byeoungjun;Yoo, Jihoon;Kim, Sangsoo;Shin, Dongil;Shin, Dongkyoo
    • Journal of Internet Computing and Services
    • /
    • v.22 no.1
    • /
    • pp.13-22
    • /
    • 2021
  • Recently network based attack technologies are rapidly advanced and intelligent, the limitations of existing signature-based intrusion detection systems are becoming clear. The reason is that signature-based detection methods lack generalization capabilities for new attacks such as APT attacks. To solve these problems, research on machine learning-based intrusion detection systems is being actively conducted. However, in the actual network environment, attack samples are collected very little compared to normal samples, resulting in class imbalance problems. When a supervised learning-based anomaly detection model is trained with such data, the result is biased to the normal sample. In this paper, we propose to overcome this imbalance problem through One-Class Anomaly Detection using an auto encoder. The experiment was conducted through the NSL-KDD data set and compares the performance with the supervised learning models for the performance evaluation of the proposed method.

Security Frameworks for Industrial Technology Leakage Prevention (산업기술 유출 방지를 위한 보안 프레임워크 연구)

  • YangKyu Lim;WonHyung Park;Hwansoo Lee
    • Convergence Security Journal
    • /
    • v.23 no.4
    • /
    • pp.33-41
    • /
    • 2023
  • In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

An Empirical Study on the Prediction of Future New Defense Technologies in Artificial Intelligence (인공지능 분야 국방 미래 신기술 예측에 관한 실증연구)

  • Ahn, Jin-Woo;Noh, Sang-Woo;Kim, Tae-Hwan
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.21 no.9
    • /
    • pp.458-465
    • /
    • 2020
  • Technological advances in artificial intelligence are affecting many industries, such as telecommunications, logistics, security, and healthcare, and research and development related to economic, efficiency, linkage with commercial technologies are the current focus. Predicting the changes in the future battlefield environment and ways of conducting war from a strategic point of view, as well as designing/planning the direction of military development for a leading response is not only a basic element to prepare for comprehensive future threats but also an indispensable factor that can produce an optimal effect over a limited budget/time. From this perspective, this study was conducted as part of a technology-driven plan to discover potential future technologies with high potential for use in the defense field and apply them to R&D. In this study, based on research data collected in a defense future technology investigation, the future new technology that requires further research was predicted by considering the redundancy with existing defense research projects and the feasibility of technology. In addition, an empirical study was conducted to verify the significance between the future new defense technology and the evaluation indicators in the AI field.

Proposal on for Response System to International Terrorism (국제 테러리즘의 대응체제 구축방안)

  • Suh, Sang-Yul
    • Korean Security Journal
    • /
    • no.9
    • /
    • pp.99-131
    • /
    • 2005
  • Terrorism which became today's common phenomena over the world is one of the most serious threats the world confront. Although International society make and operate outstanding anti-terrorism system, terror would never end without solving fundamental problems. The main body of terrorism converts from nation to organization and from organization to cell, which makes it difficult for us to recognize the main body. Since the target of today's new terrorism is many and unspecified persons, terrorists will never hesitate to use mass destruction weapons such as nuclear, biological, chemical weapons, and also use cyber-technique or cyber-terrorism. So, effective counter-terrorism measures should be performed as follows. First, it must be better for international society should make long-time plan of solving fundamental problems of terrorism other than to operate directly on terror organization and its means. Second, preventive method should be made. The most effective method of eradicating terrorism is prevention. For this, it is necessary to remove environmental elements of terrorism and terrorist bases, and to stop inflow of money and mass destruction weapons to terrorists. Third, integrated anti-terror organization should be organized and operated for continuous counter-terrorism operations. Also international alliance for anti-terrorism should be maintained to share informations and measures. Fourth, concerned department in the government should prepare counter-terrorism plans in their own parts as follows and make efforts to integrate the plans. - Ministry of Government Administration and Home Affairs : conventional terror - Ministry of Health and Welfare : bio-terror - Ministry of Science and Technology : nuclear-terror Especially, they should convert their policy and operation from post-terror actions to pre-terror actions, designate terror as national disaster and organize integrated emergency response organization including civil, government, and military elements. In conclusion, pre-terror activities and remedy of fundamental causes is the best way to prevent terror. Also, strengthening of intelligence activities, international cooperations, and preventive and comprehensive counter-measures must not ignored.

  • PDF

A Study on the Effect of Booth Recommendation System on Exhibition Visitors Unplanned Visit Behavior (전시장 참관객의 계획되지 않은 방문행동에 있어서 부스추천시스템의 영향에 대한 연구)

  • Chung, Nam-Ho;Kim, Jae-Kyung
    • Journal of Intelligence and Information Systems
    • /
    • v.17 no.4
    • /
    • pp.175-191
    • /
    • 2011
  • With the MICE(Meeting, Incentive travel, Convention, Exhibition) industry coming into the spotlight, there has been a growing interest in the domestic exhibition industry. Accordingly, in Korea, various studies of the industry are being conducted to enhance exhibition performance as in the United States or Europe. Some studies are focusing particularly on analyzing visiting patterns of exhibition visitors using intelligent information technology in consideration of the variations in effects of watching exhibitions according to the exhibitory environment or technique, thereby understanding visitors and, furthermore, drawing the correlations between exhibiting businesses and improving exhibition performance. However, previous studies related to booth recommendation systems only discussed the accuracy of recommendation in the aspect of a system rather than determining changes in visitors' behavior or perception by recommendation. A booth recommendation system enables visitors to visit unplanned exhibition booths by recommending visitors suitable ones based on information about visitors' visits. Meanwhile, some visitors may be satisfied with their unplanned visits, while others may consider the recommending process to be cumbersome or obstructive to their free observation. In the latter case, the exhibition is likely to produce worse results compared to when visitors are allowed to freely observe the exhibition. Thus, in order to apply a booth recommendation system to exhibition halls, the factors affecting the performance of the system should be generally examined, and the effects of the system on visitors' unplanned visiting behavior should be carefully studied. As such, this study aims to determine the factors that affect the performance of a booth recommendation system by reviewing theories and literature and to examine the effects of visitors' perceived performance of the system on their satisfaction of unplanned behavior and intention to reuse the system. Toward this end, the unplanned behavior theory was adopted as the theoretical framework. Unplanned behavior can be defined as "behavior that is done by consumers without any prearranged plan". Thus far, consumers' unplanned behavior has been studied in various fields. The field of marketing, in particular, has focused on unplanned purchasing among various types of unplanned behavior, which has been often confused with impulsive purchasing. Nevertheless, the two are different from each other; while impulsive purchasing means strong, continuous urges to purchase things, unplanned purchasing is behavior with purchasing decisions that are made inside a store, not before going into one. In other words, all impulsive purchases are unplanned, but not all unplanned purchases are impulsive. Then why do consumers engage in unplanned behavior? Regarding this question, many scholars have made many suggestions, but there has been a consensus that it is because consumers have enough flexibility to change their plans in the middle instead of developing plans thoroughly. In other words, if unplanned behavior costs much, it will be difficult for consumers to change their prearranged plans. In the case of the exhibition hall examined in this study, visitors learn the programs of the hall and plan which booth to visit in advance. This is because it is practically impossible for visitors to visit all of the various booths that an exhibition operates due to their limited time. Therefore, if the booth recommendation system proposed in this study recommends visitors booths that they may like, they can change their plans and visit the recommended booths. Such visiting behavior can be regarded similarly to consumers' visit to a store or tourists' unplanned behavior in a tourist spot and can be understand in the same context as the recent increase in tourism consumers' unplanned behavior influenced by information devices. Thus, the following research model was established. This research model uses visitors' perceived performance of a booth recommendation system as the parameter, and the factors affecting the performance include trust in the system, exhibition visitors' knowledge levels, expected personalization of the system, and the system's threat to freedom. In addition, the causal relation between visitors' satisfaction of their perceived performance of the system and unplanned behavior and their intention to reuse the system was determined. While doing so, trust in the booth recommendation system consisted of 2nd order factors such as competence, benevolence, and integrity, while the other factors consisted of 1st order factors. In order to verify this model, a booth recommendation system was developed to be tested in 2011 DMC Culture Open, and 101 visitors were empirically studied and analyzed. The results are as follows. First, visitors' trust was the most important factor in the booth recommendation system, and the visitors who used the system perceived its performance as a success based on their trust. Second, visitors' knowledge levels also had significant effects on the performance of the system, which indicates that the performance of a recommendation system requires an advance understanding. In other words, visitors with higher levels of understanding of the exhibition hall learned better the usefulness of the booth recommendation system. Third, expected personalization did not have significant effects, which is a different result from previous studies' results. This is presumably because the booth recommendation system used in this study did not provide enough personalized services. Fourth, the recommendation information provided by the booth recommendation system was not considered to threaten or restrict one's freedom, which means it is valuable in terms of usefulness. Lastly, high performance of the booth recommendation system led to visitors' high satisfaction levels of unplanned behavior and intention to reuse the system. To sum up, in order to analyze the effects of a booth recommendation system on visitors' unplanned visits to a booth, empirical data were examined based on the unplanned behavior theory and, accordingly, useful suggestions for the establishment and design of future booth recommendation systems were made. In the future, further examination should be conducted through elaborate survey questions and survey objects.