• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• Information and Communications Magazine
• /
• v.29 no.2
• /
• pp.59-67
• /
• 2012

디지털 컨버젼스 시대에 다양한 기술들이 고정된 기기보다는 Mobile 기기들에 집중되고 있으며, 이에 따라 보다 효율적인 통신 방식에 대한 차세대 이동통신 기술표준의 중요성은 증가하고 있다. 흔히 기술표준과 관련한 필수특허(Essential Patent)란 기술표준규정에 따라 제품 또는 방법을 실시하는 경우 해당 특허의 claim을 침해하게 되는 특허를 의미한다. 표준필수특허는 개별 라이센싱(licensing)을 통해 활용될 수도, 특허풀(Patent Pool)을 통해 활용될 수도 있기 때문에 Prosecution단계에서부터 각 활용형태에 따른 고려가 필요하다. 한편, 표준필수특허의 창출 과정에서, 출원 후 보정을 통해 필수특허를 창출하는 것의 적법성, 묵시적 라이선스(Implied License) 문제, Claim의 주체 문제 등이 문제될 수 있으며, 각각에 따른 대응 전략이 필요하다. 또한, 표준필수특허의 활용과정에서 반독점법상 견제에 대응하기 위한 FRAND 조건, 선언 의무 위반 등이 문제될 수 있다. 본고에서는 표준필수특허의 창출 및 활용에 있어서 법률상 문제와 이에 대한 대응 전략에 대해 알아본다.

• Review of KIISC
• /
• v.26 no.1
• /
• pp.92-98
• /
• 2016

IT기술이 발달함에 따라서 데이터는 대량화, 다양화 되었다. 그에 따라서 이를 침해하려는 다양한 공격기술들이 등장하고 있다. 특히, 지능형 타깃 지속 공격이라는 APT(Advanced Persistent Threat) 공격은 날로 발전하고 있다. APT공격 중에서도 특히 은닉형 악성코드를 이용한 공격들이 많이 등장하고 있다. 은닉형 악성코드는 사용자가 인식하지 못하도록 보안시스템을 우회하고, 중요 데이터의 수집 및 유출을 위하여 교묘하게 시스템에 숨어들어 악의적인 행위를 하는 형태의 악성코드를 말한다. 이러한 고도화된 악의적인 행위를 하는 악성코드를 탐지하고, 대응하기 위한 기술들은 아직까지 부족한 것이 현실이다. 본 논문에서 대표적인 은닉형 악성코드와 공격사례를 분석하여 이를 대응할 수 있는 방안을 고찰해본다. 또한 이를 통하여 고도화된 공격기술들에 대해 예방하고 대응하는 자료로 활용 가능하다.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.39-45
• /
• 2020

Despite the increasing interest in cyber security in recent years, the emergence of new technologies has led to a shortage of professional personnel to efficiently perform the cyber security. Although various methods such as cyber rage are being used to cultivate cyber security experts, there are problems of limitation of virtual training system, scenario-based practice content development and operation, unit content-oriented development, and lack of consideration of learner level. In this paper, we develop a fuzzy rule-based user-customized training scenario automatic generation system for improving user's ability to respond to infringement. The proposed system creates and provides scenarios based on advanced persistent threats according to fuzzy rules. Thus, the proposed system can improve the trainee's ability to respond to the bed through the generated scenario.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.253-256
• /
• 2018

최근 4차 산업혁명은 기존에 한정적이던 사물들의 역할을 끝없이 확장시키는 특징을 가진다. 인터넷을 기반으로 인간, 사물, 환경 등 모든 것은 연결이 가능한 Internet of Things(IoT) 시대가 다가오고 있다. 사람과 사물, 사물과 사물 간의 정보를 상호 소통하여 안전기능과 사용자의 편의성을 향상시키고 있으며, ICT의 융복합의 발전에 따라 자동차도 기존과 다르게 IoT 환경에 포함된다. 커넥티드 카는 차량, 인프라, 모바일 디바이스, 주변 환경 간의 통신을 통해 실시간으로 다양한 정보를 자동차를 중심으로 수집할 수 있게 되었으며 이를 기반으로 커넥티드 카 산업이 발전하고 있다. 그러나 이러한 발전 과정 속에서 커넥티드 카의 보안성의 문제는 반드시 해결되어야 한다. 보안성이 확보되지 않는다면, 자동차에서 발생하는 운전자에 대한 악의적인 공격을 통해 일반적인 보안 침해사고 수준을 넘어 사고를 유발시킬 경우 인명과 재산상의 큰 피해를 발생시킬 수 있다. 본 논문에서는 커넥티드 카의 통신구조를 알아보고 취약점 분석과 이에 대한 대응 방안을 제안하여 안전한 커넥티드 카의 활용 방안을 연구한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.115-124
• /
• 2009

Internet is in rapid growth from technology to total social environment, so technical and syntax based cyber crime is evolved but also psychological and semantic based one is showing. In this paper, we analyze the cyber-crime cases announced by police, then classify it into social and technical influence. After that, we study the profiling method on psychological view point of cyber-crimes. We expect that it is possible to classify cyber-crimes into the categories rapidly and take less time to analyze and response.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.584-587
• /
• 2012

MANET, which can be constructed with only terminal devices, has structural advantages of ease installation and operation, also has environmental change of rapid supply of smart phone, it's usage can be extended to application area likes as emergency communication, leasure, exploration and investigations. But, as one characteristic of MANET, no use of communicaton infrastructure caused disadvantage of weakness for information intrusion which is frequently occurred, nowadays. In this paper, the effects of IDS(Intrusion Detection System), one of defence tools for information intrusion, is analyzed for transmission performance. Blackhole attack is assumed as a type of intrusion, MANET defence with IDS from intrusions. Computer simulation based on NS-2 used for performance measurement. In this paper, performance measurement is done for application service to analyze application level effects of IDS. VoIP service is used as application service.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.5
• /
• pp.177-183
• /
• 2012

There occur various crimes in cyber space hiding behind anonymity to avoid punishment by criminal law. One of the most serious crimes committed in cyber space is defamation against others under the cloak of freedom of expression. The infringements by defamations in cyber space are made all of a certain and widespread that the victims have no time to react, and for that reason, the shocks by the defamation are much serious and severe compared with that committed in off line. However, press and publication shouldn't infringe on other's honors, right, public order or social ethics in liberal democrat society which values much the human dignities and values as stipulated in Article 21 section 4 of the Constitution. Protection of personal honor is also the basic rights guaranteed by the Constitution as much as the freedom of expression, and by extension, such harmful behaviour shouldn't be included in the freedom of expression area. In this way, slander can be considered as the minimum limitation of the freedom of expression.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.355-358
• /
• 2016

Recently, As the interest of the drone has increased the fields such as broadcasting, disaster site and leisure which uses the drone has been constantly expanded. However, an invasion of a person's privacy and a threat of hacking attack also have increased as population of drone. High-resolution cameras mounted on drones can take a photo or real-time video anytime and anywhere. It causes the invasion of privacy from private houses, buildings, and hotels. In this paper, we perform a security vulnerability assessment tests on the camera's from common commercial drones and we propose the countermeasures to protect the drones against unauthorized attacker who attempts to access the drone's camera from internal or external. Through this research, we expect the Aviation Act and legislation accept the concept of security and provide the polices such as drones equipped with security devices from the production stage to promote drone industry.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.451-455
• /
• 2012

In this paper, Nateon, MSN Messenger, including how to hack into the most intimate acquaintance formed as follows, for hacking (keyloggers, remote monitoring, etc.) by sending a bank and ID, PW, certificate, security card, etc. personal financial information obtained after the withdrawal of the account balance to have a personal financial analysis infringement attack vulnerable elements found in internet banking, the vulnerabilities and countermeasures concerning the prevention of accidents, including violations by seeking a more secure Internet banking personal Internet Banking is to devise a deal.