• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.725-730
• /
• 2017

The use of general IT resources in the Instrumentation and Control system(I&C) for the safety of Nuclear Power Plants(NPPs) is increasing. As a result, potential security vulnerabilities of existing IT resources may cause cyber attack to NPPs, which may cause serious consequences not only to shutdown of NPPs but also to national disasters. In order to respond to this, domestic nuclear regulatory agencies are developing guidelines for regulating nuclear cyber security regulations and expanding the range of regulatory targets. However, it is necessary to take measures to cope with not only general security problems of NPPs but also attacks specific to NPPs. In this paper, we select 42 items related to the vulnerability inspection in the contents defined in R.G.5.71 and classify it into 5 types. If the vulnerability inspection tool is developed based on the proposed analysis, it will be possible to improve the inspection efficiency of the cyber security vulnerability of the NPPs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.679-694
• /
• 2013

According to the national information security white paper 2013, the number of hacking attempt in 2012 is 17,570 which is increased by 67.4% than in 2011, and it has been increasing year after year. The cause of this increase is considered as pursuit of monetary profit and diversification techniques of infection. However, because the development of malicious code faster than the increase in the number of experts to analyze and respond the malware, it is difficult to respond to security threats due to malicious code. So, the interest on automatic analysis tools is increasing. In this paper, we proposed the method of malware classification by similarity using malware DNA. It helps the experts to reduce the analysis time, to increase the correctness. The proposed method generates 'Malware DNA' from extracted features, and then calculates similarity to classify the malwares.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2015

As the number of smartphone users is increasing with the development of mobile devices, the range of monetary transaction from the individual use is increasing. Therefore, hacking methods are diversified and the information forgery of mobile devices has been a current issue. The forgery via apps in mobile devices is a hacking method that creates an app similar to well-known apps to deceive the users. The forgery attack corresponds to the violation of integrity, one of three elements of security. Due to the forgery, the value and credibility of an app decreases with the risk increased. With the forgery in app, private information and data can be stolen and the financial losses can occur. This paper examined the forgery, and suggested a way to detect it, and sought the countermeasure to the forgery.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.39-45
• /
• 2015

Industrial secrets that companies own recently protected by various act related industrial security such as Trade Secret Act, Act on Prevention of Divulgence and Protection of Industrial Technology, etc. However, despite such protection infringement and leakage accidents of industrial secrets is increasing every year. According to a survey conducted by KAITS(Korean Association for Industrial Technology Security) annual average of estimated damage by industrial secrets leakage is estimated to be "50 trillion won." This is equivalent to the amount of annual revenue of small businesses more than 4,700 units. Following this, industrial secrets leakage causes serious damages to competitiveness of nation and companies and economic. However investment and effort to the industrial secrets leakage crime is lack of level compared to the scale of damage. Actually, most companies except some major companies are lack of response action about industrial secrets leakage because of shortage of separate organization, workforce, budget for industrial secrets leakage security. This paper aims to understand the overall flow of the industrial secrets leakage crime through various taxonomy such as cause of occurrence and leakage pathway and grasp the condition of damage from industrial secrets leakage through analyzation of internal and external industrial secrets leakage crime. This is expected to be the basis for related research.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.179-187
• /
• 2003

This study investigate the reasons of organizational failure in detection and appropriate response to risk signal. The Crisis does not come true suddenly, there is some risk signals in crisis. If Organization detect the risk signals the crisis is come true opportunities, if not the crisis is come true disastrous outcome. This is use the system dynamics approach. System Dynamics assume the system as a collection of causal feedback loop, so we understand the dynamics around the problems. This investigate suggest that, the focus on growth is the a kind of promotional pressure and the pressure drive the organization to less attention the risk signal, so the risk is underestimate In proportion to real risk. Ultimate, the organization entrap the promotional climate and insensible to security. This study is a kind of hypothesis-discovering research, in the further study, the discovered hypothesis will be empirically tested.

• Journal of the Society of Disaster Information
• /
• v.10 no.2
• /
• pp.220-228
• /
• 2014

A stalking is becoming more diverse and the methods are developing over time as the society has changed over time due to the advancement of information technology but an initial countermeasure seems to be difficult as there is no sufficient legislations against such crimes as stalking. Our country passed laws regulating such stalking at 1999 and four more additional bills were proposed until the 18th National Assembly but they failed to become legalized. Two more additional bills were proposed during 19th National Assembly which are still pending. Crimes such as stalking violates and invades physical and psychological freedom of the victims and the crimes are severely inveterate and intentional. Advanced countries such as the United States, the Great Britain, Germany, and Japan enacted legislations that strictly regulates stalking and also appropriate responses. As these exemplary cases show, it is essential that our country also requires an effective legislations against crime of stalking and protecting a victim of the crime.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.35-40
• /
• 2017

The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.