• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.439-449
• /
• 2019

The development of information technology represented by ICBMA (IoT, Cloud, Big Data, Mobile, AI), is leading to a surge in data and a numerical and quantitative increase in data centers to accommodate it. As the data center is recognized as a social infrastructure, It is very important to identify physical security threats in advance in order to secure safety, such as responding to a terrorist attack. In this paper, we develop physical security threat breakdown structure (PS-TBS) for easy identification and classification of threats, and verify the feasibility and effectiveness of the PS-TBS through expert questionnaires. In addition, we intend to contribute to the improvement of physical security level by practical use in detailed definition on items of PS-TBS.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.31-38
• /
• 2024

Recent expansion in cloud service usage has heightened the importance of cloud security. The purpose of this study is to analyze current research trends in the field of cloud security and to derive implications. To this end, R&D project data provided by the National Science and Technology Knowledge Information Service (NTIS) from 2010 to 2023 was utilized to analyze trends in cloud security research. Fifteen core topics in cloud security research were identified using LDA topic modeling and ARIMA time series analysis. Key areas identified in the research include AI-powered security technologies, privacy and data security, and solving security issues in IoT environments. This highlights the need for research to address security threats that may arise due to the proliferation of cloud technologies and the digital transformation of infrastructure. Based on the derived topics, the field of cloud security was divided into four categories to define a technology reference model, which was improved through expert interviews. This study is expected to guide the future direction of cloud security development and provide important guidelines for future research and investment in academia and industry.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.912-913
• /
• 2023

이미지 처리에 관한 인공지능 모델의 발전에 따라 개인정보 유출 문제가 가속화되고 있다. 인공지능은 다방면으로 삶에 편리함을 제공하지만, 딥러닝 기술은 적대적 예제에 취약성을 보이기 때문에, 개인은 보안에 취약한 대상이 된다. 본 연구는 ResNet18 신경망 모델에 얼굴이미지를 학습시킨 후, Shadow Attack을 사용하여 입력 이미지에 대한 AI 분류 정확도를 의도적으로 저하시켜, 허가받지 않은 이미지의 인식율을 낮출 수 있도록 구현하였으며 그 성능을 실험을 통해 입증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.801-802
• /
• 2023

시큐어 코딩은 해킹 등 사이버 공격의 원인인 보안 취약점을 제거해 안전한 소프트웨어를 개발하는 SW 개발 기법을 의미한다. 개발자의 실수나 논리적 오류로 인해 발생할 수 있는 문제점을 사전에 차단하여 대응하고자 하는 것이다. 그러나 현재 시큐어 코딩에는 오탐과 미탐의 문제가 발생한다는 단점이 있다. 따라서 본 논문에서는 오탐과 미탐이 발생하는 단점을 해결하고자 머신러닝 알고리즘을 활용하여 AI 기반으로 개발자의 실수나 논리적 오류를 탐지하는 시큐어 코딩 도구를 만들고자 한다. 다양한 모델을 사용하여 보안 취약점을 모아놓은 Juliet Test Suite를 전처리하여 학습시켰고, 정확도를 높이기 위한 과정 중에 있다. 향후 연구를 통해 정확도를 높여 정확한 시큐어 코딩 점검 도구를 개발할 수 있을 것이다.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.61-67
• /
• 2022

The purpose of this study is to analyze research trends in artificial intelligence. For a three-dimensional analysis, an attempt was made to objectively compare and present the difference between the research direction of artificial intelligence in social science and engineering. For the research method, topic modeling was used among the big data analysis methodologies, and 1000 English papers searched with the keyword artificial intelligence (AI) in the academic research information system were used for the analysis data. As a result of the analysis, in the field of social science, it was possible to identify groups formed around the keywords of 'human', 'impact', and 'future' for artificial intelligence, and in the field of engineering, 'artificial intelligence-based technology development', 'system', 'Groups such as 'Risk-Security' were formed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.328-330
• /
• 2022

Currently, the Metaverse is introduced in various fields, and a virtual convergence economy that uses NFTs for content or item transactions is expected to develop into a 'metaverse environment'. The 'metaverse environment' will lead the changes in our society in the future and it will be fused with AI, big data, cloud, IoT, block chain, and next-generation network technology. However, personal information, device information, and behavior information provided by Metaverse users to use the service are subject to major attacks. Therefore, in order to provide a safe environment for users to use and to expand the business base of related companies, building a public-private cooperation system and developing a security guide are the leading tasks. Therefore, in this study, we compare and analyze metaverse features and technologies, and examine possible security threats and countermeasures.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.63-70
• /
• 2024

With the development of artificial intelligence technology, our lives are changing in innovative ways, but at the same time, new ethical issues are emerging. In particular, issues of discrimination due to algorithm and data bias, deep fakes, and personal information leakage issues are judged to be social priorities that must be resolved as artificial intelligence services expand. To this end, this paper examines the concept of artificial intelligence and ethical issues from the perspective of artificial intelligence ethics, and includes each country's ethical guidelines, laws, artificial intelligence impact assessment system, artificial intelligence certification system, and the current status of technologies related to artificial intelligence algorithm transparency to prevent this. We would like to examine and suggest institutional improvement measures to strengthen artificial intelligence ethics.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.67-75
• /
• 2022

Due to the COVID-19 pandemic, many companies have introduced remote work. However, the introduction of remote work has increased attacks on companies to access sensitive information, and many companies have begun to use cloud services to respond to security threats. This study used LDA topic modeling techniques by collecting news data with the keyword 'cloud security' to analyze changes in domestic cloud security trends before and after the COVID-19 pandemic. Before the COVID-19 pandemic, interest in domestic cloud security was low, so representation or association could not be found in the extracted topics. However, it was analyzed that the introduction of cloud is necessary for high computing performance for AI, IoT, and blockchain, which are IT technologies that are currently being studied. On the other hand, looking at topics extracted after the COVID-19 pandemic, it was confirmed that interest in the cloud increased in Korea, and accordingly, interest in cloud security improved. Therefore, security measures should be established to prepare for the ever-increasing usage of cloud services.

• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.135-143
• /
• 2022

The defense environment is rapidly changing, such as nuclear and missile threats of North Korea, changes in war patterns, and a decrease in military service resources due to low birth rate. In order to actively respond to these changes, the Korean military is promoting Defense Innovation 4.0 and is trying to foster an army armed with high technology such as artificial intelligence (AI), big data analysis, etc. In this regard, we analyze the effectiveness of the radar-based AI scientific guard system applied by high technology for guard operations using Analytic Hierarchy Process (AHP). We first select evaluation factors that can assess the effectiveness of the scientific guard system, and analyze its relative importance. Each evaluation factor was selected by deriving a significant concept from operating principle and how they work, and by consulting experts on the correlation between each factor and effectiveness of the scientific guard system. We examine the relative effects of the radar-based AI scientific guard system and existing scientific guard system based on the importance of the evaluation factors.