• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.749-766
• /
• 2021

Cyber powers around the world are conducting cyber information-gathering activities in cyberspace, a global domain within the Internet-based information environment. Accordingly, it is imperative to obtain the latest information through the cyber intelligence preparation of the battlefield (IPB) process to prepare for future cyber operations. Research utilizing the cyber battlefield visualization method for effective cyber IPB and situation awareness aims to minimize uncertainty in the cyber battlefield and enable command control and determination by commanders. This paper designed architecture by classifying cyberspace into a physical, logical network layer and cyber persona layer to visualize the cyber battlefield using BGP archive data, which is comprised of BGP connection information data of routers around the world. To implement the architecture, BGP archive data was analyzed and pre-processed, and cyberspace was implemented in the form of a Di-Graph. Information products that can be obtained through visualization were classified for each layer of the cyberspace, and a visualization method was proposed for performing cyber IPB. Through this, we analyzed actual North Korea's BGP and OSINT data to implement North Korea's cyber battlefield centered on the Internet network in the form of a prototype. In the future, we will implement a prototype architecture based on Elastic Stack.

• The Journal of the Korea Contents Association
• /
• v.8 no.5
• /
• pp.123-133
• /
• 2008

This dissertation is a web-based cyber exhibition website and a clear difference between the general framework of the development breaks out, the cyber exhibition framework can be a model for the purpose of the proposal. The basic elements that comprise the exhibition model is archives layer, exhibit layer, and experience layer for the three-layer planed. In fact, the model has been applied throughout the analysis of cases with the application of the model presented, while others are considering goal direction also suggests the development of a cyber exhibition. If you take advantage of the cyber model of development brilliant display of the content rather than technology-driven 'material and value+media and CT' to the convergence of content through their own cyber exhibition area can expect to be recognized.

• Journal of Internet Computing and Services
• /
• v.16 no.5
• /
• pp.1-9
• /
• 2015

As attacks in cyber space become advanced and complex, monotonous defense approach of one-one matching manner between attack and defense may be limited to defend them. More efficient defense method is required. This paper proposes multi layers security scheme that can support to defend assets against diverse cyber attacks in systematical and adaptive. We model multi layers security scheme based on Defense Zone including several defense layers and also discuss essential technical elements necessary to realize multi layers security scheme such as cyber threats analysis and automated assignment of defense techniques. Also effects of multi layers security scheme and its applicability are explained. In future, for embodiment of multi layers security scheme, researches about detailed architecture design for Defense Zone, automated method to select the best defense technique against attack and modeling normal state of asset for attack detection are needed.

• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.632-644
• /
• 2019

The remote monitoring and warning system for dangerous chemicals is designed with the concept of the Cyber-Physical System (CPS) in this paper. The real-time perception, dynamic control, and information service of major hazards chemicals are realized in this CPS system. The CPS system architecture, the physical layer and the applacation layer, are designed in this paper. The terminal node is mainly composed of the field collectors which complete the data acquisition of sensors and video in the physical layers, and the use of application layer makes CPS system safer and more reliable to monitor the hazardous chemicals. The cloud application layer completes the risk identification and the prediction of the major hazard sources. The early intelligent warning of the major dangerous chemicals is realized and the security risk images are given in the cloud application layer. With the CPS technology, the remote network of hazardous chemicals has been completed, and a major hazard monitoring and accident warning online system is formed. Through the experiment of the terminal node, it can be proved that the terminal node can complete the mass data collection and classify. With this experiment it can be obtained the CPS system is safe and effective. In order to verify feasible, the multi-risk warning based on CPS is simulated, and results show that the system solves the problem of hazardous chemicals enterprises safety management.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.87-101
• /
• 2022

Cyber-attacks occur in the blink of an eye in cyberspace, and the damage is increasing all over the world. Therefore, it is necessary to develop a cyber common operational picture that can grasp the various assets belonging to the 3rd layer of cyberspace from various perspectives. By applying the method for grasping battlefield information used by the military, it is possible to achieve optimal cyberspace situational awareness. Therefore, in this study, the visualization screens necessary for the cyber common operational picture are identified and the criteria (response speed, user interface, object symbol, object size) are investigated. After that, the framework is designed by applying the identified and investigated items, and the visualization screens are implemented accordingly. Finally, among the criteria investigated by the visualization screen, an experiment is conducted on the response speed that cannot be recognized by a photograph. As a result, all the implemented visualization screens met the standard for response speed. Such research helps commanders and security officers to build a cyber common operational picture to prepare for cyber-attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1310-1338
• /
• 2023

As Internet of Things (IoT) applications and devices rapidly grow, cyber-attacks on IoT networks/systems also have an increasing trend, thus increasing the threat to security and privacy. Botnet is one of the threats that dominate the attacks as it can easily compromise devices attached to an IoT networks/systems. The compromised devices will behave like the normal ones, thus it is difficult to recognize them. Several intelligent approaches have been introduced to improve the detection accuracy of this type of cyber-attack, including deep learning and machine learning techniques. Moreover, dimensionality reduction methods are implemented during the preprocessing stage. This research work proposes deep Autoencoder dimensionality reduction method combined with Artificial Neural Network (ANN) classifier as botnet detection system for IoT networks/systems. Experiments were carried out using 3- layer, 4-layer and 5-layer pre-processing data from the MedBIoT dataset. Experimental results show that using a 5-layer Autoencoder has better results, with details of accuracy value of 99.72%, Precision of 99.82%, Sensitivity of 99.82%, Specificity of 99.31%, and F1-score value of 99.82%. On the other hand, the 5-layer Autoencoder model succeeded in reducing the dataset size from 152 MB to 12.6 MB (equivalent to a reduction of 91.2%). Besides that, experiments on the N_BaIoT dataset also have a very high level of accuracy, up to 99.99%.

• Journal of Korea Multimedia Society
• /
• v.23 no.7
• /
• pp.803-811
• /
• 2020

This paper proposes an image classification algorithm that transforms the number of convolution layers in the residual block of ResNet, CNN's representative method. The proposed method modified the structure of 34/50 layer of ResNet structure. First, we analyzed the performance of small and many convolution layers for the structure consisting of only shortcut and 3 × 3 convolution layers for 34 and 50 layers. And then the performance was analyzed in the case of small and many cases of convolutional layers for the bottleneck structure of 50 layers. By applying the results, the best classification method in the residual block was applied to construct a 34-layer simple structure and a 50-layer bottleneck image classification model. To evaluate the performance of the proposed image classification model, the results were analyzed by applying to the cifar10 dataset. The proposed 34-layer simple structure and 50-layer bottleneck showed improved performance over the ResNet-110 and Densnet-40 models.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.80-85
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.

• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.313-319
• /
• 2015

As the number of applications using the internet the rapidly increasing incidence of cyber attacks made on the internet has been increasing. In the equipment of L3 DDoS attack detection equipment in the world and incomplete detection of application layer based intelligent. Next-generation networks domestic product in high-performance wired and wireless network threat response techniques to meet the diverse requirements of the security solution is to close one performance is insufficient compared to the situation in terms of functionality foreign products, malicious code detection and signature generation research primarily related to has progressed malware detection and analysis of the research center operating in Window OS. In this paper, we describe the current status survey and analysis of the latest variety of new attack techniques and analytical skills with the latest cyber-attack analysis prejudice the security situation.