• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.135-143
• /
• 2022

As the world has implemented social distancing and telecommuting due to the spread of COVID-19, real-time streaming sessions based on routing protocols have increased dependence on the Internet due to the activation of video and voice-related content services and cloud computing. BGP is the most widely used routing protocol, and although many studies continue to improve security, there is a lack of visual analysis to determine the real-time nature of analysis and the mis-detection of algorithms. In this paper, we analyze BGP data, which are powdered as normal and abnormal, on a real-world basis, using an anomaly detection algorithm that combines statistical and post-processing statistical techniques with Rule-based techniques. In addition, we present an interactive spatio-temporal analysis plan as an intuitive visualization plan and analysis result of the algorithm with a map and Sankey Chart-based visualization technique.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.173-179
• /
• 2023

The 4th Industrial Revolution technology has emerged as a solution to build a hyper-connected, super-intelligent network-oriented operational environment, overcoming the obstacles of reducing troops and defense budgets facing the current military. However, the overall risk management, including the increase in complexity of the latest inform ation technology and the verification of the impact with the existing information system, is insufficient, leading to serious threats to system integrity and availability, or negatively affecting interoperability between systems. It can be inhibited. In this paper, we suggest cyber threat response strategies for our military to prepare for cyber threats by examining information security risk management in the United States in order to protect military information assets from cyber threats that may arise due to the advancement of information technology.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.119-122
• /
• 2019

최근 웹 변조 공격은 대형 포탈, 은행, 학교 등 접속자가 많은 홈페이지에 악성 URL을 불법 삽입하여 해당 URL을 통해 접속자 PC에 자동으로 악성코드 유포하고 대규모 봇넷(botnet)을 형성한 후 DDoS 공격을 수행하거나 감염 PC들의 정보를 지속적으로 유출하는 형태로 수행된다. 이때, 홈페이지에 삽입되는 악성 URL은 탐지가 어렵도록 Javascript 난독화 기법(obfuscation technique) 등으로 은밀히 삽입된다. 본 논문에서는 웹 소스코드에 은닉된 악성 Javascript URL들에 대한 일괄 점검체계를 제안하며, 구현된 점검체계의 prototype을 활용하여 점검성능에 대한 시험결과를 제시한다.

• Journal of Digital Convergence
• /
• v.17 no.5
• /
• pp.23-31
• /
• 2019

This study aims to build an AHP model that evaluates the priority of cyber security policies for the Azerbaijan information system. For this, 4 factors were constructed from components of ITU National Interest Model, whereas 5 alternatives were based on the best practices of the eight developed countries leading the cyber security field. Using the questionnaire, 24 security experts evaluated the strategic priority of such factors or alternatives. The analysis results using the AHP software showed that homeland defense and economic well-being were the dominant aspects of cyber security policy, whereas capacity building and infrastructure were the main concern of cyber security elements for Azerbaijan. This study presents the strategic priority of cyber security policies that can be adopted by Azerbaijan government. This study can contribute to developing the national cyber security guide of Azerbaijan.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.41-48
• /
• 2021

Recently, the aspect of war is evolving due to the 4th industrial revolution technology. Among them, AI technology is changing the way of war as it is applied to advanced weapon systems and decision-making systems. Mosaic Warfare, presented by the U.S. DARPA, is shifting military warfare from attrition-centric warfare to decision-centric warfare by combining Internet of Things, cloud computing, big data, mobile, and artificial intelligence technologies. In addition, it is a method to perform operations quickly so that the most offensive effect can be achieved by appropriately combining the distributed and deployed forces according to the battlefield context. In other words, military operations are not carried out through a uniform combat process, but various forces are operated through a distributed system depending on the battlefield context. In cyber warfare, as artificial intelligence is applied to cyber attack technology, there is a limit to responding with the same procedural response method as the existing cyber kill chain. Therefore, in this paper, the execution method of mosaic warfare is applied to perform context-resilient cyber operations that can operate a response system according to the attack and cyberspace context.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• The Journal of the Korea Contents Association
• /
• v.13 no.3
• /
• pp.141-151
• /
• 2013

With the spread of Personal Computers(PC) in the 1980's, many people started to deal businesses with PC. From late 1990's, the Internet age with PC have started and many people have showed keen interest in cyber-space and now they are utilizing it. Since 2000's the use of cyber-space have skyrocketed and it caused significant changes to humans' life. There was a huge prosperity to us but the new kind of crime, cyber-crime, was raised. Unlike past physical type of crimes, those cyber-crimes take place in the cyber-space and they have special features of non-facing, anonymity, specialty, technologic, repetition, continuation. Those cyber-crimes are continually growing since 2003 and in 2010 it almost doubled compared to 2003. General cyber-crimes like phishing-scam pornography circulation was most of them and notably perpetrators of them are younger generation. Recently cyber-crimes are showing the trend of advancing more and more and cyber-bullying, fraud like phishing scam are on the rise. The police are responding by making 'Cyber Terror Response Center', but it does not work effectively with the problems of breakup of prevention and investigation unit, procedure of investigation and the system itself. So, I suggest practical use of private security to remedy our police's weakness and to prevent cyber-crimes. Preventing solutions of cyber-crime with private security are physical defense of large-scale servers and vital computers, building of Back-up system to prevent vital data loss, and building of cyber-crime preventing system combining software and hardware.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.4 s.42
• /
• pp.231-241
• /
• 2006

When current cyber attacks to information and communication facilities are examined, technologies such as chase evasion technology and defense deviation technology have been rapidly advanced and many weak systems worldwide are often used as passages. And when newly-developed cyber attack instruments are examined, technologies for prefect crimes such as weakness attack, chase evasion and evidence destruction have been developed and distributed in packages. Therefore, there is a limit to simple prevention technology and according to cases, special procedures such as real-time chase are required to overcome cyber crimes. Further, cyber crimes beyond national boundaries require to be treated in international cooperation and relevant procedural arrangements through which the world can fight against them together. However, in current laws, there are only regulations such as substantial laws including simple regulations on Punishment against violation. In procedure, they are treated based on the same procedure as that of general criminal cases which are offline crimes. In respect to international cooperation system, international criminal private law cooperation is applied based on general criminals, which brings many problems. Therefore, this study speculates the procedural law on cyber crimes and presents actual problems of our country and its countermeasures.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.19-27
• /
• 2022

With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.49-57
• /
• 2015

Changes in the national intelligence security industry is becoming increasingly rapidly changing due to the development of the network and the use of the Internet. Information also can be called by critical information assets, as well as social infrastructure of the country's reality is that individuals at risk. These professionals make to prevent terrorists to destroy national defense system and network was absolutely necessary. But, Cyber Terror Response NCOs to be responsible for cyber terrorism requires a professional NCOs with advanced knowledge. National Competency Standards(NCS) using a national information security field tutors to conduct training courses teaching - learning model to develop and to apply.