• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.145-151
• /
• 2017

The Cyberspace of the Republic of Korea Army is continuously threatened by enemies. Means for responding to such cyber threats are ultimately Military information security professional personnel. Currently, however, there are only a handful of advanced information security professional persons in Republic of Korea Army, and a lack of systematic training is inadequate. Therefore, in this thesis, we surveyed the information security professional human resource policies of USA, UK, Israel, and Japan. In addition, the policy to train professional human resources specialized in defense cyber security, we proposed training of specialist talent of 4 steps and medium and long term plan, step-by-step training system sizing, introduction of certification system.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.101-107
• /
• 2019

Our military's cyberspace is under constant threat from the enemy. These cyber threats are targeted at the information service assets held by the military, and securing the security of the organization's information service assets is critical. However, since Information assets can not be 100% selt-sufficient in any organization as well as the military, acquisition of information assets by the supply chain is an inevitable. Therefor, after reviewing supply chain protection measures to secure the safety of the military supply chain, we proposed a method for securing supply chain companies through the citation of partnership based on the validated trust model.

• Annual Conference of KIPS
• /
• 2018.10a
• /
• pp.438-441
• /
• 2018

In this paper, we propose a finite impulse response (FIR) filter under malicious cyber attacks. The FIR filter shows the robust performance against the malicious cyber attacks. The Kalman filter (KF), one of the widely used filters, is introduced as a comparison of robust performance of the proposed method. The robust performance of the proposed method under malicious cyber attacks is demonstrated through experimental results.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.101-107
• /
• 2021

Recently, only trusted functionality has been emphasized due to the nature of the weapon system, which is a closed network. We are responding to new cyber warfare threats by monitoring cyber warfare threats by establishing a security control system for weapons systems that are closed networks centered on the United States and Israel. Therefore, in this study, the security control monitoring method that minimizes the load through the layered weapon system gateway by analyzing the technology of the domestic and foreign weapon system security control system, the weapon system device forgery, change, update method, and the detection of new cyber warfare threats through the use of artificial intelligence method was proposed.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.276-279
• /
• 2017

오늘날 사회 전반적인 부분에서 소프트웨어의 비중은 지속적으로 증가하고 있다. 또한 소프트웨어는 점차 대규모화되고 있고 동시에 개인의 중요한 정보 등을 다루는 경우도 매우 늘어나고 있기에 소프트웨어의 보안성 검증은 매주 중요한 문제이다. 그러나 소스코드가 존재하지 않는 라이브러리의 경우 보안성 검증은 매우 어려운 문제로, 이를 해결하기 위해 바이너리 내에 존재하는 보안약점을 검사하기 위한 기술의 개발이 매우 요구되는 상황이며, 이를 위해 중간언어를 활용하여 보안약점을 분석하는 기술이 활발히 논의되고 있다. 본 논문에서는 바이너리 코드내에 존재하는 보안약점을 효과적으로 분석하기 위해서 바이너리 코드로부터 보안약점 분석에 효과적인 중간언어로 변환하는 시스템을 제안한다.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.91-97
• /
• 2020

Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4529-4548
• /
• 2016

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.