• IEIE Transactions on Smart Processing and Computing
• /
• v.5 no.2
• /
• pp.94-99
• /
• 2016

Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

• Korean Journal of Culture and Social Issue
• /
• v.15 no.4
• /
• pp.507-528
• /
• 2009

Coping and defense are similar psychological mechanisms to reduce stress response, but they are regarded as distinct from each other. Defense involved distortions of reality, but coping was used for strategies associated with accepting the true nature of the situation. The purpose of the present study was to investigate the coping and defense features of the North Korean Defectors in the Rorschach test. The subjects were then categorized into four groups based on their birth place and gender: Male North Korean defectors( N=16), female North Korean defectors(N=28), male South Koreans(N=17), and female South Koreans(N=25). All subjects were individually administered the Rorschach test, and protocols were scored according to the Exner(2003)'s Rorschach Comprehensive systems. Coping or defense-related Rorschach variables were selected for analysis: EA, CDI, Adj D, EB style, Lamda, Zd, X-%, Xu%, W:Dd:D, P, reaction time, and other behavior characteristics during the testing. Compared with other groups, female North Korean defectors were more likely to show poor coping resources(low EA), adjustment difficulties(Adj D), and distortions of reality(high X-%). They also demonstrated more 'don't know' responses and more delayed responses than other groups. These findings suggest that poor coping resources make female North Korean defectors more vulnerable to stress, and psychological intervention such as social skills training may help them settle successfully in south Korea. Limitations of the current study and implications for future research were discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1317-1330
• /
• 2017

To collect server information and construct network map enable us to prevent security breach, prepare for national cyber warfare and make effective policies. In this paper, we analyze well-known network scanners, Nmap and ZMap, and construct network map using banner grabbing. We use multiple threads in order to increase scanning speed and arrange IP lists by specific order to reduce the load on information gathering targets. Also, we applied performance tests to compare the real-time banner grabbing tool with the existing network scanners. As a result, we gathered server information from domestic and overseas servers and derived a risk index based on the collected database. Although there are slight differences among countries, we can identify the risky situation that many users in every country are exposed to several security breaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1261-1266
• /
• 2021

Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.

• Journal of Information Technology Services
• /
• v.20 no.1
• /
• pp.29-40
• /
• 2021

North Korea's science and technology policies are being pursued under strong leadership and control by the central government. In particular, a large part of the research and development of science and technology related to the Fourth Industrial Revolution in North Korea is controlled and absorbed by the defense organizations under the national defense-oriented policy framework, among which North Korea is making national efforts to develop advanced technologies in artificial intelligence and actively utilize them in the military affairs. The future weapon system based on AI will have superior performance and destructive power that is different from modern weapons systems, which is likely to change the paradigm of the future battlefield, so a thorough analysis and prediction of the level of AI militarization technology, the direction of development, and AI-based weapons system in North Korea is needed. In addition, research and development of South Korea's corresponding weapon systems and military science and technology are strongly required as soon as possible. Therefore, in this paper, we will analyze the level of AI technology, the direction of AI militarization, and the AI-based weapons system in North Korea, and discuss the AI military technology and corresponding weapon systems that South Korea military must research and develop to counter the North Korea's. The next study will discuss the analysis of AI militarization technologies not only in North Korea but also in neighboring countries in Northeast Asia such as China and Russia, as well as AI weapon systems by battlefield function, detailed core technologies, and research and development measures.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.15-23
• /
• 2021

In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.209-221
• /
• 2023

Due to the rapid spread of the COVID-19 virus in December 2019, the working environment was rapidly converted to telecommuting. However, since the defense industry is an organization that handles technology related to the military, the network separation policy is applied, so there are many restrictions on the application of telecommuting. Telecommuting is a global change and an urgent task considering the rapidly changing environment in the future. Currently, in order for defense companies to implement telecommuting, VPN, VDI, and network interlocking systems must be applied as essential elements. Eventually, some contact points will inevitably occur, which will increase security vulnerabilities, and strong security management is important. Therefore, in this paper, attack types are selected and threats are analyzed based on the attack tactics of the MITER ATT&CK Framework, which is periodically announced by MITER in the US to systematically detect and respond to cyber attacks. Then, by applying STRIDE threat modeling, security threats are classified and specific security requirements are presented.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.3
• /
• pp.91-98
• /
• 2021

Today's information and communication technology is rapidly developing, the security of IT infrastructure is becoming more important, and at the same time, cyber attacks of various forms are becoming more advanced and sophisticated like intelligent persistent attacks (Advanced Persistent Threat). Early defense or prediction of increasingly sophisticated cyber attacks is extremely important, and in many cases, the analysis of network-based intrusion detection systems (NIDS) related data alone cannot prevent rapidly changing cyber attacks. Therefore, we are currently using data generated by intrusion detection systems to protect against cyber attacks described above through Host-based Intrusion Detection System (HIDS) data analysis. In this paper, we conducted a comparative study on machine learning algorithms using LID-DS (Leipzig Intrusion Detection-Data Set) host-based intrusion detection data including thread information, metadata, and buffer data missing from previously used data sets. The algorithms used were Decision Tree, Naive Bayes, MLP (Multi-Layer Perceptron), Logistic Regression, LSTM (Long Short-Term Memory model), and RNN (Recurrent Neural Network). Accuracy, accuracy, recall, F1-Score indicators and error rates were measured for evaluation. As a result, the LSTM algorithm had the highest accuracy.

• Journal of Korea Multimedia Society
• /
• v.18 no.4
• /
• pp.483-491
• /
• 2015

Data hiding is one of protective methods that can authenticate the completeness of digital information and protect intelligent property rights and copyright through secret communications. In this paper, we propose a data hiding method using pixel-value modular operation that has a high capacity while maintaining a good visual quality. The proposed method can embed secret data on the every pixel of a cover image by modular operation. The experiment results demonstrate that the proposed method has a high capacity and good visual quality where the embedding capacity is 91,138 bytes, the PSNR is 47.94dB, and the Q index is 0.968.

• Annual Conference of KIPS
• /
• 2017.11a
• /
• pp.302-305
• /
• 2017

사이버 공격은 점차 다양해지고, 그 위험성은 날로 심각해지고 있다. 가장 강력한 공격 중 하나는 DDoS (Distributed Denial of Service) 공격이다. 본 논문에서는 다양한 사이버 공격을 분류하고 이에 따른 방법 기법을 서술하겠다. 특히, 최신 DDoS 공격 탐지 방법을 소개하고 딥러닝 (Deep Learning)을 활용한 최신 방어 기법 연구에 대해 살펴보도록 하겠다.