• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.280-282
• /
• 2017

최근 소프트웨어에 내장된 취약점 분석을 위한 자동화 도구 개발 연구가 각 분야에서 활발히 연구되고 있다. 그 중 바이너리 코드를 대상으로 바로 보안취약점을 분석하는 방법이 아닌 중간언어를 활용하여 분석하는 방법이 대두되고 있으며 이를 위한 다양한 중간언어가 제시되었다. 그 중 하이레벨 언어 수준의 내용의 기술이 가능하며 명령어 자체적으로 자료형을 유지하여 보안 취약점 분석에 효과적인 언어로 SIL 중간언어가 재조명 받고 있다. 따라서 본 논문에서는 이룰 위해서 x86/64 기반 어셈블리어를 SIL 로 효과적으로 변환하며 프로그램의 의미가 변하지 않는 것을 확인하기 위해서 프로그램의 제어흐름을 시각화하는 기능을 가진 시스템을 제안한다.

• Annual Conference of KIPS
• /
• 2019.10a
• /
• pp.475-478
• /
• 2019

웹어플리케이션의 발전에 따라 자바스크립트 런타임 플랫폼인 Node.js 의 사용도 증가하고 있다. 개발자들은 Node.js 의 다양한 모듈을 활용하여 프로그래밍을 하게 되는데, Node.js 모듈 보안의 중요성에 비하여 모듈 취약점 분석은 충분히 이루어지지 않고 있다. 본 논문에서는 소스코드의 구조를 트리 형태로 표현하는 Abstract Syntax Tree 와 소스코드의 실행 흐름 및 변수의 흐름을 그래프로 나타내는 Control Flow Graph/Data Flow Graph 가 Node.js 모듈 취약점 분석에 효율적으로 활용될 수 있음을 서술하고자 한다. Node.js 모듈은 여러 스크립트 파일로 나누어져 있다는 점과 사용자의 입력이 분명하다는 특징이 있다. 또한 자바스크립트 언어를 사용하므로 선언된 변수들의 타입에 따라 적용되는 범위인 scope 가 다르게 적용된다는 특징이 있다. 본 논문에서는 이러한 Node.js 모듈의 특징을 고려하여 Abstract Syntax Tree 및 Control Flow Graph/Data Flow Graph 을 어떻게 생성하고 취약점 분석에 활용할 것인지에 대한 방법론을 제안하고, 실제 분석에 활용할 수 있는 코드 구현을 통하여 구체화시키고자 한다.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.3-13
• /
• 2021

As new technologies such as artificial intelligence (AI), cloud, Internet of Things (IoT), big data, and mobile become organically integrated, a new era of digital transformation is emerging. As a result of this digital transformation, cybersecurity issues have surfaced as a negative side effect. Cyberspace, unlike physical space, has no clear limits, which leads to additional side effects and hazards. While promoting digital transformation in defense, conventional customs and behavioral approaches make it difficult to alter the cybersecurity strategy, even if it is vital to comprehend and prepare the attributes associated with time and technology trends. As a result, in this study, we will look at the direction of technology application in the defense as a result of digital transformation and analyze how to correlate from the standpoint of cybersecurity.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.157-166
• /
• 2024

The Army TIGER System, which is being deployed to implement a future combat system, is expected to bring innovative changes to the army's combat methods and comabt execution capability such as mobility, networking and intelligence. To this end, the Army will introduce various systems using drones, robots, unmanned vehicles, AI(Artificial Intelligence), etc. and utilize them in combat. The use of various unmanned vehicles and AI is expected to result in the introduction of equipment with new technologies into the army and an increase in various types of transmitted information, i.e. data. However, currently in the military, there is an acceleration in research and combat experimentations on warfigthing options using Army TIGER forces system for specific functions. On the other hand, the current reality is that research on cyber threats measures targeting information systems related to the increasing number of unmanned systems, data production, and transmission from unmanned systems, as well as the establishment of cloud centers and AI command and control center driven by the new force systems, is not being pursued. Accordingly this paper analyzes the structure and characteristics of the Army TIGER force integration system and makes suggestions for necessity of building, available cyber defense solutions and Army TIGER integrated cyber protections system that can respond to cyber threats in the future.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.669-672
• /
• 2020

In this paper, we analyzed the characteristics of cyber attacks and major threat scenarios that could occur around intelligent building management Systems(IBS) by cyber attack security threats against cyber physics systems. Generally determined that lowering the likelihood of aggression against predictable threats would be a more realistic approach to attack response. The countermeasures against this need to be applied to multi-layered defense systems, and three alternatives were proposed: preliminary cyber safety diagnosis for protection targets and the establishment of mobile security control systems.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.6
• /
• pp.797-805
• /
• 2019

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.75-80
• /
• 2020

Damage caused by ransomware has continued to increase since last year, but cyber operations are managed without any separate classification of ransomware types in the military's guidelines for carrying out cyber operations. However, unlike other malware, ransomware is a threat that could paralyze all defense operations in one moment, and the military should reevaluate ransomware and take countermeasures. Accordingly, this paper aims to analyze the assets, vulnerabilities, and threats related to defense information service based on information security risk management, and propose alternatives to ensure continuity of defense work from ransomware threats.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.115-127
• /
• 2021

With the development of science and technology around the world, the realm of cyberspace, following land, sea, air, and space, is also recognized as a battlefield area. Accordingly, it is necessary to design and establish various elements such as definitions, systems, procedures, and plans for not only physical operations in land, sea, air, and space but also cyber operations in cyberspace. In this research, the importance of cyber targets that can be considered when prioritizing the list of cyber targets selected through intermediate target development in the target development and prioritization stage of targeting processing of cyber operations was selected as a factor to be considered. We propose a method to calculate the score for the cyber target and use it as a part of the cyber target prioritization score. Accordingly, in the cyber target prioritization process, the cyber target importance category is set, and the cyber target importance concept and reference item are derived. We propose a TIR (Target Importance Rank) algorithm that synthesizes parameters such as Event Prioritization Framework based on PageRank algorithm for score calculation and synthesis for each derived standard item. And, by constructing the Stuxnet case-based network topology and scenario data, a cyber target importance score is derived with the proposed algorithm, and the cyber target is prioritized to verify the proposed algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1027-1037
• /
• 2019

Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.