• Title/Summary/Keyword: Cyber-Attacks

Search Result 529, Processing Time 0.023 seconds

The Analysis of the APT Prelude by Big Data Analytics (빅데이터 분석을 통한 APT공격 전조 현상 분석)

  • Choi, Chan-young;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.317-320
    • /
    • 2016
  • The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and Classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on December in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attack thus far. Therefore, we will use big data analytics to analyze whether or not APT attack has occurred in order to defend against the manipulative attackers. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean defense system. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attack and evaluate the models' accuracy and other results. Lastly, we will present an effective response method to address a detected APT attack.

  • PDF

Security-Reverse-Attack Engineering Life-cycle Model for Attack System and Attack Specification Models (공격시스템을 위한 보안-역-공격공학 생명주기 모델과 공격명세모델)

  • Kim, Nam-Jeong;Kong, Mun-Soo;Lee, Gang-Soo
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.6
    • /
    • pp.17-27
    • /
    • 2017
  • Recently, as cyber attacks have been activated, many such attacks have come into contact with various media. Research on security engineering and reverse engineering is active, but there is a lack of research that integrates them and applies attack systems through cost effective attack engineering. In this paper, security - enhanced information systems are developed by security engineering and reverse engineering is used to identify vulnerabilities. Using this vulnerability, we compare and analyze lifecycle models that construct or remodel attack system through attack engineering, and specify structure and behavior of each system, and propose more effective modeling. In addition, we extend the existing models and tools to propose graphical attack specification models that specify attack methods and scenarios in terms of models such as functional, static, and dynamic.

A Survey of Regulations on Smishing and Mobile Micropayment and a Research of Regulations and Laws for Reducing Monetary Damages in Mobile Micropayment (스미싱 제도와 소액결제 제도의 현황 조사 및 소액결제 피해를 줄이기 위한 법·제도 연구)

  • Park, Hanjin;Kim, Injung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1189-1199
    • /
    • 2017
  • With the rapid increase in mobile device users, there are many cyber attacks using SMS messages to infect the mobile device. The monetary demage from those attacks are also increasing. Since those demage are generally related to mobile micropayement systems, we study the details of the incidents on smishing and mobile micropayment. We have identified several limitations of current regulations and laws of them. Thus, we propose new regulations and laws to reduce the financial demage from simishing and to strengthen the security and responsibility of the mobile network operator, payment gateway, and content providers who are participating in the structure of a mobile micropayment systems, such as a regulation for information security evaluation system, several laws for compensation of financial demage within mobile micropayement system.

Digital Image Watermarking Scheme in the Singular Vector Domain (특이 벡터 영역에서 디지털 영상 워터마킹 방법)

  • Lee, Juck Sik
    • Journal of the Institute of Convergence Signal Processing
    • /
    • v.16 no.4
    • /
    • pp.122-128
    • /
    • 2015
  • As multimedia information is spread over cyber networks, problems such as protection of legal rights and original proof of an information owner raise recently. Various image transformations of DCT, DFT and DWT have been used to embed a watermark as a token of ownership. Recently, SVD being used in the field of numerical analysis is additionally applied to the watermarking methods. A watermarking method is proposed in this paper using Gabor cosine and sine transform as well as SVD for embedding and extraction of watermarks for digital images. After delivering attacks such as noise addition, space transformation, filtering and compression on watermarked images, watermark extraction algorithm is performed using the proposed GCST-SVD method. Normalized correlation values are calculated to measure the similarity between embedded watermark and extracted one as the index of watermark performance. Also visual inspection for the extracted watermark images has been done. Watermark images are inserted into the lowest vertical ac frequency band. From the experimental results, the proposed watermarking method using the singular vectors of SVD shows large correlation values of 0.9 or more and visual features of an embedded watermark for various attacks.

A Hybrid Modeling Method for RCS Worm Simulation (RCS 웜 시뮬레이션을 위한 Hybrid 모델링 방법)

  • Kim, Jung-Sik;Park, Jin-Ho;Cho, Jae-Ik;Choi, Kyoung-Ho;Im, Eul-Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.43-53
    • /
    • 2007
  • Internet becomes more and more popular, and most companies and institutes use web services for e-business and many other purposes. With the explosion of Internet, the occurrence of cyber terrorism has grown very rapidly. Simulation is one of the most widely used method to study internet worms. But, it is quite challenging to simulate very large-scale worm attacks because of various reasons. In this paper, we propose a hybrid modeling method for RCS(Random Constant Spreading) worm simulation. The proposed hybrid model simulates worm attacks by synchronizing modeling network and packet network. So, this model will be both detailed enough to generate realistic packet traffic, and efficient enough to model a worm spreading through the Internet. Moreover, our model have the capability of dynamic updates of the modeling parameters. Finally, we simulate the hybrid model with the CodeRed worm to show validity of our proposed model for RCS worm simulation.

New Simple Power Analysis on scalar multiplication based on sABS recoding (sABS 형태의 스칼라 곱셈 연산에 대한 새로운 단순전력 공격)

  • Kim, Hee-Seok;Kim, Sung-Kyoung;Kim, Tae-Hyun;Park, Young-Ho;Lim, Jong-In;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.115-123
    • /
    • 2007
  • In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.

Design and Implementation of Web-browser based Malicious behavior Detection System(WMDS) (웹 브라우저 기반 악성행위 탐지 시스템(WMDS) 설계 및 구현)

  • Lee, Young-Wook;Jung, Dong-Jae;Jeon, Sang-Hun;Lim, Chae-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.667-677
    • /
    • 2012
  • Vulnerable web applications have been the primary method used by the attackers to spread their malware to a large number of victims. Such attacks commonly make use of malicious links to remotely execute a rather advanced malicious code. The attackers often deploy malwares that utilizes unknown vulnerabilities so-called "zero-day vulnerabilities." The existing computer vaccines are mostly signature-based and thus are effective only against known attack patterns, but not capable of detecting zero-days attacks. To mitigate such limitations of the current solutions, there have been a numerous works that takes a behavior-based approach to improve detection against unknown malwares. However, behavior-based solutions arbitrarily introduced a several limitations that made them unsuitable for real-life situations. This paper proposes an advanced web browser based malicious behavior detection system that solves the problems and limitations of the previous approaches.

Periodic-and-on-Event Message-Aware Automotive Intrusion Detection System (Periodic-and-on-Event 메시지 분석이 가능한 차량용 침입탐지 기술)

  • Lee, Seyoung;Choi, Wonsuk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.3
    • /
    • pp.373-385
    • /
    • 2021
  • To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

A Study on the High-Speed Malware Propagation Method for Verification of Threat Propagation Prevent Technology in IoT Infrastructure (IoT 인프라 공격 확산 방지 기술 성능 검증을 위한 악성코드 고속 확산 기법 연구)

  • Hwang, Song-yi;Kim, Jeong-Nyeo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.617-635
    • /
    • 2021
  • Internet of Things (IoT) devices connected to the network without appropriate security solutions have become a serious security threat to ICT infrastructure. Moreover, due to the nature of IoT devices, it is difficult to apply currently existing security solutions. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are actually increasing every year. Even though several security solutions are being developed to protect IoT infrastructure, there is a great risk to apply unverified security solutions to real-world environments. Therefore, verification tools to verify the functionality and performance of the developed security solutions are also needed. Furthermore, just as security threats vary, there are several security solution s that defend against them, requiring suitable verification tools based on the characteristics of each security solution. In this paper, we propose an high-speed malware propagation tool that spreads malware at high speed in the IoT infrastructure. Also, we can verify the functionality of the security solution that detect and quickly block attacks spreading in IoT infrastructure by using the high-speed malware propagation tool.

Security Frameworks for Industrial Technology Leakage Prevention (산업기술 유출 방지를 위한 보안 프레임워크 연구)

  • YangKyu Lim;WonHyung Park;Hwansoo Lee
    • Convergence Security Journal
    • /
    • v.23 no.4
    • /
    • pp.33-41
    • /
    • 2023
  • In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.