• Title/Summary/Keyword: Cyber-Attacks

Search Result 529, Processing Time 0.031 seconds

A Study on Cybersecurity Bills for the Legislation of Cybersecurity Act in Korea (사이버안보법 제정을 위한 국내 사이버안보 법률안 연구)

  • Park, Sangdon;Kim, So Jeong
    • Convergence Security Journal
    • /
    • v.13 no.6
    • /
    • pp.91-98
    • /
    • 2013
  • Cyber attacks threaten the national security in this day and age. The government of the Republic of Korea recently released the National Cyber Security Comprehensive Countermeasures as a new cybersecurity policy. But current legal system cannot provide legal basis for the implementation of such measures. The current legal system related to cybersecurity is applied in each sector, thus the governance system in cybersecurity is separate. So there are many problems in the governance system in cybersecurity. To solve these problems fundamentally, it is righter to make a new cybersecurity law than to revise existing laws. Meanwhile, lawmakers proposed some bills in Congress to strengthen the cybersecurity in Korea in 2013. It will increase possibility of legislation of cybersecurity act to make a law through the analysis of these bills and to derive the essential elements from those. and to reflect these in the new cybersecurity act.

Modeling and Implementation of IDS for Security System simulation using SSFNet (SSFNet 환경에서 보안시스템 시뮬레이션을 위한 IDS 모델링 및 구현)

  • Kim, Yong-Tak;Kwon, Oh-Jun;Seo, Dong-Il;Kim, Tai-Suk
    • Journal of the Korea Society for Simulation
    • /
    • v.15 no.1
    • /
    • pp.87-95
    • /
    • 2006
  • We need to check into when a security system is newly developed, we against cyber attack which is expected in real network. However it is impossible to check it under the environment of a large-scale distributive network. So it is need to simulate it under the virtual network environment. SSFNet is a event-driven simulator which can be represent a large-scale network. Unfortunately, it doesn't have the module to simulate security functions. In this paper, we added the IDS module to SSFNet. We implement the IDS module by modeling a key functions of Snort. In addition, we developed some useful functions using Java language which can manipulate easily a packet for network simulation. Finally, we performed the simulation to verify the function if our developed IDS and Packets Manipulation. The simulation shows that our expanded SSFNet can be used to further large-scale security system simulator.

  • PDF

A Study on the Malware Realtime Analysis Systems Using the Finite Automata (유한 오토마타를 이용한 악성코드 실시간 분석 시스템에 관한 연구)

  • Kim, Hyo-Nam;Park, Jae-Kyoung;Won, Yoo-Hun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.5
    • /
    • pp.69-76
    • /
    • 2013
  • In the recent years, cyber attacks by malicious codes called malware has become a social problem. With the explosive appearance and increase of new malware, innumerable disasters caused by metaphoric malware using the existing malicious codes have been reported. To secure more effective detection of malicious codes, in other words, to make a more accurate judgment as to whether suspicious files are malicious or not, this study introduces the malware analysis system, which is based on a profiling technique using the Finite Automata. This new analysis system enables realtime automatic detection of malware with its optimized partial execution method. In this paper, the functions used within a file are expressed by finite automata to find their correlation, and a realtime malware analysis system enabling us to give an immediate judgment as to whether a file is contaminated by malware is suggested.

Design and Implementation of Real-Time Indirect Health Monitoring System for the Availability of Physical Systems and Minimizing Cyber Attack Damage (사이버 공격 대비 가동 물리장치에 대한 실시간 간접 상태감시시스템 설계 및 구현)

  • Kim, Hongjun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1403-1412
    • /
    • 2019
  • Effect of damage and loss cost for downtime is huge, if physical devices such as turbines, pipe, and storage tanks are in the abnormal state originated from not only aging, but also cyber attacks on the control and monitoring system like PLC (Programmable Logic Controller). To improve availability and dependability of the physical devices, we design and implement an indirect health monitoring system which sense temperature, acceleration, current, etc. indirectly, and put sensor data into Influx DB in real-time. Then, the actual performance of detecting abnormal state is shown using the indirect health monitoring system. Analyzing data are acquired using the real-time indirect health monitoring system, abnormal state and security threats can be double-monitored and lower maintenance cost utilizing prognostics and health management.

One-time Session Key based HTTP DDoS Defense Mechanisms (일회성 세션 키 기반 HTTP DDoS 공격 방어기법)

  • Choi, Sang-Yong;Kang, Ik-Seon;Kim, Yong-Min
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.8
    • /
    • pp.95-104
    • /
    • 2013
  • DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

Intrusion Artifact Acquisition Method based on IoT Botnet Malware (IoT 봇넷 악성코드 기반 침해사고 흔적 수집 방법)

  • Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.7 no.3
    • /
    • pp.1-8
    • /
    • 2021
  • With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.

Proposal of Detection Module for Fighter Aircraft Data Modulation Attack (전투기 데이터 변조 공격행위에 대한 탐지모듈 제안)

  • Hong, Byoung-jin;Kim, Wan-ju;Kim, Ho-keun;Lim, Jae-sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.5-16
    • /
    • 2019
  • Modern state-of-the-art military aviation assets are operated with independent embedded real-time operating systems(RTOS). These embedded systems are made with a high level of information assurance. However, once the systems are introduced and installed on individual platforms for sustaining operational employment, the systems are not actively managed and as a result the platforms become exposed to serious threats. In this paper, we analyzed vulnerability factors in the processing of mission planning data and maintenance-related data for fighter aircraft. We defined the method and form of cyber attacks that modulate air data using these vulnerabilities. We then proposed a detection module for integrity detection. The designed module can preemptively respond to potential cyber threats targeting high - value aviation assets by checking and preemptively responding to malware infection during flight data processing of fighter aircraft.

Topic Automatic Extraction Model based on Unstructured Security Intelligence Report (비정형 보안 인텔리전스 보고서 기반 토픽 자동 추출 모델)

  • Hur, YunA;Lee, Chanhee;Kim, Gyeongmin;Lim, HeuiSeok
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.6
    • /
    • pp.33-39
    • /
    • 2019
  • As cyber attack methods are becoming more intelligent, incidents such as security breaches and international crimes are increasing. In order to predict and respond to these cyber attacks, the characteristics, methods, and types of attack techniques should be identified. To this end, many security companies are publishing security intelligence reports to quickly identify various attack patterns and prevent further damage. However, the reports that each company distributes are not structured, yet, the number of published intelligence reports are ever-increasing. In this paper, we propose a method to extract structured data from unstructured security intelligence reports. We also propose an automatic intelligence report analysis system that divides a large volume of reports into sub-groups based on their topics, making the report analysis process more effective and efficient.

Deriving Essential Security Requirements of IVN through Case Analysis (사례 분석을 통한 IVN의 필수 보안 요구사항 도출)

  • Song, Yun keun;Woo, Samuel;Lee, Jungho;Lee, You sik
    • The Journal of The Korea Institute of Intelligent Transport Systems
    • /
    • v.18 no.2
    • /
    • pp.144-155
    • /
    • 2019
  • One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

Study on Improvement of Vulnerability Diagnosis Items for PC Security Enhancement (PC보안 강화를 위한 기술적 취약점 진단항목 개선 연구)

  • Cho, Jin-Keun
    • Journal of Convergence for Information Technology
    • /
    • v.9 no.3
    • /
    • pp.1-7
    • /
    • 2019
  • There are various cyber attacks on business PCs. In order to reduce the threat of PC security, we are preventing the vulnerability from being diagnosed beforehand. However, this guideline is difficult to cope with because the domestic vulnerability guide does not update the diagnostic items. In this paper, we examine the cyber infringement cases of PCs and the diagnostic items of foreign technical vulnerabilities in order to cope with security threats. In addition, an improved guide is provided by comparing the differences in the diagnostic items of technical vulnerability from abroad and domestic. Through 41 proposed technical vulnerability improvement items, it was found that various security threats can be coped with. Currently, it is mainly able to respond to only known vulnerabilities, but we hope that applying this guideline will reduce unknown security threats.