• 정보보호학회논문지
• /
• 제23권4호
• /
• pp.729-735
• /
• 2013

최근 이슈가 되고 있는 DDoS 공격은 주요 정부기관 및 금융기관 인터넷 사이트를 마비시키는 사이버 테러의 수단으로 사이버 안위를 위협하고 있다. 현재 사용되고 있는 공격 방법은 기존의 방법보다 진화된 방법으로 차단이 쉽지 않아 그로 인한 피해가 커지고 있는 상황이다. 이어서, 본 논문에서는 최근 계속적으로 진화하고 있는 DDoS 공격 중에서 DNS를 목표로 하는 DDoS 공격이 발생하는 사례를 보여주었다. 그러나 현재는 DNS를 목표로 하는 DDoS 공격에 대한 방어가 미비하다. 이를 보완하기 위해서 한국인터넷진흥원에서 운영 중인 사이버대피소에 착안하여 DNS에 대한 DDoS 공격의 대응 방안으로 DNS 사이버대피소를 제안하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권6호
• /
• pp.1657-1673
• /
• 2023

With the advancement of information technology, criminals employ multiple cyberspaces to promote cybercrime. To combat cybercrime and cyber dangers, banks and financial institutions use artificial intelligence (AI). AI technologies assist the banking sector to develop and grow in many ways. Transparency and explanation of AI's ability are required to preserve trust. Deep learning protects client behavior and interest data. Deep learning techniques may anticipate cyber-attack behavior, allowing for secure banking transactions. This proposed approach is based on a user-centric design that safeguards people's private data over banking. Here, initially, the attack data can be generated over banking transactions. Routing is done for the configuration of the nodes. Then, the obtained data can be preprocessed for removing the errors. Followed by hierarchical network feature extraction can be used to identify the abnormal features related to the attack. Finally, the user data can be protected and the malicious attack in the transmission route can be identified by using the Wrapper stepwise ResNet classifier. The proposed work outperforms other techniques in terms of attack detection and accuracy, and the findings are depicted in the graphical format by employing the Python tool.

• International Journal of Computer Science & Network Security
• /
• 제24권5호
• /
• pp.64-72
• /
• 2024

In recent times cyber attackers can use Artificial Intelligence (AI) to boost the sophistication and scope of attacks. On the defense side, AI is used to enhance defense plans, to boost the robustness, flexibility, and efficiency of defense systems, which means adapting to environmental changes to reduce impacts. With increased developments in the field of information and communication technologies, various exploits occur as a danger sign to cyber security and these exploitations are changing rapidly. Cyber criminals use new, sophisticated tactics to boost their attack speed and size. Consequently, there is a need for more flexible, adaptable and strong cyber defense systems that can identify a wide range of threats in real-time. In recent years, the adoption of AI approaches has increased and maintained a vital role in the detection and prevention of cyber threats. In this paper, an Ensemble Deep Restricted Boltzmann Machine (EDRBM) is developed for the classification of cybersecurity threats in case of a large-scale network environment. The EDRBM acts as a classification model that enables the classification of malicious flowsets from the largescale network. The simulation is conducted to test the efficacy of the proposed EDRBM under various malware attacks. The simulation results show that the proposed method achieves higher classification rate in classifying the malware in the flowsets i.e., malicious flowsets than other methods.

• Journal of Electrical Engineering and Technology
• /
• 제12권1호
• /
• pp.19-28
• /
• 2017

False data injection attacks have recently been introduced as one of important issues related to cyber-attacks on electric power grids. These attacks aim to compromise the readings of multiple power meters in order to mislead the operation and control centers. Recent studies have shown that if a malicious attacker has complete knowledge of the power grid topology and branch admittances, s/he can adjust the false data injection attack such that the attack remains undetected and successfully passes the bad data detection tests that are used in power system state estimation. In this paper, we investigate that a practical false data injection attack is essentially a cyber-attack with uncertain information due to the attackers lack of knowledge with respect to the power grid parameters because the attacker has limited physical access to electric facilities and limited resources to compromise meters. We mathematically formulated a method of identifying the most vulnerable locations to false data injection attack. Furthermore, we suggest minimum topology changes or phasor measurement units (PMUs) installation in the given power grids for mitigating such attacks and indicate a new security metrics that can compare different power grid topologies. The proposed metrics for performance is verified in standard IEEE 30-bus system. We show that the robustness of grids can be improved dramatically with minimum topology changes and low cost.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2016년도 춘계학술대회
• /
• pp.309-312
• /
• 2016

최근 남북관계 갈등의 골이 깊어지면서 북한의 사이버 테러(Cyber Terror) 가능성이 높게 제기되고 있다. 따라서 사이버 테러의 대표적 공격방법인 DoS(Denial of Service) 공격이 사회적으로 이슈(Issue)가 되고, 이에 따라 정보 보안에 대한 관심 또한 높아지고 있다. DoS 공격의 다양한 유형 중에서 내부적인 DoS 공격 방법에는 디스크, 메모리, 프로세스 리소스의 고갈이 있다. 리눅스(Linux) 시스템에서 내부적인 DoS 공격에 대응하는 방법으로 PAM(Pluggable Authentication Module)을 이용한 사용자의 프로세스 제한을 꼽을 수 있다. 본 논문에서는 PAM을 이용하여 내부적인 DoS 공격에 의한 리소스(Resource) 고갈을 예방할 수 있는 기법을 제시하였다.

• Journal of Information Processing Systems
• /
• 제12권3호
• /
• pp.422-435
• /
• 2016

Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today's cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

• 한국전자거래학회지
• /
• 제19권4호
• /
• pp.31-43
• /
• 2014

최근 많은 사이버 공격은 S/W의 취약점을 이용한 익스플로잇(exploit)으로 이루어지고 있다. 주기적으로 취약점 동향이 발표되고 있으며 이를 참고로 보안의 방향이 제시되고 개선 방안도 수정되고 있다. 그럼에도 불구하고 2011년 한 해 동안 발생한 해킹 등 사이버 공격은 2010년 대비 81% 증가하였고, 이러한 사이버 공격의 약 75%가 S/W 자체의 보안 취약점을 악용하고 있다. 본 논문에서는 S/W 취약점으로 인한 손실비용 측정을 위해 질병 전파 모델인 SIR 모델을 응용하여 취약점에 의한 악성코드 감염 확산 모델인 VIR모델을 제시하고, 이를 한글 S/W 취약점에 적용하여 손실비용이 어느 정도인지를 추정하였다.

• ETRI Journal
• /
• 제41권5호
• /
• pp.585-598
• /
• 2019

A cyber-physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well-funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game-theoretical model considering both low- and high-interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.

• 사물인터넷융복합논문지
• /
• 제8권5호
• /
• pp.1-9
• /
• 2022

최근 IoT 및 휴대용 통신 단말에 각종 서비스가 연동되면서 해당 디바이스의 보안 취약점을 악용한 사이버 공격이 급증하고 있다. 특히 지능형 지속위협(APT) 공격을 통해 대단위 네트워크 환경에서 이기종 형태의 디바이스를 대상으로 한 사이버 공격이 급증하고 있다. 따라서 침해사고 발생시 대응 체계의 유효성을 향상시키기 위해서는 위협 분석 및 탐지 성능이 향상되도록 수집된 아티팩트 데이터에 대한 데이터 보완(Data Enrichment) 메커니즘을 적용할 필요가 있다. 이에 본 연구에서는 침해사고 분석을 위해 수집된 아티팩트를 대상으로 기존의 사고관리 프레임워크에서 수행하는 데이터 보완 공통 요소를 분석하여 실제 시스템에 적용 가능한 특징 요소를 도출하고, 이를 토대로 개선된 사고분석 프레임워크 프로토타입 구조를 제시하였으며 도출된 데이터 보완 확장 요소의 적합도를 검증하였다. 이를 통해 이기종 디바이스로부터 수집된 아티팩트를 대상으로 사이버 침해사고 분석 시 탐지 성능을 향상시킬 수 있을 것으로 기대된다.

• 전기학회논문지
• /
• 제57권3호
• /
• pp.327-335
• /
• 2008

As communication is becoming increasingly prevalent and especially communication architecture is more relying on the open standard communication protocols, the security issues become major concerns. In this paper we consider possible cyber attacks in the applications based on the current distribution communication architecture, and then derive the security goals. Next we propose how the security algorithms can be adapted to achieve these security goals. We intend to adapt the most efficient ways of secure message exchange, taking the resource-constrained FRTUs into account Finally we show some experiments to validate the protocols.