• Journal of Information Processing Systems
• /
• v.15 no.3
• /
• pp.632-644
• /
• 2019

The remote monitoring and warning system for dangerous chemicals is designed with the concept of the Cyber-Physical System (CPS) in this paper. The real-time perception, dynamic control, and information service of major hazards chemicals are realized in this CPS system. The CPS system architecture, the physical layer and the applacation layer, are designed in this paper. The terminal node is mainly composed of the field collectors which complete the data acquisition of sensors and video in the physical layers, and the use of application layer makes CPS system safer and more reliable to monitor the hazardous chemicals. The cloud application layer completes the risk identification and the prediction of the major hazard sources. The early intelligent warning of the major dangerous chemicals is realized and the security risk images are given in the cloud application layer. With the CPS technology, the remote network of hazardous chemicals has been completed, and a major hazard monitoring and accident warning online system is formed. Through the experiment of the terminal node, it can be proved that the terminal node can complete the mass data collection and classify. With this experiment it can be obtained the CPS system is safe and effective. In order to verify feasible, the multi-risk warning based on CPS is simulated, and results show that the system solves the problem of hazardous chemicals enterprises safety management.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.347-350
• /
• 2016

Analysis of vulnerability of the software for risk. The weakness of the software material, the importance of strengthening security in accordance with financial damage occurred is emerging. There is a potential risk factor not only from the case, the manufacturing to use the software company that appropriate to use a software business and personal risk of loss to size.In this paper due to diagnose and vulnerabilities in software, diagnosis, the curriculum and to cultivate a diagnostic guide, and security vulnerabilities in software.Proposal system for increased.

• Annual Conference of KIPS
• /
• 2016.04a
• /
• pp.225-228
• /
• 2016

CPS(Cyber Physical System)는 사이버 세계(cyber world)와 물리적 세계(physical word)를 연결하여, 현실과 사이버의 정보를 융합 분석하고, 분석한 데이터를 현실에 Feedback 하는 자동적이고 지능적인 제어 시스템이다. 이러한 CPS는 빅데이터를 분석하여 사용자에게 알맞은 정보를 제공해 주며 딥러닝(Deep Learning)을 통해 정확하고 세밀한 Feedback을 제공하는 등 이종 복합 시스템 간의 고신뢰성과 실시간성을 보장하는 무결점 자율 제어 시스템으로 주목 받고 있다. 실생활에서는 의료, 헬스케어, 교통, 에너지, 홈, 국방, 재난대응, 농업, 제조 등에서 폭 넓게 사용되고 있다. 해외에서는 이와 같은 CPS를 이용해 한 분야에 세밀하게 접목시켜 발전을 도모하며, CPS에 의해 변혁되는 데이터 구동형 사회를 준비하고 있다. 하지만, 이러한 CPS를 사용할 때, 보안의 문제점으로 대규모 정전사태가 발생하고, 생명을 위협하는 등의 취약점 또한 드러나고 있어 이에 대한 보안의 중요성과 CPS의 적용분야를 파악하여 전반적인 보안 문제점을 분석하고자 한다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.4
• /
• pp.457-467
• /
• 2002

In order to simulate cyber attacks and predict network behavior by attacks, we should represent attributes of network components in the simulation model, and should express characteristics of systems that carry out various cyber attacks and defend from these attacks. To simulate how network load may change under the cyber attacks, we extended SSF[9, 10] that is process-based event-oriented simulation system. We added a firewall class and a packet manipulator into the SSFNet that is a component of SSF. The firewall class, which is related to the security, is to simulate cyber attacks, and the packet manipulator is a set of functions to write attack programs for the simulation. The extended SSFNet enables to simulate a network with the security systems and provides advantages that make easy to port already exsiting attack programs and apply them to the simulation evironment. We made a vitual network model to verify operations of the added classes, and simulated a smurf attack that is a representative denial of sevive attack, and observed the network behavior under the smurf attack. The results showed that the firewall class and packet manipulator developed in this paper worked normaly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1403-1412
• /
• 2019

Effect of damage and loss cost for downtime is huge, if physical devices such as turbines, pipe, and storage tanks are in the abnormal state originated from not only aging, but also cyber attacks on the control and monitoring system like PLC (Programmable Logic Controller). To improve availability and dependability of the physical devices, we design and implement an indirect health monitoring system which sense temperature, acceleration, current, etc. indirectly, and put sensor data into Influx DB in real-time. Then, the actual performance of detecting abnormal state is shown using the indirect health monitoring system. Analyzing data are acquired using the real-time indirect health monitoring system, abnormal state and security threats can be double-monitored and lower maintenance cost utilizing prognostics and health management.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.1034-1037
• /
• 2013

ICT infrastructure is electronic control systems or communication network related to national security, public administration, defense, policing, finance. Water resources sector has been building a system of control that can be performed electronically, communications, management, energy, and other work-related. Water resources sector has been a paradigm shift in water management and the control system is integrated into a single network. The control system security vulnerabilities are exposed - other control networks, business networks, linking with outside agencies, etc. Cyber terrorist society can cause a huge mess economically, The importance of security for control systems is becoming. In this paper, ICT infrastructure - the water resources in the field of control systems will analysis security measures.

• Nuclear Engineering and Technology
• /
• v.55 no.1
• /
• pp.25-36
• /
• 2023

Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.237-249
• /
• 2010

If one analyzes recent cyber incidents including personal information infringement cases, it seems like actual attack is targeting Internet service providers but actually they are targeting Internet service users. For many users, all the services were not provided to them as they have signed for in the contract or personal informations, which users have provided to service providers when signing contracts, were disclosed to public without users' consent causing aftereffect. As a result, importance of S-SLA indexes, which is to be included in the SLA to be signed between a user and a service provider, is ever more increasing. Especially, if there is a S-SLA indexes for anti-virus services, service providers have to provide a high quality of service as they have signed in the SLA. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in anti-virus services and proposes S-SLA indexes for different security level.

• Journal of the Semiconductor & Display Technology
• /
• v.23 no.3
• /
• pp.108-114
• /
• 2024

This study details the development of YARA rules and a detection program specifically designed to identify malware in HWP documents, a common target in cyber-attacks within South Korea. By thoroughly analyzing the unique structural features of HWP files, we developed precise YARA rules that were subsequently integrated into a custom detection tool. The program was rigorously tested on a dataset of benign and malicious HWP documents, demonstrating high detection accuracy and a low false-positive rate. This research offers a robust and practical solution for enhancing cybersecurity in environments where HWP files are frequently used, contributing valuable tools for the targeted detection of document-based malware.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.39-48
• /
• 2022

Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.