• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.89-96
• /
• 2023

Intrusion detection has been widely studied in both industry and academia, but cybersecurity analysts always want more accuracy and global threat analysis to secure their systems in cyberspace. Big data represent the great challenge of intrusion detection systems, making it hard to monitor and analyze this large volume of data using traditional techniques. Recently, deep learning has been emerged as a new approach which enables the use of Big Data with a low training time and high accuracy rate. In this paper, we propose an approach of an IDS based on cloud computing and the integration of big data and deep learning techniques to detect different attacks as early as possible. To demonstrate the efficacy of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities, using a convolutional neural network (CNN-IDS) with the distributed computing environment Apache Spark, integrated with Keras Deep Learning Library. We study the performance of the model in two categories of classification (binary and multiclass) using CSE-CIC-IDS2018 dataset. Our system showed a great performance due to the integration of deep learning technique and Apache Spark engine.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.346-353
• /
• 2021

In this proposal, we aim to enhance the security of systems accounts by improving the authentication techniques. We mainly intend to enhance the accuracy of the one-time passwords via including voice biometric and recognition techniques. The recognition will be performed on the server to avoid redirecting voice signatures by hackers. Further, to enhance the privacy of data and to ensure that the active user is legitimate, we propose to periodically update the activated sessions using a user-selected biometric factor. Finally, we recommend adding a pre-transaction re-authentication which will guarantee enhanced security for sensitive operations. The main novelty of this proposal is the use of the voice factor in the verification of the one-time password and the various levels of authentications for a full-security guarantee. The improvement provided by this proposal is mainly designed for sensitive applications. From conducted simulations, findings prove the efficiency of the proposed scheme in reducing the probability of hacking users' sessions.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.145-152
• /
• 2022

One of the impacts of Covid-19 on education systems has been the shift to online education. This shift has changed the way education is consumed and perceived by students. However, the exact nature of student perception about online education is not known. The aim of this study was to understand the perceptions of Saudi higher education students (e.g., post-school students) about online education during the Covid-19 pandemic. Various aspects of online education including benefits, features and cybersecurity were explored. The data collected were analysed using statistical techniques, especially artificial neural networks, to address the research aims. The key findings were that benefits of online education was perceived by students with positive experience or when ensured of safe use of online platforms without the fear cyber security breaches for which recruitment of a cyber security officer was an important predictor. The issue of whether perception of online education as a necessity only for Covid situation or a lasting option beyond the pandemic is a topic for future research.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.179-192
• /
• 2023

The widespread use of Cloud Computing, Internet of Things (IoT), and social media in the Information Communication Technology (ICT) field has resulted in continuous and unavoidable cyber-attacks on users and critical infrastructures worldwide. Traditional security measures such as firewalls and encryption systems are not effective in countering these sophisticated cyber-attacks. Therefore, Intrusion Detection and Prevention Systems (IDPS) are necessary to reduce the risk to an absolute minimum. Although IDPSs can detect various types of cyber-attacks with high accuracy, their performance is limited by a high false alarm rate. This study proposes a new technique called Fuzzy Logic - Objective Risk Analysis (FLORA) that can significantly reduce false positive alarm rates and maintain a high level of security against serious cyber-attacks. The FLORA model has a high fuzzy accuracy rate of 90.11% and can predict vulnerabilities with a high level of certainty. It also has a mechanism for monitoring and recording digital forensic evidence which can be used in legal prosecution proceedings in different jurisdictions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.799-800
• /
• 2023

최근 많은 기업체들은 점점 고도화되고 있는 사이버 공격 위협에 대응하기 위해 다양한 보안 솔루션 도입 및 종합적인 네트워크 보안 분석을 수행하고 있다. 하지만 보안 영역에 많은 자원과 예산을 투입할 여력이 없는 중소형 업체들은 특히 침해위협 탐지와 대응 결과시각화에 대한 어려움을 겪고 있다. 이에 따라 본 연구에서는 다중 사이버 보안 AI 모델구현을 통해 다각도의 사이버 침해위협 발생 가능성을 예측하고, 추가적으로 오픈소스 기반의 ELK 플랫폼을 통한 대응 결과 시각화를 구현하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.731-751
• /
• 2021

The Internet of Things is a huge group of devices communicating each other and the interconnection of objects in the network is a basic requirement. Choosing a reliable device is critical because malicious devices can compromise networks and services. However, it is difficult to create a trust management model due to the mobility and resource constraints of IoT devices. For the centralized approach, there are issues of single point of failure and resource expansion and for the distributed approach, it allows to expand network without additional equipment by interconnecting each other, but it has limitations in data exchange and storage with limited resources and is difficult to ensure consistency. Recently, trust management models using fog nodes and blockchain have been proposed. However, blockchain has problems of low throughput and delay. Therefore, in this paper, a trust management model for selecting reliable devices in a fog-based IoT environment is proposed by applying IOTA, a blockchain technology for the Internet of Things. In this model, Directed Acyclic Graph-based ledger structure manages trust data without falsification and improves the low throughput and scalability problems of blockchain.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.827-846
• /
• 2023

Recently, various information technologies such as network communication and sensors have begun to be integrated into weapon systems that were previously operated in stand-alone. This helps the operators of the weapon system to make quick and accurate decisions, thereby allowing for effective operation of the weapon system. However, as the involvement of the cyber domain in weapon systems increases, it is expected that the potential for damage from cyber attacks will also increase. To develop a secure weapon system, it is necessary to implement built-in security, which helps considering security from the requirement stage of the software development process. The U.S. Department of Defense is implementing the Risk Management Framework Assessment and Authorization (RMF A&A) process, along with the introduction of the concept of cybersecurity, for the evaluation and acquisition of weapon systems. Similarly, South Korea is also continuously making efforts to implement the Korea Risk Management Framework (K-RMF). However, so far, there are no cases where K-RMF has been applied from the development stage, and most of the data and documents related to the U.S. RMF A&A are not disclosed for confidentiality reasons. In this study, we propose the method for inferring the composition of the K-RMF based on systematic threat analysis method and the publicly released documents and data related to RMF. Furthermore, we demonstrate the effectiveness of our inferring method by applying it to the naval battleship system.