• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1528-1531
• /
• 2011

최근 악성봇은 해커에 의해 원격 조정되어 명령에 의해 스팸메일 발송, DDoS 공격 등의 악성행위를 수행하는 웜/바이러스이다[2]. 악성봇은 이전의 웜/바이러스와 달리 금전적인 이득을 목적으로 하는 것이 많아 작게는 일상생활의 불편함으로부터 크게는 사회적, 국가적으로 악영향을 주고 있다. 국내에서는 이러한 위험을 방어하기 위한 효과적인 대응 방법으로 DNS 싱크홀을 운영 하고 있다. 본 논문에서는 DNS 싱크홀 운영 중 수집한 봇 명령/제어 (Command and Control, C&C) 도메인을 Internet Service Provider (ISP) DNS 싱크홀 시스템에 적용하는 과정에서 나타나는 문제점을 효과적으로 해결 하기 위한 DNS Response Policy Zone(RPZ)을 이용한 DNS 싱크홀 운영 방안을 제시 하였다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.10 no.6
• /
• pp.580-586
• /
• 2017

The establishment of big data service environment requires both cloud-based network technology and clustering technology to improve the efficiency of information access. These cloud-based networks and clustering environments can provide variety of valuable information in real-time, which can be an intensive target of attackers attempting illegal access. In particular, attackers attempting IP spoofing can analyze information of mutual trust hosts constituting clustering, and attempt to attack directly to system existing in the cluster. Therefore, it is necessary to detect and respond to illegal attacks quickly, and it is demanded that the security policy is stronger than the security system that is constructed and operated in the existing single system. In this paper, we investigate routing pattern changes and use them as detection information to enable active correspondence and efficient information service in illegal attacks at this network environment. In addition, through the step-by -step encryption based on the routing information generated during the detection process, it is possible to manage the stable service information without frequent disconnection of the information service for resetting.

• Journal of the military operations research society of Korea
• /
• v.33 no.2
• /
• pp.115-127
• /
• 2007

The army developed the ATCIS(Army Tactical Command Information System) for the battlefield information system with share the command control information through the realtime. The using the public key and the encryption equipment in the ATCIS is enough to the confidentiality, integrity. but, it is vulnerable about the availability with the zero day attack. In this paper, we implement the worm propagation simulation on the ATCIS infrastructure through the modelling on the ATCIS operation environment. We propose the countermeasures based on the results from the simulation.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.85-88
• /
• 2020

최근 악성코드의 발전은 사이버 위협의 전방면에 걸쳐 영향을 주고 있다. DDoS, APT를 포함한 스팸 발송 등과 같은 사이버 공격은 악성코드를 기반으로 한다. 또한 이에 대응하기 위해 다양한 형태의 악성코드 솔루션이 존재하고 있다. 악성코드 솔루션은 오픈소스와 상업용 프로그램으로 나눌 수 있는데 상업용 프로그램은 악성코드뿐만 아니라 PC관리의 전반적인 부분을 담당하고 있다. 악성코드를 탐지하는 방법은 시그니처 방식과 해시DB를 이용한 방식 등 다양한 방식이 있다. 본 논문에서는 오픈소스기반 악성코드 솔루션을 비교하여 어떠한 방식이 더 효과적인가를 분석하였다. 이를 통해 악성코드 방지 프로그램을 개발하려는 개발자가 비용효과적인 악성코드 탐지 방법을 잘 선택할 수 있는 가이드라인을 제공한다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.6
• /
• pp.835-844
• /
• 2018

Recently, as the number of smartphone users has been increasing worldwide, various services such as electronic payment, internet use, and financial settlement are being used as a smartphone. In addition, researches for home appliance control and automobile control using smartphone are conducted. As such, smartphone users can enjoy a more convenient life, but by hacking smartphones, tapping texts and conversations on smartphones, tracking location through spy apps, DDoS attacks using smartphones, and malicious apps When a message is received at a specific telephone number when using a micropayment, the corresponding text message is transmitted to a remote server, thereby increasing the risk of leakage of personal information and the like. Therefore, in this paper, we define the risk factors of the smartphone that are caused by the internal and external environmental, physical, contents (apps) of the smartphone through the smartphone that we use in real life, We propose a method to check vulnerability of smartphone security solution such as CC evaluation and the most effective response technique for each risk of smartphone by defining the technique.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.9
• /
• pp.675-684
• /
• 2009

Internet worm can cause a traffic problem through DDoS(Distributed Denial of Services) or other kind of attacks. In those manners, it can compromise the internet infrastructure. In addition to this, it can intrude to important server and expose personal information to attacker. However, current detection and response mechanisms to worm have many vulnerabilities, because they only use local characteristic of worm or can treat known worms. In this paper, we propose a new framework to detect unknown worms. It uses macroscopic characteristic of worm to detect unknown worm early. In proposed idea, we define the macroscopic behavior of worm, propose a worm detection method to detect worm flow directly in IP packet networks, and show the performance of our system with simulations. In IP based method, we implement the proposed system and measure the time overhead to execute our system. The measurement shows our system is not too heavy to normal host users.

• Korean Security Journal
• /
• no.39
• /
• pp.185-215
• /
• 2014

Since North Korea has used terror crime as a means of unification under communism against South Korea, South Korea has been much damaged until now. And the occurrence possibility of terror crime by North Korean authority is now higher than any other time. The North Korean terror crimes of Kim Il Sung era had been committed by the dictator's instruction with the object of securing governing fund. However, looking at the terror crimes committed for decades during Kim Jung Il authority, it is revealed that these terror crimes are expressed as a criminal behavior because of the conflict to accomplish the power and economic advantage non powerful groups target. This study focused on the power conflict in various causes of terror crimes by applying George B. Vold(1958)'s theory which explained power conflict between groups became a factor of crime, and found the aspect by ages of terror crime behavior by North Korean authority and responding plan to future North Korean terror crime. North Korean authority high-ranking officials were the Labor Party focusing on Juche Idea for decades in Kim Il Sung time. Afterwards, high-ranking officials were formed focusing on military authorities following Military First Policy at the beginning of Kim Jung Il authority, rapid power change has been done for recent 10 years. To arrange the aspect by times of terror crime following this power change, alienated party executives following the support of positive military first authority by Kim Jung Il after 1995 could not object to forcible terror crime behavior of military authority, and 1st, 2nd Yeongpyeong maritime war which happened this time was propelled by military first authority to show the power of military authority. After 2006, conservative party union enforced censorship and inspection on the trade business and foreign currency-earning of military authority while executing drastic purge. The shooting on Keumkangsan tourists that happened this time was a forcible terror crime by military authority following the pressure of conservative party. After October, 2008, first military reign union executed the launch of Gwanmyungsung No.2 long-range missile, second nuclear test, Daechung marine war, and Cheonanham attacking terror in order to highlight the importance and role of military authority. After September 2010, new reign union went through severe competition between new military authority and new mainstream and new military authority at this time executed highly professionalized terror crime such as cyber/electronic terror unlike past military authority. After July 2012, ICBM test launch, third nuclear test, cyber terror on Cheongwadae homepage of new mainstream association was the intention of Km Jung Eun to display his ability and check and adjust the power of party/military/cabinet/ public security organ, and he can attempt the unexpected terror crime in the future. North Korean terror crime has continued since 1980s when Kim Jung Il's power succession was carried out, and the power aspect by times has rapidly changed since 1994 when Kim Il Sung died and the terror crime became intense following the power combat between high-ranking officials and power conflict for right robbery. Now South Korea should install the specialized department which synthesizes and analyzes the information on North Korean high-ranking officials and reinforce the comprehensive information-collecting system through the protection and management of North Korean defectors and secret agents in order to determine the cause of North Korean terror crime and respond to it. And South Korea should participate positively in the international collaboration related to North Korean terror and make direct efforts to attract the international agreement to build the international cooperation for the response to North Korean terror crime. Also, we should try more to arrange the realistic countermeasure against North Korean cyber/electronic terror which was more diversified with the expertise terror escaping from existing forcible terror through enactment/revision of law related to cyber terror crime, organizing relevant institute and budget, training professional manpower, and technical development.