• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.341-347
• /
• 2022

This research is designed to help and offer hold up to complete the requirements of aged and disable in a home. The control approach and the tone approach are used to manage the house appliances. The major organize system implementation in technology of wireless to offer distant contact from a phone Internet Protocol connectivity for access and calculating strategy and appliance remotely. The planned system no need a committed server PC with value of parallel systems and offers a new communication-protocol to observe and control a house environment with more than just the switch functionality. To express the possibility and efficiency of this system, devices like as lights switches, power plugs, and motion-sensors have been included with the planned home control system and supply more security manage on the control with low electrical energy activate method. The rank of switches is corresponding in all this control system whereby all user interfaces indicate the real time existing status. This system planned to manage electrical-appliances and devices in house with reasonably low cost of design, user friendly interface, easily install and provide high security. Research community generally specified that the network "Reconnaissance Attacks" in IPv6 are usually impossible due to they will take huge challenge to carry out address scanning of 264 hosts in an IPv6 subnet."It being deployed of IPv6 shows that it definitely enhances security and undermines the probability". This research of the IPv6 addressing-strategies at present utilizes and planned a new strategy and move toward to "mitigate reconnaissance attacks".

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.99-107
• /
• 2019

The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.15-24
• /
• 2020

Cyber terror and cyberwarfare are no longer virtual, but real, and as an actual security situation, it is necessary to have new understanding through expanding the concept of war to neutralize not only the other country's military command system, but also the country's main functions such as telecommunications, energy, finance, and transport systems, and it also needs to establish the future development strategy of cyber terror response at the national level. Through analysis of cyberwarfare trends in each country and current status of cyberwarfare in Korea, it will systematically explore the demand of new policy based on laws and systems, including the strategies of cyber security technology development, industry promotion, and manpower training and existing information protection policies. through this, it effectively manages a sustainable national crisis, and it suggests to establish a future strategy for the medium and long term cyber security that can effectively and actively respond to cyberwarfare.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5631-5652
• /
• 2019

The existing defense strategy selection methods based on game theory basically select the optimal defense strategy in the form of mixed strategy. However, it is hard for network managers to understand and implement the defense strategy in this way. To address this problem, we constructed the incomplete information stochastic game model for the dynamic analysis to predict multi-stage attack-defense process by combining Bayesian game theory and the Markov decision-making method. In addition, the payoffs are quantified from the impact value of attack-defense actions. Based on previous statements, we designed an optimal defense strategy selection method. The optimal defense strategy is selected, which regards defense effectiveness as the criterion. The proposed method is feasibly verified via a representative experiment. Compared to the classical strategy selection methods based on the game theory, the proposed method can select the optimal strategy of the multi-stage attack-defense process in the form of pure strategy, which has been proved more operable than the compared ones.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.359-360
• /
• 2019

본 논문에서는 2018년에 성횡한 악성코드에 대한 피해 사례를 살펴본 후 이를 적극적으로 대응하기 위한 방안을 살펴본다. 특히 가상통화 거래소에 대한 해킹 사고 및 가상화폐에 대한 지속적인 해킹 시도가 탐지되면서 관련 소식들이 언론에 지속적으로 보도되었다. 또한 이와 관련하여 PC 및 서버 자원을 몰래 훔쳐 가상통화 채굴에 사용하는 크립토재킹 공격기법도 함께 주목받았다. 랜섬웨어 부문은 갠드크랩 관련 보도가 대부분을 차지할 정도로 국내에서 지속적으로 이슈가 되었다. 또한 미국 법무부에서 최초로 북한 해커조직의 일원을 재판에 넘기면서 해커 그룹에 대한 관심이 집중되기도 했다. 2018년 전반적으로 이러한 가상통화 거래소 해킹, 크립토재킹, 랜섬웨어, 해커 그룹의 4가지 키워드를 도출하였으며, 이 중 해커 그룹은 북한과 중국의 경우를 나누어 총 5가지 주제를 통해 악성코드에 대한 주요 이슈들을 살펴본다. 본 논문에서는 이러한 악성코드의 공격을 근본적으로 해결할 수 있는 방안으로 클라이언트 측에 USB형태의 BBS(Big Bad Stick) 하드웨어를 통하여 제안하는 환경을 제안하고 안전한 서비스가 제공됨을 증명하여 본 연구가 새로운 보안성을 갖춘 시스템임을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5260-5275
• /
• 2019

In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

• Korean Security Journal
• /
• no.36
• /
• pp.177-200
• /
• 2013

As we enter a high industrial society that widens the gap between the rich and poor, demand for the security services has grown explosively. With the growth in quantitative expansion of security services, people have also placed increased requirements on more sophisticated and diversified security services. Consequently, market outlook for private security services industry is positive. However, Korea's private security services companies are experiencing difficulties in finding a direction to capture this new market opportunity due to their small sizes and lack of management-strategic thinking skills. Therefore, we intend to offer a direction of development for our private security services industry using a management-strategy theory and the Analytic Hierarchy Process(AHP), a structured decision-making method. A resource-based theory is one of the important management strategy theories. It explains that a company's overall performance is primarily determined by its competitive resources. Using this theory, we could analyze a company's unique resources and core competencies and set a strategic direction for the company accordingly. The usefulness and validity of this theory has been demonstrated as it has often been subject to empirical verification since 1990s. Based on this theory, we outlined a set of basic procedures to establish a management strategy for the private security services companies. We also used the AHP method to identify competitive resources, core competencies, and strategies from private security services companies in contrast with public companies. The AHP method is a technique that can be used in the decision making process by quantifying experts' knowledge and unstructured problems. This is a verified method that has been used in the management decision making in the corporate environment as well as for the various academic studies. In order to perform this method, we gathered data from 11 experts from academic, industrial, and research sectors and drew distinctive resources, competencies, and strategic direction for private security services companies vis-a-vis public organizations. Through this process, we came to the conclusion that private security services companies generally have intangible resources as their distinctive resources compared with public organization. Among those intangible resources, relational resources, customer information, and technologies were analyzed as important. In contrast, tangible resources such as equipment, funds, distribution channels are found to be relatively scarce. We also found the competencies in sales and marketing and new product development as core competencies. We chose a concentration strategy focusing on a particular market segment as a strategic direction considering these resources and competencies of private security services companies. A concentration strategy is the right fit for smaller companies as a strategy to allow them to focus all of their efforts on target customers in a single segment. Thus, private security services companies would face the important tasks such as developing a new market and appropriate products for such market segment and continuing marketing activities to manage their customers. Additionally, continuous recruitment is required to facilitate the effective use of human resources in order to strengthen their marketing competency in a long term.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.374-381
• /
• 2022

The article identifies and theoretically substantiates the trends of national resilience in the context of establishing the security of the country and its civilizational subjectivity. The strategy of development of the pedagogical university in the conditions of European integration into the European educational and scientific space based on certain characterological features of the personality of the volunteer in the context of allocation of personal resilience is developed. The analysis of both external and internal challenges and threats to the civilization of the country needs to be understood in the context of economic, socio-political, legal, military-political, spiritual-cultural, educational-scientific and network-information resilience. The concepts of "national resilience" and "national security" are quite close - at first glance, even identical. However, a deeper understanding clarifies the differences: national security is a state of protection of the country identity and its very existence, the realization of its national interests. In turn, resilience is a fairly effective strategy and a fundamental guarantee of national security. At the same time, it is extremely important to understand that both national security as a state and national resilience as a strategy are only means of achieving and developing a strong and humanistic civilizational subjectivity of the country. After all, such subjectivity opens for citizens the opportunity for development, dignified self-realization and a proper life. The restructuring of the volunteer's motivational sphere is due to the dominance of such leading motives, which are focused mainly on maintaining and restoring health, which leads to distorted meaningful life goals: isolation, alienation, passivity, inertia, reduced activity, limited communication, etc. The characteristics of relatively stable human behavior include several primary and secondary properties. The primary (relevant) properties include patience, trust, hope, faith, confidence, determination, perseverance, and love; the secondary - punctuality, neatness, obedience, honesty, loyalty, justice, diligence, thrift, accuracy, conscientiousness, obligation, etc. The restructuring of the volunteer's motivational sphere is due to the dominance of such leading motives, which are focused mainly on maintaining and restoring health, which leads to distorted meaningful life goals: isolation, alienation, passivity, inertia, reduced activity, limited communication, etc. The characteristics of relatively stable human behavior include several primary and secondary properties. The primary (relevant) properties include patience, trust, hope, faith, confidence, determination, perseverance, and love; the secondary - punctuality, neatness, obedience, honesty, loyalty, justice, diligence, thrift, accuracy, conscientiousness, obligation, etc. The use of information and communication technologies in volunteering will contribute to the formation of resilience traits in the structure of personality formation. Directly to the personal traits of resilience should be included methodological competencies, which include methodological knowledge, skills and abilities (ability to define ultimate and intermediate goals, plan, conduct and analyze knowledge, establish and implement interdisciplinary links with disciplines of medical-psychological-pedagogical cycles, etc.). All these competencies form the professional resilience of the volunteer.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.83-91
• /
• 2010

Information security is a critical issue for national defense. This paper provides a result of a study on the countermeasures to the North Korean Asymmetric Strategy-'Cyber Surprise Attack'. After the attack on Yeonpyeong island, the North Korea threatened there will be more surprise attack to the South Korea. Based on the analysis of 'Stuxnet' cyber attack to Iran and China, the North Korean surprise attack may be 'Stuxnet'class cyber attack. This paper several strategic countermeasures in order to overcome the anticipated the North Korean cyber surprise attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.127-146
• /
• 2010

This report has continuously improved in Information Security Level of Information Communication Service Companies which are applicable to Information Security Safety Inspection System. Also, it presents a decided methodology after verified propriety and considered the pre-research or expropriation by being developed the way of Information Security Safety Result Measurement. Management territory weighted value was established and it was given according to the point of view and the strategy target and the and outcome index to consider overall to a measurement item. Accordingly, an outome to the Information Security Check Service is analyzed by this paper and measurement model and oucome analysis methodology are shown with this, and gives help to analyze an outcome. Also it make sure the the substantial information security check service will be accomplished, prevent a maintenance accident beforehand and improve an enterprise outcome independently by institutional system performance securement and enterprise.g corporate performance.