• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.307-318
• /
• 2005

Cyber crimes caused unpredictable damages by influencing targets with means such as hacking and virus in virtual space. In specific, they transcend time and space because of their anonymity and it is difficult to punish the people who are involved in crimes. To manage such cyber crimes, we need an international cooperative systems beyond difference in legal systems between countries and 'Global Governance' was prepared as a reasonable alternative. These days, governance has been presented as an important concept to explain changed social systems or changed roles of government. It was not just a concept to replace traditional government of a single nation, but to overcome new problems on social actions of humans. So it is expected that it can help prepare reasonable measures through cooperation both in individuals and systems, and public and civil sectors. To countermeasure cyber crimes in terms of global governance, we can prepare general investigation systems and professional human resources through civil and public assistance, and provide a base on which international cooperation systems can be established.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.4
• /
• pp.175-181
• /
• 2024

The U.N. Security Council's North Korea Sanctions Committee estimated that the amount of North Korea's cyberattacks on virtual asset-related companies from 2017 to 2023 was about 4 trillion won. North Korea's cyberattacks have secured funds through cryptocurrency hacking as it has been restricted from securing foreign currency due to economic sanctions by the international community, and it also shows the form of technology theft against defense companies, and illegal assets are being used to maintain the Kim Jong-un regime and develop nuclear and missile development. When North Korea conducted its sixth nuclear test on September 3, 2017, and declared the completion of its national nuclear armament following the launch of an intercontinental ballistic missile on November 29 of the same year, the U.N. imposed sanctions on North Korea, which are considered the strongest economic sanctions in history. In these difficult economic situations, North Korea tried to overcome the crisis through cyberattacks, but as a result of analyzing the changes through the North's cyber attack cases, the strategic goal from the first period from 2009 to 2016 was to verify and show off North Korea's cyber capabilities through the neutralization of the national network and the takeover of information, and was seen as an intention to create social chaos in South Korea. When foreign currency earnings were limited due to sanctions against North Korea in 2016, the second stage seized virtual currency and secured funds to maintain the Kim Jong-un regime and advance nuclear and missile development. The third stage is a technology hacking of domestic and foreign defense companies, focusing on taking over key technologies to achieve the five strategic weapons tasks proposed by Chairman Kim Jong-un at the 8th Party Congress in 2021. At the national level, security measures for private companies as well as state agencies should be established against North Korea's cyberattacks, and measures for legal systems, technical problems, and budgets related to science are urgently needed. It is also necessary to establish a system and manpower to respond to the ever-developing cyberattacks by focusing on cultivating and securing professional manpower such as white hackers.

• The KIPS Transactions:PartD
• /
• v.14D no.4 s.114
• /
• pp.363-372
• /
• 2007

Password, a traditional user confirmation method that is used for more than 100 years, has become useless as a lot of transactions are dealt by indirect contacts. As a result, an alternative for password is required now. In this paper, we propose a novel confirmation method, which is called Brain-Key. It uses an indirect password input method. It reduces the risks due to hacking, and prevents a big credit accident because it prevents passwords to be reused. Our proposed model has general applicability so that it can be applied in domestic market as well as international markets. This research may provide solutions for the security problems in the electronic commerce.

• International journal of advanced smart convergence
• /
• v.10 no.3
• /
• pp.122-130
• /
• 2021

This study is about an Artificial Intelligence-based fake news identification system and its methods to determine the authenticity of content distributed over the Internet. Among the news we encounter is news that an individual or organization intentionally writes something that is not true to achieve a particular purpose, so-called fake news. In this study, we intend to design a system that uses Artificial Intelligence techniques to identify fake content that exists within the news. The proposed identification model will propose a method of extracting multiple unit factors from the target content. Through this, attempts will be made to classify unit factors into different types. In addition, the design of the preprocessing process will be carried out to parse only the necessary information by analyzing the unit factor. Based on these results, we will design the part where the unit fact is analyzed using the deep learning prediction model as a predetermined unit. The model will also include a design for a database that determines the degree of fake news in the target content and stores the information in the identified unit factor through the analyzed unit factor.

• International journal of advanced smart convergence
• /
• v.10 no.3
• /
• pp.131-142
• /
• 2021

Recently, there has been an active service that provides customized news to news subscribers. In this study, we intend to design a customized news service system through Deep Learning-based Social Network Service (SNS) activity analysis, applying real news and avoiding fake news. In other words, the core of this study is the study of delivery methods and delivery devices to provide customized news services based on analysis of users, SNS activities. First of all, this research method consists of a total of five steps. In the first stage, social network service site access records are received from user terminals, and in the second stage, SNS sites are searched based on SNS site access records received to obtain user profile information and user SNS activity information. In step 3, the user's propensity is analyzed based on user profile information and SNS activity information, and in step 4, user-tailored news is selected through news search based on user propensity analysis results. Finally, in step 5, custom news is sent to the user terminal. This study will be of great help to news service providers to increase the number of news subscribers.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.177-183
• /
• 2015

Cross Site Scripting enables hackers to steal other user's information (such as cookie, session etc.) or to do abnormal functions automatically using vulnerability of web application. This attack patterns of Cross Site Scripting(XSS) can be divided into two types. One is Reflect XSS which can be executed in one request for HTTP and its reply, and the other is Stored XSS which attacks those many victim users whoever access to the page which accepted the payload transmitted. To correspond to these XSS attacks, some measures have been suggested. They are data validation for user input, output validation during HTML encoding procedures, and removal of possible risk injection point to prevent from trying to insert malicious code into web application. In this paper, the methods and procedures for these two types are explained and a penetration testing is done. With these suggestions, the attack by XSS could be understood and prepared by its countermeasures.

• Korea Trade Review
• /
• v.47 no.1
• /
• pp.163-180
• /
• 2022

The purpose of this study is to examine the extent to which smart contracts can be applied to the software export business and to find out the legislative issues to activate smart contracts. A smart contract is a computer program that automatically executes a contract when conditions are fulfilled. Smart contracts can play a pivotal role in the field that requires immediate execution of contract or in a highly standardized field with multiple parties involved. In the software export business, it is desirable to apply the smart contract partially rather than applying the smart contract to the entire process because various parties are involved and the process is very complicated. The business model of exporting packaged software, a completed software that is mainly licensed for use, rather than the business model of exporting customized software is suitable for using smart contracts because the project for implementing customized software is mainly focused in the development stage. When smart contracts are used in processes such as contract signing, payment, and project management, work efficiency can be increased. In addition, smart contracts can be used when conditions can be quantified, such as error penalties, in areas that previously required contracts with third parties such as banks, guarantors. In order for smart contracts to be actively used in practice, legal reviews on various issues are necessary including the legality of a smart contract and the validity as an electronic document of NFT (non-fungible token) certificate. Also, for the system stability preventing hacking, etc, the periodic verification or inspection by a third party is essential. To activate smart contracts in international transactions the international treaty regarding smart contracts is also necessary.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.77-82
• /
• 2016

IoT technology was selected as one of IT 10 strategic technologies by gartner from 2013 to 2015, and implements advanced smart society while enabling interaction between people and things. Because IoT devices are connected to the Internet, they are involved in issues including exposure of private lives, for example, hacking to result in wireless signal interference, data theft, data modification and forgery and service denial, and critical security issues including threat to national confidential information and facilities. This study aims to suggest a method for examining threats to security through IP exposure of IoT devices and examining related problems to minimize threats to security through IP exposure including exposure of private lives or damages to the national infrastructure system.

• Journal of the Korean Society for information Management
• /
• v.20 no.1
• /
• pp.301-320
• /
• 2003

The rapidly increasing use of the Internet and advancement of the communication network, the explosive growth of digital contents from personal home pages to professional information service the emerging file exchange service and the development of hacking techniques . these are some of the trends contributing to the spread of illegal reproduction and distribution of digital contents, thus threatening the exclusive copyrights of the creative works that should be legally protected Accordingly, there is urgent need for a digital copyright management system designed to provide centralized management while playing the role of bridge between the copyright owners and users for smooth trading of the rights to digital contents, reliable billing, security measures, and monitoring of illegal use. Therefore, in this study, I examined the requirements of laws and systems for the introduction of the centralized management system to support smooth distribution of digital contents, and also researched on the current status of domestic and international centralized management system for copyrights. Furthermore, 1 tried to provide basic materials for the standardization of digital contents copyright management information through the examination of the essential elements of the centralized digital contents management such as the system for unique identification the standardization for data elements, and the digital rights management (DHM) .