• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.17-31
• /
• 2020

With the rapid development of block chain technology, attempts have been made to put the block chain technology into practical use in various fields such as finance and logistics, and also in the public sector where data integrity is very important. Defense Operations In addition, strengthening security and ensuring complete integrity of the command communication network is crucial for operational operation under the network-centered operational environment (NCOE). For this purpose, it is necessary to construct a command communication network applying the block chain network. However, the block chain technology up to now can not solve the security issues such as the 51% attack. In particular, the Practical Byzantine fault tolerance (PBFT) algorithm which is now widely used in blockchain, does not have a penalty factor for nodes that behave maliciously, and there is a problem of failure to make a consensus even if malicious nodes are more than 33% of all nodes. In this paper, we propose a Adaptive Consensus Bound PBFT (ACB-PBFT) algorithm that incorporates a penalty mechanism for anomalous behavior by combining the Trust model to improve the security of the PBFT, which is the main agreement algorithm of the blockchain.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.31-41
• /
• 2012

The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case, if there are any, at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. The enterprise forensics, moreover, it is impossible to acquire and duplicate hard disk drives in mass storage server, database server and cloud environments. Therefore, it is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation. On the other hand, if we acquire essential digital evidences from target computer, it is not forensically sound to collect just files. We need to use standard digital evidence container from various sources to prove integrity and probative of evidence. In this article, we describe a new digital evidence container, we called Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.7
• /
• pp.303-310
• /
• 2013

As the role of software increases in computing environments, issues in software security become more important problems. Dynamic taint analysis is a technique to trace and manage tainted data originated from unreliable sources during the execution of a program. This analysis can be applied to software security verification as well as software behavior understanding, testing unexpected errors, or debugging. In the previous researches, they focussed only to show the analysis results of dynamic taint analysis, and they did not logically describe propagation process of tainted data and analysis procedures. So, there were difficulties in understanding the analysis procedures or applying to other analysis. In this paper, by theoretically describing the analysis procedure, we logically show how the propagation process of tainted data can be traced, and present a theoretical model for dynamic taint analysis. In addition, we verify the correctness of the proposed model by implementing an analyser, and show that propagation of tainted data can be traced by the model. The proposed model can be applied to understand the analysis procedures of data flows in dynamic taint analysis, and can be used as an base knowledge for designing and implementing analysis method, which applies such analysis method.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.75-83
• /
• 2021

With the development of the IT industry and the increase of cultural activities, the demand for works increases, and they can be used easily and conveniently in an online environment. Accordingly, copyright infringement is seriously occurring due to the ease of copying and distribution of works. Some special types of Online Service Providers (OSP) use filtering-based technology to protect copyrights, but they can easily bypass them, and there are limits to blocking all illegal works, making it increasingly difficult to protect copyrights. Recently, most of the distributors of illegal works are a certain minority, and profits are obtained by distributing illegal works through many OSP and majority ID. In this paper, we propose a profiling technique for heavy uploader, which is a major analysis target based on illegal works. Creates a feature containing information on overall illegal works and identifies major heavy uploader. Among these, clustering technology is used to identify heavy uploader that are presumed to be the same person. In addition, heavy uploaders with high priority can be analyzed through illegal work Distributor tracking and behavior analysis. In the future, it is expected that copyright damage will be minimized by identifying and blocking heavy uploader that distribute a large amount of illegal works.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.458-460
• /
• 2021

The provision and application of public safety network in Korea is still insufficient for security response to the mobile app of public safety network in the stages of development, initial construction, demonstration, and initial service. The available terminals on the Disaster Safety Network (PS-LTE) are open, Android-based, dedicated terminals that potentially have vulnerabilities that can be used for a variety of mobile malware, requiring preemptive responses similar to FirstNet Certified in U.S and Google's Google Play Protect. In this paper, before listing the application service app on the public safety network mobile app store, we construct a data set for malicious and normal apps, extract features, select the most effective AI model, perform static and dynamic analysis, and analyze Based on the result, if it is not a malicious app, it is suggested to list it in the App Store. As it becomes essential to provide a service that blocks malicious behavior app listing in advance, it is essential to provide authorized authentication to minimize the security blind spot of the public safety network, and to provide certified apps for disaster safety and application service support. The safety of the public safety network can be secured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.263-279
• /
• 2024

With the increasing trend of Cloud migration, security threats in the Cloud computing environment have also experienced a significant increase. Consequently, the importance of efficient incident investigation through log data analysis is being emphasized. In Cloud environments, the diversity of services and ease of resource creation generate a large volume of log data. Difficulties remain in determining which events to investigate when an incident occurs, and examining all the extensive log data requires considerable time and effort. Therefore, a systematic approach for efficient data investigation is necessary. CloudTrail, the Amazon Web Services(AWS) logging service, collects logs of all API call events occurring in an account. However, CloudTrail lacks insights into which logs to analyze in the event of an incident. This paper proposes an automated analysis framework that integrates Cloud Matrix and event information for efficient incident investigation. The framework enables simultaneous examination of user behavior log events, event frequency, and attack information. We believe the proposed framework contributes to Cloud incident investigations by efficiently identifying critical events based on the ATT&CK Framework.

• Journal of the Earthquake Engineering Society of Korea
• /
• v.20 no.4
• /
• pp.201-209
• /
• 2016

Damages of large embankment dams by recent strong earthquakes in the world highlight the importance of seismic security of dams. Some of recent dam construction projects for water storage and hydropower are located in highly seismic zone, hence the seismic performance evaluation is an important issue. While state-of-the-art numerical analysis technology is generally utilized in practice for seismic performance evaluation of large dams, physical modeling is also carried out where new construction technology is involved or numerical analysis technology cannot simulate the behavior appropriately. Geotechnical centrifuge modeling is widely adopted in earthquake engineering to simulate the seismic behavior of large earth structures, but sometimes it can't be applied for large embankment dams due to various limitations. This study proposes a dynamic centrifuge testing method for large embankment dams and evaluated its applicability. Scaling relations for a case which model scale and g-level are different could be derived considering the stress conditions and predominant period of the structure, which is equivalent to previously suggested scaling relations. The scaling principles and testing method could be verified by modified modeling of models using a model at different acceleration levels. Finally, its applicability was examined by centrifuge tests for an embankment dam in Korea.

• Journal of Communications and Networks
• /
• v.17 no.1
• /
• pp.75-83
• /
• 2015

In mobile ad-hoc networks (MANETs), nodes are mobile in nature. Collaboration between mobile nodes is more significant in MANETs, which have as their greatest challenges vulnerabilities to various security attacks and an inability to operate securely while preserving its resources and performing secure routing among nodes. Therefore, it is essential to develop an effective secure routing protocol to protect the nodes from anonymous behaviors. Currently, game theory is a tool that analyzes, formulates and solves selfishness issues. It is seldom applied to detect malicious behavior in networks. It deals, instead, with the strategic and rational behavior of each node. In our study,we used the dynamic Bayesian signaling game to analyze the strategy profile for regular and malicious nodes. This game also revealed the best actions of individual strategies for each node. Perfect Bayesian equilibrium (PBE) provides a prominent solution for signaling games to solve incomplete information by combining strategies and payoff of players that constitute equilibrium. Using PBE strategies of nodes are private information of regular and malicious nodes. Regular nodes should be cooperative during routing and update their payoff, while malicious nodes take sophisticated risks by evaluating their risk of being identified to decide when to decline. This approach minimizes the utility of malicious nodes and it motivates better cooperation between nodes by using the reputation system. Regular nodes monitor continuously to evaluate their neighbors using belief updating systems of the Bayes rule.

• Korea and Global Affairs
• /
• v.2 no.2
• /
• pp.157-184
• /
• 2018

The study has applied the four stage "Model of State Behavior in Crisis" to trace the post 9/11 crisis foreign policy decision making process in Pakistan. It argues that ominous attacks on the United States by al-Qaeda and subsequent declaration of President Bush to fight against terrorism transformed the global and regional politico-security dimensions at t1 stage. Being a neighboring country, Pakistan's support was inevitable in the war on terror and Washington applied coercive diplomacy to win the cooperation from Islamabad. Consequently, in case of decline to accept American demands, Pakistan perceived threat to basic values/objectives of the country and simultaneous time pressure amplified the psychological stress in decision makers at t2 stage. Therefore, the decisional forum was setup at t3 stage and Pakistan decided to join the United States at t4 stage, which defused the foreign policy crisis.