• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.11
• /
• pp.2514-2520
• /
• 2010

The objective of this paper is to propose the methodology for automated generation of the optimal security defense strategies using evolutionary techniques. As damages by penetration exploiting vulnerability in computer systems and networks are increasing, security techniques have been researched actively. However it is difficult to generate optimal defense strategies because it needs to consider various situations on network environment according to countermeasures. Thus we have adopted a genetic algorithm in order to generate an optimal defense strategy as combination of countermeasures. We have represented gene information with countermeasures. And by using simulation technique, we have evaluated fitness through evaluating the vulnerability of system having applied various countermeasures. Finally, we have examined the feasibility by experiments on the system implemented by proposed method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.360-369
• /
• 2014

Underwater Acoustic Sensor Networks(UASN) enables varied study from collected data of underwater environments such as pollution monitoring, disaster prevention. The collected data is transmitted from underwater to terrestrial communication entity by acoustic communication. Because of the constraints of underwater environments include low data rate and propagation delay, it is difficult to apply cryptographic techniques of terrestrial wireless communication to UASN. For this reason, if the cryptographic techniques are excluded, then collected data will be exposed to security threats, such as extortion and forgery, during transmission of data. So, the cryptographic techniques, such as the authentication and key establishment protocol which can confirm reliability of communication entities and help them share secret key for encryption of data, must need for protecting transmitted data against security threats. Thus, in this paper, we propose the light weight authentication and key establishment protocol.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.97-105
• /
• 2022

This paper explains trends in security technologies for ICS. Since ICS is usually applied to large-scale national main infrastructures and industry fields, minor errors caused by cyberattack could generate enormous economic cost. ICS has different characteristic with commonly used IT systems, so considering security threats of ICS separately with IT is needed for developing modern security technology. This paper introduce framework for ICS that analyzes recent cyberattack tactics & techniques and find out trends in Intrusion Detection System (IDS) which is representative technology for ICS security, and analyzes AI technologies used for IDS. Specifically, this paper explains data collection and analysis for applying AI techniques, AI models, techniques for evaluating AI Model.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.77-82
• /
• 2010

Cloud computing is defined as numerous concepts by research institutions and scholars. However, due to the present business trend in the IT sector, emphasizing on cost and efficiency, cloud computing has been defined as a form of computing which can provide extendable mass storage components in the virtual environment. As a result, security issues have been arising due to the variety of cloud computing services provided by the industries. This paper aims to analyze the weaknesses such as security techniques and inquiries, and personal information protection required for various cloud computing services.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.43-55
• /
• 2015

Security infrastructure of Educational Network responds to threats by collecting and analyzing security events from various information protection system based on the integrated management system. Even if this system provides useful and detailed information to the administrator, there are some problems that this system does not provide effective response process and management systems for various threatening situations and the simultaneous threat processes. To solve this problem, we propose and develop security agents that enable the administrator to effectively manage integrated security for Educational Network. The proposed solution provides the administrator with efficient management techniques and process scheduling for various security events so that the administrator can response promptly to problems with the initial threat to Educational Network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.147-155
• /
• 2010

It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

• Journal of KIISE:Information Networking
• /
• v.31 no.2
• /
• pp.171-178
• /
• 2004

Port scanning detection systems should rather satisfy a certain level of the requirement for system performance like a low rate of “False Positive” and “False Negative”, and requirement for convenience for users to be easy to manage the system security with detection systems. However, public domain Real Time Scan Detection Systems have high rate of false detection and have difficulty in detecting various scanning techniques. In addition, as current real time scan detection systems are based on command interface, the systems are poor at user interface and thus it is difficult to apply them to the system security management. Hence, we propose TkRTSD(Tcl/Tk Real Time Scan Detection System) that is able to detect various scan attacks based on port scanning techniques by applying a set of new filter rules, and minimize the rate of False Positive by applying proposed ABP-Rules derived from attacker's behavioral patterns. Also a GUI environment for TkRTSD is implemented by using Tcl/Tk for user's convenience of managing network security.

• Journal of the Korean Society of Industry Convergence
• /
• v.20 no.2
• /
• pp.177-186
• /
• 2017

With the latest developments in ICT(Information Communication Technology) technology, research on Intelligent Car, Connected Car that support autonomous driving or services is actively underway. It is true that the number of inputs linked to external connections is likely to be exposed to a malicious intrusion. I studied possible security issues that may occur within the Connected Car. A variety of security issues may arise in the use of CAN, the most typical internal network of vehicles. The data can be encrypted by encrypting the entire data within the CAN network system to resolve the security issues, but can be time-consuming and time-consuming, and can cause the authentication process to be carried out in the event of a certification procedure. To resolve this problem, CAN network system can be used to authenticate nodes in the network to perform a unique authentication of nodes using nodes in the network to authenticate nodes in the nodes and By encoding the ID, identifying the identity of the data, changing the identity of the ID and decryption algorithm, and identifying the cipher and certification techniques of the external invader, the encryption and authentication techniques could be detected by detecting and verifying the external intruder. Add a monitoring node to the CAN network to resolve this. Share a unique ID that can be authenticated using the server that performs the initial certification of nodes within the network and encrypt IDs to secure data. By detecting external invaders, designing encryption and authentication techniques was designed to detect external intrusion and certification techniques, enabling them to detect external intrusions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.89-98
• /
• 2022

As deep learning technology was applied to various fields, research on adversarial attack techniques, a security problem of deep learning models, was actively studied. adversarial attacks have been mainly studied in the field of images. Recently, they have even developed a complete decision-based attack technique that can attack with just the classification results of the model. However, in the case of the audio field, research is relatively slow. In this paper, we applied several decision-based attack techniques to the audio field and improved state-of-the-art attack techniques. State-of-the-art decision-attack techniques have the disadvantage of requiring many queries for gradient approximation. In this paper, we improve query efficiency by proposing a method of reducing the vector search space required for gradient approximation. Experimental results showed that the attack success rate was increased by 50%, and the difference between original audio and adversarial examples was reduced by 75%, proving that our method could generate adversarial examples with smaller noise.

• Journal of Positioning, Navigation, and Timing
• /
• v.12 no.4
• /
• pp.437-445
• /
• 2023

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)'s standard documents, former U.S. President Trump's executive orders, and presents risk management activities. This paper also explores cybersecurity's tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.