• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.4
• /
• pp.95-102
• /
• 2016

Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.4
• /
• pp.50-55
• /
• 2019

Recently Ransomware attacks are continuously increasing, and new Ransomware, which is difficult to detect just with a basic vaccine, continuously has its upward trend. Various solutions for Ransomware have been developed and applied. However, due to the disadvantages and limitations of existing solutions, damage caused by Ransomware has not been reduced. Ransomware is attacking various platforms no matter what platform it is, such as Windows, Linux, servers, IoT devices, and block chains. However, most existing solutions for Ransomware are difficult to apply to various platforms, and there is a limit that they are dependent on only some specific platforms while operating. This study analyzes the problems of existing Ransomware detection solutions and proposes the onboard module based Ransomware detection system; after the system defines the function of necessary elements through analyzing requirements that can actually reduce the damage caused by the Ransomware from the viewpoint of users, it supports various OS without pre-installation and is able to restore data even after being infected. We checked the feasibility of each function of the proposed system through the analysis of the existing technology and verified the suitability of the proposed techniques to meet the user's requirements through the questionnaire survey of a total of 264 users of personal and corporate PC users. As a result of statistical analysis of the questionnaire results, it was found that the score of intent to introduce the system was at 6.3 or more which appeared to be good, and the score of intent to change from existing solution to the proposed system was at 6.0 which appeared to be very high.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.79-81
• /
• 2014

Recently, It is built various information systems evolve IT skills. But When you build the information system, Difficult to determine whether the appropriate scale and problems that rely heavily on SI companies and professionals. To solve this problem, Korea Information Security Agency, etc., based on the primary objective was to develop H/W Capacity Equation formally to each system type. But the problems are to present H/W capacity equation by discussion of the expert group of suppliers and relatively long that it is difficult to formally apply in the situation now so it is no longer the limit. In this study, we proposes proper capacity planning techniques, which can guarantee the best performance compared to the budget invested. For this purpose, we derived the proper H/W capacity equation by regression analysis to gather performance metrics and cost of various cases by simulation of a virtual environment in the cloud. Through this study, when capacity planning, It is possible to reduce costs that It is possible to build an information system based on the digitized data and build information system in an environment that does not rely on the SI business or professional.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.4
• /
• pp.470-478
• /
• 2019

As the growth of the domestic defense industry is remarkable regarding technology level and export size, technology protection is necessary. Particularly, there is a need to apply anti-tamper measures to prevent critical technologies from illegally being taken out of weapon systems. However, there is no security protection strategy and system built yet in ROK. Precedent studies discussed the trend analysis and technical research for specific protective techniques, and the application of anti-tamper using limited procedures was provided. Recently, methods of how to select the technology for protection were studied based on risk management. Nonetheless, these studies cannot be associated with the acquisition process for the whole life-cycle, having difficulty with actual development and evaluation of the weapon systems. The objective of our study is to derive the system requirements of the weapon system for which anti-tamper measures have been determined to apply. Specifically, requirements items suitable for the development of anti-tamper weapon systems were derived based on ISO/IEC 19790, the CMVP standard for the development and verification of cryptographic modules. Also, its utilization in technical reviews and test & evaluations was presented. The usefulness of the research results was confirmed through inductive inference and comparative evaluation. The result can be expected to play a role in initiating extensive activities needed for technology protection of the weapon systems.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.12
• /
• pp.99-109
• /
• 2018

Tampering involves illegally removing technologies from a protected system through reverse engineering or developing a system without proper authorization. As tampering of a weapon system is a threat to national security, anti-tampering measures are required. Precedent studies on anti-tampering have discussed the necessity, related trends, application cases, and recent cybersecurity-based or other protection methods. In a domestic situation, the Defense Technology Protection Act focuses on how to prevent technology leakage occurring in related organizations through personnel, facilities and information systems. Anti-tampering design needs to determine which technologies are protected while considering the effects of development cost and schedule. The objective of our study is to develop methods of how to select target technologies and determine counter-measures to protect these technologies. Specifically, an evaluation matrix was derived based on the risk analysis concept to select the protection of target technologies. Also, based on the concept of risk mitigation, the classification of anti-tampering techniques was performed according to its applicability and determination of application levels. Results of the case study revealed that the methods proposed can be systematically applied for anti-tampering in weapon system development.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Journal of Digital Convergence
• /
• v.19 no.2
• /
• pp.1-12
• /
• 2021

With the recent 4th Industrial Revolution, the growth and value of big data are continuously increasing, and the government is also actively making efforts to open and utilize public data. However, the situation still does not reach the level of demand for public data use by citizens, At this point, it is necessary to identify research trends in the public data field and seek directions for development. In this study, in order to understand the research trends related to public data, the analysis was performed using topic modeling, which is mainly used in text mining techniques. To this end, we collected papers containing keywords of 'Public data' among domestic and foreign research papers (1,437 domestically, 9,607 overseas) and performed topic modeling based on the LDA algorithm, and compared domestic and foreign public data research trends. After analysis, policy implications were presented. Looking at the time series by topic, research in the fields of 'personal information protection', 'public data management', and 'urban environment' has increased in Korea. Overseas, it was confirmed that research in the fields of 'urban policy', 'cell biology', 'deep learning', and 'cloud·security' is active.

• Maritime Security
• /
• v.1 no.1
• /
• pp.311-343
• /
• 2020

Because of the global warming, the Arctic Ocean is expected to be ice-free by the year 2035. When the Arctic Ocean will be opened, a number of national interests will become more salient as experiencing a shortened sailing distance and decreasing navigation expense, possibility of natural resources transport by sea from Arctic Circle, and indirect-profit making by building a herb port in Asia. To secure the national interests and support the free activities of people in this region, R.O.K government is trying to make advanced policies. In order to carry out the naval tasks in the Arctic Ocean, using the operational characteristics(mobility, flexibility, sustainability, presence of capabilities, projection) is necessary. To this end, ROK Navy should analyze the operational environment (O.E.) by its capability(weakness and strength), opportunity, and threat. R.O.K. Navy should make an effort over the following issues to implement the tasks in the Arctic Ocean: first, Navy needs to map out her own plan (Roadmap) under the direction of government policies and makes crews participate in the education·training programs in home and abroad for future polar experts. Third, to develop the forces and materials for the tasks in cold, far operations area, Navy should use domestic well-experienced shipbuilding skills and techniques of the fourth industrial revolution. Next, improving the combined operations capabilities and military trust with other countries in the Arctic region to cover the large area with lack of forces' number and to resolve the ports of call issues. Lastly, preparation in advance to execute a variety of missions against military and non-traditional threats such as epidemics, HA/DR, SOLAS, in the future operation area is required.

• Journal of Digital Convergence
• /
• v.20 no.4
• /
• pp.45-54
• /
• 2022

This study examines the actual operation and performance of the public participation platform by analyzing various public participation processes from 2018 to 2021, when 'Gwanghwamun 1st Street', a representative public participation platform operated by the Ministry of Public Administration and Security, was launched. Through this, the influencing factors that were able to successfully induce the process of policyization through public participation were derived as follows. First, online participation channels were diversified to encourage public participation. Second, it is also important that the public opinion contest and compensation for public review were implemented to encourage and expand public participation. Third, the participation of experts was encouraged to refine and refine the people's ideas. Through these research results, it is judged that the Korean government will be able to contribute to inducing the policyization process through continuous public participation. In deriving success factors for policyization through public participation in the future, how influencing factors such as the public participation process, communication through online channels, and collaboration with experts affect the public participation process using quantitative analysis techniques A study to prove it will have to be conducted subsequently.

• The Journal of the Korea Contents Association
• /
• v.22 no.3
• /
• pp.380-389
• /
• 2022

Service design refers to an activity to design a user's service experience and a design area for professionally executing it. In order to design services from the people's point of view away from the supplier-oriented policy decisions in the past, the recent public participation business model using the service design methodology is increasing. In particular, the Ministry of Public Administration and Security formed the 'National Design Team' in 2014 to design services from the perspective of the public throughout the policy process. The public participatory policy model is being operated in which the public as policy consumers, service designers and public officials as suppliers participate in the overall policy process to develop and develop public services through service design techniques. This study is meaningful in that it presented the developmental direction of the actual project site through the case of the National Design Team sign improvement project with the goal of establishing a regional revitalization strategy using the service design methodology. However, as this study is about the current project, verification of the application of future project sites and user satisfaction evaluation have not been conducted. When the project is completed in the future, it is necessary to conduct a project satisfaction survey targeting consumers.