• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.4
• /
• pp.470-476
• /
• 2019

The pattern locking technique applied to smart phones is a locking technique that many people use conveniently. However, the safety of pattern locking techniques is very low compared with other techniques. The pattern locking technique is vulnerable to a shoulder surfing attack, which is based on the user's input and can be interpreted by looking at the movement of the shoulder, and the smudge attack is also vulnerable due to fingerprint drag marks remaining on the mobile phone pad. Therefore, in this paper, we want to add a new security method to check the pressed time by using a thread in the pattern locking scheme to secure the vulnerability. It is divided into short, middle, and long click according to the pressing time at each point. When dragging using the technique, security performance enhances $3^n$ tiems. Therefore, even if dragging in the same 'ㄱ' manner, it becomes a completely different pattern depending on the pressing time at each point.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.3-16
• /
• 2006

Encipherment in existing OS(Operating Systems) has typically used the techniques which encrypt and decrypt entirely a secret file at the application level with keys chosen by user In this mechanism it causes much overhead on the performance. However when a security-classified user-process writes a secret file, our proposed mechanism encrypts and stores automatically and efficiently the file by providing transparency to the user at the kernel level of Linux. Also when the user modifies the encrypted secret file, this mechanism decrypts partially the file and encrypts partially the file for restoring. When user reads only the part of the encrypted file, this mechanism decrypts automatically and partially the file. Therefore our proposed mechanism provides user much faster enciphering speed than that of the existing techniques at the application level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1105-1114
• /
• 2021

Due to the recent surge in popularity of cryptocurrency, the threat of cryptojacking, a malicious code for mining cryptocurrencies, is increasing. In particular, web-based cryptojacking is easy to attack because the victim can mine cryptocurrencies using the victim's PC resources just by accessing the website and simply adding mining scripts. The cryptojacking attack causes poor performance and malfunction. It can also cause hardware failure due to overheating and aging caused by mining. Cryptojacking is difficult for victims to recognize the damage, so research is needed to efficiently detect and block cryptojacking. In this work, we take representative distinct symptoms of cryptojacking as an indicator and propose a new architecture. We utilized the K-Nearst Neighbors(KNN) model, which trained computer performance indicators as behavior-based dynamic analysis techniques. In addition, a K-means model, which trained the frequency of malicious script words for script similarity-based static analysis techniques, was utilized. The KNN model had 99.6% accuracy, and the K-means model had a silhouette coefficient of 0.61 for normal clusters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.371-379
• /
• 2022

Darknet is based on the characteristics of anonymity and security, and this leads darknet to be continuously abused for various crimes and illegal activities. Therefore, it is very important to detect and classify darknet traffic to prevent the misuse and abuse of darknet. This work proposes a novel approach, which uses the Gradient Boosting techniques for darknet traffic detection and classification. XGBoost and LightGBM algorithm achieve detection accuracy of 99.99%, and classification accuracy of over 99%, which could get more than 3% higher detection accuracy and over 13% higher classification accuracy, compared to the previous research. In particular, LightGBM algorithm could detect and classify darknet traffic in a way that is superior to XGBoost by reducing the learning time by about 1.6 times and hyperparameter tuning time by more than 10 times.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.15-26
• /
• 2022

Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.226-234
• /
• 2024

The frequent handover problem and playing ping-pong effects in 5G (5th Generation) ultra-dense networking cannot be effectively resolved by the conventional handover decision methods, which rely on the handover thresholds and measurement reports. For instance, millimetre-wave LANs, broadband remote association techniques, and 5G/6G organizations are instances of group of people yet to come frameworks that request greater security, lower idleness, and dependable principles and correspondence limit. One of the critical parts of 5G and 6G innovation is believed to be successful blockage the board. With further developed help quality, it empowers administrator to run many systems administration recreations on a solitary association. To guarantee load adjusting, forestall network cut disappointment, and give substitute cuts in case of blockage or cut frustration, a modern pursuing choices framework to deal with showing up network information is require. Our goal is to balance the strain on BSs while optimizing the value of the information that is transferred from satellites to BSs. Nevertheless, due to their irregular flight characteristic, some satellites frequently cannot establish a connection with Base Stations (BSs), which further complicates the joint satellite-BS connection and channel allocation. SF redistribution techniques based on Deep Reinforcement Learning (DRL) have been devised, taking into account the randomness of the data received by the terminal. In order to predict the best capacity improvements in the wireless instruments of 5G and 6G IoT networks, a hybrid algorithm for deep learning is being used in this study. To control the level of congestion within a 5G/6G network, the suggested approach is put into effect to a training set. With 0.933 accuracy and 0.067 miss rate, the suggested method produced encouraging results.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• The Journal of the Korea Contents Association
• /
• v.9 no.7
• /
• pp.257-267
• /
• 2009

This study aims at diagnosing the relationship among user's security need Sufficiency, customer satisfaction and life satisfaction in electronic security system. For the achievement of this study selected electronic security system users in Seoul as a population for about 25 days from June 20$^{th}$, 2008 to July 15$^{th}$, 2008, segmented. This study selected 378 peoples by distributing 400 unities in total for each 80 peoples throughout purposive sampling method. The final 302 samples were used in statistics. Collected data was analyzed based on the aim of this study using SPSSWIN 16.0, and factor analysis, reliability analysis, stepwise multiple regression analysis and path analysis were used as statistic techniques to analyze. The conclusions are the followings; First, The higher bodily, environmental, mental, informational, and physical security need the more body and property protection satisfaction and facility customer satisfaction. The higher bodily, environmental, and mental security need the more employee service satisfaction. Second, The higher bodily, environmental, informational, and physical security need are perceived, the more influence is marked with life satisfaction and security life satisfaction. Third, The higher personal and property protection, facility, and employee service satisfaction the more security life satisfaction. Also, the higher customer service and personal and property protection satisfaction are perceived, the more influence is marked with life satisfaction. Fourth, Security need sufficiency has little influence on life satisfaction directly, but it has high influences on life satisfaction through customer satisfaction of electronic security system.

• Korean Security Journal
• /
• no.16
• /
• pp.243-264
• /
• 2008

Investigation about training of Private Security in Korea has managed status of training and understanding of issue mostly, systematic analysis about transfer effect as well as learning and determinant of training is insufficient. Consequently this investigation research to examine the effect of training program for newly appointed private security guards to learning and transfer then, to analyze factor through incumbent private security guard-oriented hypothesis testing under article 13, section 1 of the security guard law. To grasp effect factors of learning and transfer, this dissertation establishes research model and research hypothesis through domestic and foreign studies and then theoretical as well as positive literatures consideration in the first place. Conclusion of this investigation through techniques mentioned above and data analysis is as follows. First of all, the personal characteristics, training characteristics, work environment, difference of transfer as well as learning are verified in accordance with Sociodemographic characterist of Private Security Guard. After then, there is a difference of great import. Secondly, the effect of personal characteristics of Private Security Guard to the transfer is inspected. As a result, there is a difference of significance statistical. Thirdly, the effect of training characteristics of Private Security Guard to the transfer is inspected. Consequently, there is a difference of import statistical. The following thing, subsequent to inspection about the effect of work environment of Private Security Guard to transfer, statistical difference of import is.