• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.5
• /
• pp.3121-3131
• /
• 2014

Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.8
• /
• pp.95-104
• /
• 2013

DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1595-1606
• /
• 2018

Recently, there has been an increase in the number of social engineering techniques that indirectly attack the target system administrators or organizational weaknesses rather than the traditional technical cyber attacks that directly attacked the target systems. Accordingly, the type analysis and case study of social engineering techniques are being actively conducted. There has been, however, little effort to derive an analysis model that systematically analyzes social engineering based cyberspace operations. Therefore, this paper aims at building a Social Engineering Based Cyberspace Operations Analysis Model, which can be used as a reference framework for a case study or attack scenario generation of social engineering based cyberspace operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.795-805
• /
• 2019

Recently, there is a growing interest in network anomaly detection technology to tackle unknown attacks. For this purpose, diverse studies using data mining, machine learning, and deep learning have been applied to detect network anomalies. In this paper, we evaluate the decision tree to see its feasibility for network anomaly detection on NSL-KDD data set, which is one of the most popular data mining techniques for classification. In order to handle the over-fitting problem of decision tree, we select 13 features from the original 41 features of the data set using chi-square test, and then model the decision tree using TensorFlow and Scik-Learn, yielding 84% and 70% of binary classification accuracies on the KDDTest+ and KDDTest-21 of NSL-KDD test data set. This result shows 3% and 6% improvements compared to the previous 81% and 64% of binary classification accuracies by decision tree technologies, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.519-529
• /
• 2019

Nowadays, intelligent Android malware applies anti-analysis techniques to hide malicious behaviors and make it difficult for anti-virus vendors to detect its presence. Malware can use background components to hide harmful operations, use activity-alias to get around with automation script, or wipe the logcat to avoid forensics. During our study, several static analysis tools can not extract these hidden components like main activity, and dynamic analysis tools also have problem with code coverage due to partial execution of android malware. In this paper, we design and implement a system to analyze intelligent malware that uses anti-analysis techniques to improve detection rate of evasive malware. It extracts the hidden components of malware, runs background components like service, and generates all the intent events defined in the app. We also implemented a real-time logging system that uses modified logcat to block deleting logs from malware. As a result, we improve detection rate from 70.9% to 89.6% comparing other container based dynamic analysis platform with proposed system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.589-598
• /
• 2019

The amount of digital data a is explosively growing, and these data have large potential values. Countries and companies are creating various added values from vast amounts of data, and are making a lot of investments in data analysis techniques. The privacy problem that occurs in data analysis is a major factor that hinders data utilization. Recently, as privacy violation attacks on neural network models have been proposed. researches on artificial neural network technology that preserves privacy is required. Therefore, various privacy preserving artificial neural network technologies have been studied in the field of differential privacy that ensures strict privacy. However, there are problems that the balance between the accuracy of the neural network model and the privacy budget is not appropriate. In this paper, we study differential privacy techniques that preserve the performance of a model within a given privacy budget and is resistant to model inversion attacks. Also, we analyze the resistance of model inversion attack according to privacy preservation strength.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.93-102
• /
• 2018

The drug trade among the general public via the Internet and sns have been increasing, which is becoming a social problem. The general public believe that even if they do the drug trade via the Internet and sns the probability of detection is low. so they will conduct drug trade via the Internet and sns. Therefore, if the general public recognize that there is a high likelihood of disclosure, drug trade via the Internet and sns are likely to decline. If the possibility of punishment increases through specification of controlled delivery techniques and Introduction of entrapment investigator, it seems that the general public can not easily deal with drug trade via the Internet and sns. Also by further subdividing the penalties for drug offenses, for simple drug buyers through cure-oriented treatment rather than punishment drug demand be suppressed and penalties for drug suppliers should be strengthened.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.77-88
• /
• 2018

The purposes of this paper are to research the military utilization of weather modification techniques and to induce their research priority when considering the Korean Peninsular environment and technical level. To achieve these goals, the advantages and disadvantages of weather modification technologies have been discussed, and the evaluation index evaluation was derived through the Delphi method, and the weight of the evaluation index and the final research priority were induced through analytic hierarchical process. Analysis shows that the ionospheric modulation technology has the highest priority in terms of effectiveness as a weapon system and compatibility in the Korean Peninsula environment. It is expected that Korean ionosphere modification can disturb C4ISR function of the enemy and guarantee ours reliably when operating PGM, military satellite, surveillance & reconnaissance equipments, etc. Other weather modification technologies except for ionosphere modification should be developed gradually in that potential threat can be expanded to neighboring countries after the Unification of the Korea.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.67-79
• /
• 2021

Lessons Learned(LL) is a military term defined as all activities that promote future development by finding problems and need improvement in education and reality in the field of warfare development. In this paper, we focus on presenting actual examples and applying AI analysis inference techniques to solve revealed problems in promoting LL activities, such as long-term analysis, budget problems, and necessary expertise. AI legal advice services using cognitive computing-related technologies that have already been practical and in use, were judged to be the best examples to solve the problems of LL. This paper presents intelligent LL inference techniques, which utilize AI. To this end, we want to explore theoretical backgrounds such as LL analysis definitions and examples, evolution of AI into Machine Learning, cognitive computing, and apply it to new technologies in the defense sector using the newly proposed L²-OODA ensemble algorithm to contribute to implementing existing power improvement and optimization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.2
• /
• pp.83-92
• /
• 1999

Cryptography techniques can prevent eavesdroppers from maliciously intercepting or modifying sensitive information. however misuses of encryption may cause other problems First if the encryption key is lost or damaged even an authorized access to the original data will be denied. Second criminals can prevent authorized law enforcement officers from examining the necessary information by using the strong encrypted data can provide solutions for the situations. In this paper we propose a new key escrow system based on the ElGamal cryptosystem. Our system provide time-bound eavesdropping under court authorized permission protect from trustee's cheating and prevent user's shadow public key generation.