• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.19-29
• /
• 2024

A crypto-jacking attack is an attack that infringes on the availability of users by stealing computing resources required for cryptocurrency mining. The target of the attack is gradually diversifying from general desktop or server environments to cloud environments. Therefore, it is essential to apply a crypto-minor detection technique suitable for various computing environments. However, since the existing detection methodologies have only been detected in a specific environment, comparative analysis has not been properly performed on the methodologies that can be applied to each environment. Therefore, in this study, classification criteria for conventional crypto-minor detection techniques are established, and a complex and integrated detection framework applicable to the cloud environment is presented through in-depth comparative analysis of existing crypto-minor detection techniques based on different experimental environments and datasets.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Korean Security Journal
• /
• no.31
• /
• pp.73-100
• /
• 2012

Republic of Korea for the last 2012 nuclear security summit in Seoul in three days from March 26, has held great success. This industry watchers at home and abroad through professional meetings and private organizations to promote global nuclear security was intended to draw, for the preparation of this event the most important one of the things that should be addressed at the meeting was over the top guard. The national guard of heads of state and nationally significant as the important issues should be dealt with. So who is responsible for national security summit national guard for a successful guard against participants should have a higher understanding, these stories ever to be dealt with important security subjects is the psychological state of cognition. This study is currently a source of honor to escort the psychological state of subjects, and whether the search as I looked at cognition. Qualitative research methods to conduct research in-depth interview technique was used for one of the transcribed data analysis program, a non-quantitative data were analyzed using NVivo 8. As a result of this study, analysis of the problem compared with the usual methods 39 (72.2%), fine-grained observation and 15 (27.7%), through the media how cognition 41 (73.2%), marginal help of 15 (26.7%) were. The usual comparison with how honored Issue sources to detect security of those words and actions and facial expressions, etc. Security of subjects over the state of mind cognition that he, detailed observation of the national guard to security subjects the psychological state of cognition which are pre-Thorough Information subjects that can have all the information about security and the state can be obtained by saying that. Media coverage through a cognitive approach national guard of the media coverage to understand the security subjects of the political situation to understand the prerequisite that were marginal for help through the cognitive approach of security subjects surrounding the execution of security workers, Secretary in charge of protocol and security, and be propagated through the selection techniques to be utilized was that.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.337-346
• /
• 2010

The purpose of this study is to explore how security science graduates in casinos are socialized into the workplace. Participants for this study were seven security guards who work for two of three casinos for foreign customers in the city of Seoul. All the participants majored in the security science in colleges. They had 1 to 5 years of work experience. Their main job responsibilities were deterrent to crimes and watch for impending danger in the casinos. A variety of qualitative data collection techniques for this study included formal and informal interviews, stimulated-recall interview, observations, and field notes. Analytic induction and constant comparison were utilized to analyze data. Triangulating and member checks were employed to enhance trustworthiness. The findings of this study were as follow: Firstly, In acculturation, sports experience and media attraction were revealed as factors. Secondly, In professional socialization, college education and senior students in the program were found. Lastly, organizational socialization, Difficulty of relationship, lack of risk management training, lack of team cohesion, pride himself as a security guard, and unclear evaluation system. In conclusion, a variety of influential factors appeared through his occupational socialization even though there were negative and positive factors.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.12
• /
• pp.76-82
• /
• 2019

The development of Internet technology and the deployment of smart devices provide a convenient environment for people, and this is becoming common with the technology called the Internet of Things (IoT). But the development of, and demand for, IoT technology is causing various problems, such as personal information leaks due to the attacks of hackers who exploit it. A number of devices are connected to a network, and network attacks that have been exploited in the existing PC environment are occurring in the IoT environment. When it comes to IP cameras, security incidents (such as distributed denial of service [DDoS] attacks, hacking someone's personal information, and monitoring without consent) are occurring. However, it is difficult to install and implement existing security solutions because memory space and power are limited owing to the characteristics of small devices in the IoT environment. Therefore, this paper proposes a security protocol that can look at and prevent IoT security threats. A security assessment verified that the proposed protocol is able to respond to various security threats that could arise in a network. Therefore, it is expected that efficient operation of this protocol will be possible if it is applied to the IoT environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.871-883
• /
• 2014

New types of attacks that mainly compromise the public, portal and financial websites for the purpose of economic profit or national confusion are being emerged and evolved. In addition, in case of 'drive by download' attack, if a host just visits the compromised websites, then the host is infected by a malware. Website falsification detection system is one of the most powerful solutions to cope with such cyber threats that try to attack the websites. Many domestic CERTs including NCSC (National Cyber Security Center) that carry out security monitoring and response service deploy it into the target organizations. However, the existing techniques for the website falsification detection system have practical problems in that their time complexity is high and the detection accuracy is not high. In this paper, we propose website falsification detection system based on image and code analysis for improving the performance of the security monitoring and response service in CERTs. The proposed system focuses on improvement of the accuracy as well as the rapidity in detecting falsification of the target websites.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.5B
• /
• pp.260-267
• /
• 2008

As pervious the SAR(Security Aware Routing)[10] protocol is an secure Ad Hoc network protocol that finds a secure path, it is the security routing protocol that uses the security level of nodes as the routing information. However, the SAR protocol sometimes transfers data through inefficient transmission paths because it always tries to find secure nodes for a safe transmission. Since it is a protocol based on AODV[6], it will cause transmission delay as researching of security routing path. when a node is out of the data transmission range as its battery dying or movement. Although it is possible to connection of nodes because a characteristic of the SAR protocol, the connection is not easy to reconnect when the security level of intermediate node is lower than the level requested by a source node. In this paper, we suggest the MP-SAR based on the SAR to solve the SAR protocol's problem. The MP-SAR seeks multiple secure path for maintenance of data confidentiality using the expanded secure path detection techniques based on the SAR. It can transfer data quickly and reliably by using the shortest efficient path among multiple paths. In the research result, we proved a outstanding performance of MP-SAR than the previous SAR through comparison and analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.83-93
• /
• 2009

In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spamming. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this study, we suggest an architecture to detect and regulate botnets using cooperative design which includes modules of gathering network traffics and sharing botnet information between ISPs or nations. Proposed architecture is effective to reveal evasive and world-wide botnets, because it does not depend on specific systems or hardwares, and has broadband cooperative framework.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.91-105
• /
• 2024

As the number of cases of applying IT systems to the existing isolated ICS (Industrial Control System) network environment continues to increase, security threats in the ICS environment have rapidly increased. Security threat scenarios help to design security strategies in cybersecurity training, including analysis, prediction, and response to cyberattacks. For successful cybersecurity training, research is needed to develop valid and reliable security threat scenarios for meaningful training. Therefore, this paper proposes a case-based security threat scenario development methodology for cybersecurity training in the ICS environment. To this end, we develop a methodology consisting of five steps based on analyzing actual cybersecurity incident cases targeting ICS. Threat techniques are standardized in the same form using objective data based on the MITER ATT&CK framework, and then a list of CVEs and CWEs corresponding to the threat technique is identified. Additionally, it analyzes and identifies vulnerable functions in programming used in CWE and ICS assets. Based on the data generated up to the previous stage, develop security threat scenarios for cybersecurity training for new ICS. As a result of verification through a comparative analysis between the proposed methodology and existing research confirmed that the proposed method was more effective than the existing method regarding scenario validity, appropriateness of evidence, and development of various scenarios.