• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.347-363
• /
• 2019

Malware has its own unique behavior characteristics, like DNA for living things. To respond APT (Advanced Persistent Threat) attacks in advance, it needs to extract behavioral characteristics from malware. To this end, it needs to do classification for each malware based on its behavioral similarity. In this paper, various similarity of Windows malware is estimated; and based on these similarity values, malware's family is predicted. The similarity measures used in this paper are as follows: 'TF-IDF cosine similarity', 'Nilsimsa similarity', 'malware function cosine similarity' and 'Jaccard similarity'. As a result, we find the prediction rate for each similarity measure is widely different. Although, there is no similarity measure which can be applied to malware classification with high accuracy, this result can be helpful to select a similarity measure to classify specific malware family.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.45-52
• /
• 2018

As the era of the 4th Industrial Revolution has progressed and the information and communication technologies have developed dramatically, the cyber threats will gradually become more intelligent and sophisticated. Therefore, in order to take systematic and prompt action in case of an accident while preparing measures against the threat, the role of intelligence agency is important. However, Korea is having difficulty in responding to the threats due to the lack of support for the national cybersecurity bill or the amendment bill of the National Intelligence Service. In this paper, I examine the cybersecurity function of the intelligence agency, the recent debate trends, and implications for the role of intelligence agency in our current situation. And then I intend to suggest some measures such as concentration on information gathering and analysis, enhancement of cyber threat prediction and response capacity, and strengthening of legal basis as a way to establish the role of intelligence agency for reinforcement of cybersecurity performance system.

• International Journal of Aerospace System Engineering
• /
• v.3 no.2
• /
• pp.14-21
• /
• 2016

This paper presents research on predicting the possible intercept time for a Nodong missile based on its flight trajectory. North Korea possesses ballistic missiles of various ranges, and nuclear warhead miniaturization tests and ballistic missile launch tests conducted last year and in previous years have made these missiles into a serious security threat for the international community. With North Korea's current miniaturization skills, the range of the nuclear capable Nodong missiles can be adjusted according to their use goals and operating environment by using a variety of adjustment methods such as payload, fuel mass, Isp, loft angle, cut-off, etc., and therefore precise flight trajectory prediction is difficult. In this regards, this research performs model simulations of the flight trajectory of North Korea's domestically developed Nodong missiles and uses these as a basis for predicting the possible intercept times for major ballistic missile defense systems such as PAC-3, THAAD, and SM-3.

• Journal of the Korea Society for Simulation
• /
• v.26 no.2
• /
• pp.51-58
• /
• 2017

This research focuses on convenient radar received power prediction method for detection predictions of North Korea SLBM(Submarine Launched Ballistic Missile). Recently, North Korea tested launching of SLBM which is threatening international security. Therefore, for active respondence to these threat, it is essential to analyze the radar detection prediction of SLBM. In this point of view, this work suggests a method for detection predictions for SLBM by simulating of RCS(Radar Cross Section) and wave propagation.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.115-123
• /
• 2020

Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

• Journal of Korean Society of Disaster and Security
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2016

Today the issue of deterioration of industrial complexes that are located close to life space of residents has been raised as a cause of threats to the safety of local communities. In this study, in order to improve the current risk analysis and scope of community notification, simulated threat zones were comparatively analyzed by utilizing the threat zones of alternative accident scenarios and modes of seasonal weather, and the area with a high probability of damage upon the leakage of toxic substances was predicted by examining wind directions observed at each time slot for each season. In addition, limit evacuation time and minimum separation distance to minimize casualties were suggested, and a proposal to enable more reasonable safety measures for on-site workers and nearby residents made by reviewing the risk management plan currently utilized for emergency response.

• Korean Security Journal
• /
• no.45
• /
• pp.107-127
• /
• 2015

The Chinese urge for the imperial power is a major threat to the today's peaceful international order. Such arrogant and delusional goal could be the very critical obstacle against the Korean security and national interests due to the geographical proximity. Today, the interesting dynamic of Uyghur nationalism, Uyghur terrorism, and the oppressive Chinese state terrorism could provide an meaningful prediction for the situation that the Korean nation may face in the future. In this regard, the present paper describes the interaction between Uyghur nationalism, Uyghur terrorism, and the Chinese state terrorism. The today's terrorism is a multi-dimensional security matter in that national independence, political and economic discrimination, non-state terrorism, and the hegemony competition among superpowers are intricately interrelated. Uyghur terrorism and related matter tend to show the nature of today's terrorism as a multi-dimensional security matter.

• ETRI Journal
• /
• v.42 no.2
• /
• pp.205-216
• /
• 2020

An arbiter physical unclonable function (APUF) has exponential challenge-response pairs and is easy to implement on field-programmable gate arrays (FPGAs). However, modeling attacks based on machine learning have become a serious threat to APUFs. Although the modeling-attack resistance of an MA-APUF has been improved considerably by architecture modifications, the response generation method of an MA-APUF results in low uniqueness. In this study, we demonstrate three design problems regarding the low uniqueness that APUF-based strong PUFs may exhibit, and we present several foundational principles to improve the uniqueness of APUF-based strong PUFs. In particular, an improved MA-APUF design is implemented in an FPGA and evaluated using a well-established experimental setup. Two types of evaluation metrics are used for evaluation and comparison. Furthermore, evolution strategies, logistic regression, and K-junta functions are used to evaluate the security of our design. The experiment results reveal that the uniqueness of our improved MA-APUF is 81.29% (compared with that of the MA-APUF, 13.12%), and the prediction rate is approximately 56% (compared with that of the MA-APUF (60%-80%).

• Journal of the Korean Data and Information Science Society
• /
• v.27 no.1
• /
• pp.1-8
• /
• 2016

In the recently, violent crime and accidental crime has been generated continuously. Consequently, people anxiety has been heightened. The Closed Circuit Television (CCTV) has been used to ensure the security and evidence for the crimes. However, the video captured from CCTV has being used in the post-processing to apply to the evidence. In this paper, we propose a flexible multi-level models for estimating whether dangerous behavior and the environment and context for pedestrians. The situation analysis builds the knowledge for the pedestrians tracking. Finally, the decision step decides and notifies the threat situation when the behavior observed object is determined to abnormal behavior. Thereby, tracking the behavior of objects in a multi-region, it can be seen that the risk of the object behavior. It can be predicted by the behavior prediction of crime.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.173-181
• /
• 2008

Recently, Worm epidemic models have been developed in response to the cyber threats posed by worms in order to analyze their propagation and predict their spread. Some of the most important ones involve mathematical model techniques such as Epidemic(SI), KM (Kermack-MeKendrick), Two-Factor and AAWP(Analytical Active Worm Propagation). However, most models have several inherent limitations. For instance, they target worms that employ random scanning in the network such as CodeRed worm and it was able to be applied to the specified threats. Therefore, we propose the probabilistic of worm propagation based on the Markov Chain, which can be applied to cyber threats such as Mass SQL Injection worm. Using the proposed method in this paper, we can predict the occurrence probability and occurrence frequency for each threats in the entire system.