• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.131-140
• /
• 1997

인터넷 등의 전산망을 통한 정보관련 서비스는 여러 가지 보안 취약점에 노출되어 해커들의 주요 공격 대상이 되고, 특히 WWW 관련 서비스는 불특정 다수를 대상으로 하기 때문에 접근 통제방식으로 어려움이 많고, 최근 많이 사용되는 방화벽이나 기타 보안도구를 이용하여 보안 수준을 높일 수가 없다. 그래서 본 논문에서는 해커들이 공격 가능한 취약점들을 분석하여 해커들의 공격을 사전 방지하고, 올바른 해킹방지 대책를 수립할 수 있는 전산망 취약점 원격 진단시스템 모델을 제시하고, 이에 대한 설계 및 구현내용을 설명한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.295-310
• /
• 2014

DCS (Distributed Control System), the main control system of power plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS is becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet designed for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usually have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and low failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's policy. If DCS is exposed a potential vulnerability, serious concerns are to be expected. In this paper, we conduct the penetration test by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to detect the security infringement and react the incident effectively.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.453-458
• /
• 2001

악의의 침입자로부터 시스템을 보호하기 위한 첫 번째 단계는 시스템의 취약점을 분석하는 일이다. 기존의 시스템 취약점 분석 방법은 주로 네트워크 기반 취약점 점검 도구에 의존해 왔다. 하지만, 네트워크 기반 취약점 점검 도구는 대상 시스템의 제한된 정보만을 이용하여 취약점을 점검하기 때문에 시스템의 모든 취약점에 대한 검사가 불가능하다는 단점이 있다. 호스트 기반 취약점 점검 도구를 사용하면 시스템 내부의 모든 정보를 이용할 수 있지만, 시스템의 OS 종류나 버전에 따라 각기 다른 호스트 기반 취약점 점검 도구를 개발해야 한다는 단점이 있다. 또한, 호스트 기반 취약점 점검 도구들은 많은 호스트들을 동시에 점검하기 힘들다는 점이 문제로 지적되고 있다. 본 논문에서는 호스트 기반 취약점 점검 도구를 에이전트로 구현하여 대상 시스템에 설치하고, 하나의 관리 프로그램에서 여러 에이전트들을 관리함으로써 동시에 많은 호스트의 취약점들을 관리할 수 있는 모델인 ISMAEL을 제시한다. 또한 ISMAEL은 OS에 맞는 여러 호스트 기반 취약점 점검 도구들을 개발해야 하는 문제를 해결하기 위해 OS에 독립인 부분만을 뽑아내고, 그 외 OS에 종속된 부분은 Library 형태로 제공하여, OS에 독립인 부분에서 이 Library를 참조하여 특정 취약점 점검 코드를 자동 생성하고 이를 실행하여 취약성 여부를 판단할 수 있는 구조를 채택하고 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.5
• /
• pp.1-10
• /
• 2024

Attackers tend to use similar vulnerabilities when finding their next target IT assets. They also continuously search for new attack targets. Therefore, it is essential to find the potential targets of attackers in advance. Our method proposes a novel approach for efficient vulnerable asset management and zero-day response. In this paper, we propose the ability to detect the IT assets that are potentially infected by the recently discovered vulnerability based on clustering and similarity results. As the experiment results, 86% of all collected assets are clustered within the same clustering. In addition, as a result of conducting a similarity calculation experiment by randomly selecting vulnerable assets, assets using the same OS and service were listed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1025-1036
• /
• 2016

The conversion of the international standard web utilization HTML5 technology is being developed for improvement of the internet environment based on nonstandard technology like ActiveX. Hyper Text Markup Language 5 (HTML5) of basic programming language for creating a web page is designed to consider the security more than HTML4. However, the range of attacks increased and a variety of security threats generated from HTML4 environment inherited by new HTML5 API. In this paper, we focus on the script-based attack such as CSRF (Cross-Site Request Forgery), Cookie Sniffing, and HTML5 API such as CORS (Cross-Origin Resource Sharing), Geolocation API related with the infringement of the personal information. We reproduced the infringement cases actually and embodied a detection module of a Plug-in type diagnosed based on client. The scanner allows it to detect and respond to the vulnerability of HTML5 previously, thereby self-diagnosing the reliability of HTML5-based web applications or web pages. In a case of a new vulnerability, it also easy to enlarge by adding another detection module.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.115-125
• /
• 2003

As Web services are generally open for external uses and not filtered by Firewall, these result in attacker's target. Web attacks which exploit vulnerable web-applications and malicious users' requests cause economical and social problems. In this paper, we are modelling general web service usages based on user-web-session and detect anomal usages with Bayesian estimation method. Finally we propose SAD(Session Anomaly Detection) for detection unknown web attacks. To evaluate SAD, we made an experiment on attack simulation with web vulnerability scanner, whisker. The results show that the detection rate of SAD is over 90%, which is influenced by several features such as size of window or training set, detection filter method and web topology.