• Information Systems Review
• /
• v.19 no.3
• /
• pp.201-228
• /
• 2017

Vulnerability information, which can cause serious damage to information assets, has become a valuable commodity, thereby leading to the creation of a vulnerability market. Vulnerability information is traded on the vulnerability market from several hundred dollars to hundreds of thousands of dollars depending on its severity and importance, and the types and scope of the vulnerability markets are varying. Based on previous studies on vulnerability markets and hackers, this study empirically analyzed the effects of the security researcher's vulnerability research motivation on his/her vulnerability market use intention. The results are discussed as follows. First, vulnerability research self-efficacy had a significant effect on flow and on white and black market use intention but not on perceived benefit. Second, flow had a significant effect on perceived benefit and on black market use intention but had no effect on white market use intention. Third, perceived profit had a significant effect on white and black market use intention. Fourth, vulnerability research self-efficacy had a significant effect on perceived benefit through flow. Fifth, flow had a significant effect on white and black market use intention through perceived profit. These findings can be used to predict the behavior of security researchers who have experience in exploiting vulnerabilities.

• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

• Korean Security Journal
• /
• no.39
• /
• pp.319-353
• /
• 2014

Cyber-based technologies are now ubiquitous around the glob and are emerging as an "instrument of power" in societies, and are becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. The globe-spanning range of cyberspace and no national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies. Through cyberspace, competitive powers will target industry, academia, government, as well as the military in the air, land, maritime, and space domains of our nations. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Cyberthreats to the infrastructure and other assets are a growing concern to policymakers. In 2013 Cyberwarfare was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. The new United States military strategy makes explicit that a cyberattack is casus belli just as a traditional act of war. The Economist describes cyberspace as "the fifth domain of warfare and writes that China, Russia, Israel and North Korea. Iran are boasting of having the world's second-largest cyber-army. Entities posing a significant threat to the cybersecurity of critical infrastructure assets include cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists. These malefactors may access cyber-based technologies in order to deny service, steal or manipulate data, or use a device to launch an attack against itself or another piece of equipment. However because the Internet offers near-total anonymity, it is difficult to discern the identity, the motives, and the location of an intruder. The scope and enormity of the threats are not just focused to private industry but also to the country's heavily networked critical infrastructure. There are many ongoing efforts in government and industry that focus on making computers, the Internet, and related technologies more secure. As the national intelligence institution's effort, cyber counter-intelligence is measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. However one of the hardest issues in cyber counterintelligence is the problem of "Attribution". Unlike conventional warfare, figuring out who is behind an attack can be very difficult, even though the Defense Secretary Leon Panetta has claimed that the United States has the capability to trace attacks back to their sources and hold the attackers "accountable". Considering all these cyber security problems, this paper examines closely cyber security issues through the lessons from that of U.S experience. For that purpose I review the arising cyber security issues considering changing global security environments in the 21st century and their implications to the reshaping the government system. For that purpose this study mainly deals with and emphasis the cyber security issues as one of the growing national security threats. This article also reviews what our intelligence and security Agencies should do among the transforming cyber space. At any rate, despite of all hot debates about the various legality and human rights issues derived from the cyber space and intelligence service activity, the national security should be secured. Therefore, this paper suggests that one of the most important and immediate step is to understanding the legal ideology of national security and national intelligence.

• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.4
• /
• pp.175-181
• /
• 2024

The U.N. Security Council's North Korea Sanctions Committee estimated that the amount of North Korea's cyberattacks on virtual asset-related companies from 2017 to 2023 was about 4 trillion won. North Korea's cyberattacks have secured funds through cryptocurrency hacking as it has been restricted from securing foreign currency due to economic sanctions by the international community, and it also shows the form of technology theft against defense companies, and illegal assets are being used to maintain the Kim Jong-un regime and develop nuclear and missile development. When North Korea conducted its sixth nuclear test on September 3, 2017, and declared the completion of its national nuclear armament following the launch of an intercontinental ballistic missile on November 29 of the same year, the U.N. imposed sanctions on North Korea, which are considered the strongest economic sanctions in history. In these difficult economic situations, North Korea tried to overcome the crisis through cyberattacks, but as a result of analyzing the changes through the North's cyber attack cases, the strategic goal from the first period from 2009 to 2016 was to verify and show off North Korea's cyber capabilities through the neutralization of the national network and the takeover of information, and was seen as an intention to create social chaos in South Korea. When foreign currency earnings were limited due to sanctions against North Korea in 2016, the second stage seized virtual currency and secured funds to maintain the Kim Jong-un regime and advance nuclear and missile development. The third stage is a technology hacking of domestic and foreign defense companies, focusing on taking over key technologies to achieve the five strategic weapons tasks proposed by Chairman Kim Jong-un at the 8th Party Congress in 2021. At the national level, security measures for private companies as well as state agencies should be established against North Korea's cyberattacks, and measures for legal systems, technical problems, and budgets related to science are urgently needed. It is also necessary to establish a system and manpower to respond to the ever-developing cyberattacks by focusing on cultivating and securing professional manpower such as white hackers.

• Journal of Intelligence and Information Systems
• /
• v.24 no.2
• /
• pp.195-220
• /
• 2018

In this study, we conducted an empirical analysis of the factors that affect the change of Bitcoin Closing Price. Previous studies have focused on the security of the block chain system, the economic ripple effects caused by the cryptocurrency, legal implications and the acceptance to consumer about cryptocurrency. In various area, cryptocurrency was studied and many researcher and people including government, regardless of country, try to utilize cryptocurrency and applicate to its technology. Despite of rapid and dramatic change of cryptocurrencies' price and growth of its effects, empirical study of the factors affecting the price change of cryptocurrency was lack. There were only a few limited studies, business reports and short working paper. Therefore, it is necessary to determine what factors effect on the change of closing Bitcoin price. For analysis, hypotheses were constructed from three dimensions of consumer, industry, and macroeconomics for analysis, and time series data were collected for variables of each dimension. Consumer variables consist of search traffic of Bitcoin, search traffic of bitcoin ban, search traffic of ransomware and search traffic of war. Industry variables were composed GPU vendors' stock price and memory vendors' stock price. Macro-economy variables were contemplated such as U.S. dollar index futures, FOMC policy interest rates, WTI crude oil price. Using above variables, we did times series regression analysis to find relationship between those variables and change of Bitcoin Closing Price. Before the regression analysis to confirm the relationship between change of Bitcoin Closing Price and the other variables, we performed the Unit-root test to verifying the stationary of time series data to avoid spurious regression. Then, using a stationary data, we did the regression analysis. As a result of the analysis, we found that the change of Bitcoin Closing Price has negative effects with search traffic of 'Bitcoin Ban' and US dollar index futures, while change of GPU vendors' stock price and change of WTI crude oil price showed positive effects. In case of 'Bitcoin Ban', it is directly determining the maintenance or abolition of Bitcoin trade, that's why consumer reacted sensitively and effected on change of Bitcoin Closing Price. GPU is raw material of Bitcoin mining. Generally, increasing of companies' stock price means the growth of the sales of those companies' products and services. GPU's demands increases are indirectly reflected to the GPU vendors' stock price. Making an interpretation, a rise in prices of GPU has put a crimp on the mining of Bitcoin. Consequently, GPU vendors' stock price effects on change of Bitcoin Closing Price. And we confirmed U.S. dollar index futures moved in the opposite direction with change of Bitcoin Closing Price. It moved like Gold. Gold was considered as a safe asset to consumers and it means consumer think that Bitcoin is a safe asset. On the other hand, WTI oil price went Bitcoin Closing Price's way. It implies that Bitcoin are regarded to investment asset like raw materials market's product. The variables that were not significant in the analysis were search traffic of bitcoin, search traffic of ransomware, search traffic of war, memory vendor's stock price, FOMC policy interest rates. In search traffic of bitcoin, we judged that interest in Bitcoin did not lead to purchase of Bitcoin. It means search traffic of Bitcoin didn't reflect all of Bitcoin's demand. So, it implies there are some factors that regulate and mediate the Bitcoin purchase. In search traffic of ransomware, it is hard to say concern of ransomware determined the whole Bitcoin demand. Because only a few people damaged by ransomware and the percentage of hackers requiring Bitcoins was low. Also, its information security problem is events not continuous issues. Search traffic of war was not significant. Like stock market, generally it has negative in relation to war, but exceptional case like Gulf war, it moves stakeholders' profits and environment. We think that this is the same case. In memory vendor stock price, this is because memory vendors' flagship products were not VRAM which is essential for Bitcoin supply. In FOMC policy interest rates, when the interest rate is low, the surplus capital is invested in securities such as stocks. But Bitcoin' price fluctuation was large so it is not recognized as an attractive commodity to the consumers. In addition, unlike the stock market, Bitcoin doesn't have any safety policy such as Circuit breakers and Sidecar. Through this study, we verified what factors effect on change of Bitcoin Closing Price, and interpreted why such change happened. In addition, establishing the characteristics of Bitcoin as a safe asset and investment asset, we provide a guide how consumer, financial institution and government organization approach to the cryptocurrency. Moreover, corroborating the factors affecting change of Bitcoin Closing Price, researcher will get some clue and qualification which factors have to be considered in hereafter cryptocurrency study.

• Information Systems Review
• /
• v.14 no.3
• /
• pp.75-97
• /
• 2012

Fostering trusting belief in financial transactions is a challenging task in Internet banking services. Authenticated Certificate had been regarded as an effective method to guarantee the trusting belief for online transactions. However, previous research claimed that this method has some loopholes for such abusers as hackers, who intend to attack the financial accounts of innocent transactors in Internet. Two types of methods have been suggested as alternatives for securing user identification and activity in online financial services. Control transparency uses information over the transaction process to verify and to control the transactions. Outcome feedback, which refers to the specific information about exchange outcomes, provides information over final transaction results. By using these two methods, financial service providers can send signals to involved parties about the robustness of their security mechanisms. These two methods-control transparency and outcome feedback-have been widely used in the IS field to enhance the quality of IS services. In this research, we intend to verify that these two methods can also be used to reduce risks and to increase the security protections in online banking services. The purpose of this paper is to empirically test the effects of the control transparency and the outcome feedback on the risk perceptions in Internet banking services. Our assumption is that these two methods-control transparency and outcome feedback-can reduce perceived risks involved with online financial transactions, while increasing perceived trust over financial service providers. These changes in user attitudes can increase the level of user satisfactions, which may lead to the increased user loyalty as well as users' willingness to pay for the financial transactions. Previous research in IS suggested that the increased level of transparency on the process and the result of transactions can enhance the information quality and decision quality of IS users. Transparency helps IS users to acquire the information needed to control the transaction counterpart and thus to complete transaction successfully. It is also argued that transparency can reduce the perceived transaction risks in IS usage. Many IS researchers also argued that the trust can be generated by the institutional mechanisms. Trusting belief refers to the truster's belief for the trustee to have attributes for being beneficial to the truster. Institution-based trust plays an important role to enhance the probability of achieving a successful outcome. When a transactor regards the conditions crucial for the transaction success, he or she considers the condition providers as trustful, and thus eventually trust the others involved with such condition providers. In this process, transparency helps the transactor complete the transaction successfully. Through the investigation of these studies, we expect that the control transparency and outcome feedback can reduce the risk perception on transaction and enhance the trust with the service provider. Based on a theoretical framework of transparency and institution-based trust, we propose and test a research model by evaluating research hypotheses. We have conducted a laboratory experiment in order to validate our research model. Since the transparency artifact(control transparency and outcome feedback) is not yet adopted in online banking services, the general survey method could not be employed to verify our research model. We collected data from 138 experiment subjects who had experiences with online banking services. PLS is used to analyze the experiment data. The measurement model confirms that our data set has appropriate convergent and discriminant validity. The results of testing the structural model indicate that control transparency significantly enhances the trust and significantly reduces the risk perception of online banking users. The result also suggested that the outcome feedback significantly enhances the trust of users. We have found that the reduced risk and the increased trust level significantly improve the level of service satisfaction. The increased satisfaction finally leads to the increased loyalty and willingness to pay for the financial services.