• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.465-479
• /
• 2020

Regardless of the domestic and foreign governments/companies, SOC (Security Operation Center) has operated 24 hours a day for the entire year to ensure the security for their IT infrastructures. However, almost all SOCs have a critical limitation by nature, caused from heavily depending on the manual analysis of human agents with the text-based monitoring architecture. Even though, in order to overcome the drawback, technologies for a comprehensive visualization against complex cyber threats have been studying, most of them are inappropriate for the security monitoring in large-scale networks. In this paper, to solve the problem, we propose a novel visual approach for intuitive threats monitoring b detecting suspicious IP address, which is an ultimate challenge in cyber security monitoring. The approach particularly makes it possible to detect, trace and analysis of suspicious IPs statistically in real-time manner. As a result, the system implemented by the proposed method is suitably applied and utilized to the real-would environment. Moreover, the usability of the approach is verified by successful detecting and analyzing various attack IPs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.827-839
• /
• 2012

A cell phone is very close to the user and therefore should be considered in digital forensic investigation. Recently, the proportion of smartphone owners is increasing dramatically. Unlike the feature phone, users can utilize various mobile application in smartphone because it has high-performance operating system (e.g., Android, iOS). As acquisition and analysis of user data in smartphone are more important in digital forensic purposes, smartphone forensics has been studied actively. There are two way to do smartphone forensics. The first way is to extract user's data using the backup and debugging function of smartphones. The second way is to get root permission, and acquire the image of flash memory. And then, it is possible to reconstruct the filesystem, such as YAFFS, EXT, RFS, HFS+ and analyze it. However, this methods are not suitable to recovery and analyze deleted data from smartphones. This paper introduces analysis techniques for fragmented flash memory pages in smartphones. Especially, this paper demonstrates analysis techniques on the image that reconstruction of filesystem is impossible because the spare area of flash memory pages does not exist and the pages in unallocated area of filesystem.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.39-45
• /
• 2011

Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.

• Journal of Communications and Networks
• /
• v.15 no.2
• /
• pp.153-163
• /
• 2013

In recent years, more and more researches have been focusing on trust management of vehicle ad-hoc networks (VANETs) for improving the safety of vehicles. However, in these researches, little attention has been paid to the location privacy due to the natural conflict between trust and anonymity, which is the basic protection of privacy. Although traffic safety remains the most crucial issue in VANETs, location privacy can be just as important for drivers, and neither can be ignored. In this paper, we propose a beacon-based trust management system, called BTM, that aims to thwart internal attackers from sending false messages in privacy-enhanced VANETs. To evaluate the reliability and performance of the proposed system, we conducted a set of simulations under alteration attacks, bogus message attacks, and message suppression attacks. The simulation results show that the proposed system is highly resilient to adversarial attacks, whether it is under a fixed silent period or random silent period location privacy-enhancement scheme.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.145-151
• /
• 2018

While commercialization of IoT technologies in the safety management sector is being promoted in terms of industrial safety of large indoor businesses, implementing a system for risk management of small outdoor work sites with frequent site movements is not actively implemented. In this paper, we propose an efficient dynamic workload balancing strategy which combined low-power, wide-bandwidth (LPWA) communication and low-power Bluetooth (BLE) communication technologies to support customized risk management alarm systems for each individual (driver/operator/manager). This study was designed to enable long-term low-power collection and transmission of traffic information in outdoor environment, as well as to implement an integrated real-time safety management system that notifies a whole field worker who does not carry a separate smart device in advance. Performance assessments of the system, including risk alerts to drivers and workers via Bluetooth communication, the speed at which critical text messages are received, and the operation of warning/lighting lamps are all well suited to field application.

• Journal of the Semiconductor & Display Technology
• /
• v.20 no.3
• /
• pp.172-177
• /
• 2021

The HUD (Head-up Display) device for vehicles has gradually been advanced in connection with ADAS (Advanced Driver Assistant System) for the safety and the convenience of driving. In this paper, the major features (e.g. speed, RPM, etc.) of vehicles is received through the ECU and the route information is received through the navigating API, configurating the integrated GUI. And, the optical system is configured based on DLP (Digital Light Processing) to evaluate the visibility depending on the resolution change of the GUI. The IoT HUD system proposed in this paper has the scalability to flexibly add not only the ECU but also various cloud-based driving-related information.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.55-62
• /
• 2004

The computer security is considered important due to the side effect generated from the expansion of computer network and rapid increase of the use of internet. Therefore, Intrusion detection system has been an active research area to reduce the risk from intruders. A number of advantages of using mobile agent computing paradigms have been Proposed. These advantages include : overcoming network latency, reducing network load, executing asynchronously and autonomously, adapting dynamically, and operating in heterogeneous environments. Many information security models have been proposed to mitigate agent-to-agent. agent-to-platform, and platform-to-agent element risks . In these paper, We have an object which is that through intrusion detection system development, the mobile agent is managed and through the analysis of performance data. the best environment is served.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.641-653
• /
• 2013

Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.75-86
• /
• 2020

With the recent advancement of malware, the actors performing malicious tasks are often not processes. Malicious code injected into the process that is installed by default in the operating system works thread by thread in the same way as DLL / code injection. In this case, diagnosing and blocking the process as malicious can cause serious problems with system operation. This white paper lists the problems of how to use process-based monitoring information to identify and block the malicious state of a process and presents an improved solution.

• Journal of the Korea Computer Industry Society
• /
• v.6 no.3
• /
• pp.457-464
• /
• 2005

Internet becomes absolutely necessary tools due to rapid progress of information technology. Educational correspondence abount an age of information demand is a education focused on a learner and remote education based on information technology. Internal and external standardization working is accelerated and recently XML security studies are activated using XML which is next generation web standard document format. But using these are main contents that users have to pay about Certification service to get CA certificate from 2004 me. This paper propose multiplex Certification remote education agent system using XML digital signature to satisfy security requirement.