• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.3
• /
• pp.333-340
• /
• 2019

A combat system performs a given mission enduring various threats. It is important to analyze the reliability of combat systems in order to increase their ability to perform a given mission. Most of studies considered no threat or on threat and didn't analyze all the dependent relationships among the components. In this paper, we analyze the loss probability of the function of the combat system and use it to analyze the reliability. The proposed method is divided into two layers, A lower layer and a upper layer. In lower layer, the failure probability of each components is derived by using FTA to consider various threats. In the upper layer, The loss probability of function is analyzed using the failure probability of the component derived from lower layer and BBN in order to consider the dependent relationships among the components. Using the proposed method, it is possible to analyze considering various threats and the dependency between components.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.1-9
• /
• 2022

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.617-635
• /
• 2021

Internet of Things (IoT) devices connected to the network without appropriate security solutions have become a serious security threat to ICT infrastructure. Moreover, due to the nature of IoT devices, it is difficult to apply currently existing security solutions. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are actually increasing every year. Even though several security solutions are being developed to protect IoT infrastructure, there is a great risk to apply unverified security solutions to real-world environments. Therefore, verification tools to verify the functionality and performance of the developed security solutions are also needed. Furthermore, just as security threats vary, there are several security solution s that defend against them, requiring suitable verification tools based on the characteristics of each security solution. In this paper, we propose an high-speed malware propagation tool that spreads malware at high speed in the IoT infrastructure. Also, we can verify the functionality of the security solution that detect and quickly block attacks spreading in IoT infrastructure by using the high-speed malware propagation tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.267-277
• /
• 2022

Due to the increasing proportion of cloud and remote working environments, various information security incidents are occurring. Insider threats have emerged as a major issue, with cases in which corporate insiders attempting to leak confidential data by accessing it remotely. In response, insider threat detection approaches based on machine learning have been developed. However, existing machine learning methods used to detect insider threats do not take biases and variances into account, which leads to limited performance. In this paper, boosting-type ensemble learning algorithms are applied to verify the performance of malicious insider detection, conduct a close analysis, and even consider the imbalance in datasets to determine the final result. Through experiments, we show that using ensemble learning achieves similar or higher accuracy to other existing malicious insider detection approaches while considering bias-variance tradeoff. The experimental results show that ensemble learning using bagging and boosting methods reached an accuracy of over 98%, which improves malicious insider detection performance by 5.62% compared to the average accuracy of single learning models used.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1273-1300
• /
• 2024

In the complex virtual environment of cyberspace, comprised of digital and communication networks, ensuring the security of information is being recognized as an ongoing challenge. The importance of 'Cyber Situation Awareness (CSA)' is being emphasized in response to this. CSA is understood as a vital capability to identify, understand, and respond to various cyber threats and is positioned at the heart of cyber security strategies from a defensive perspective. Critical industries such as finance, healthcare, manufacturing, telecommunications, transportation, and energy can be subjected to not just economic and societal losses from cyber threats but, in severe cases, national losses. Consequently, the importance of CSA is being accentuated and research activities are being vigorously undertaken. A systematic five-step approach to CSA is introduced against this backdrop, and a deep analysis of recent research trends, techniques, challenges, and future directions since 2019 is provided. The approach encompasses current situation and identification awareness, the impact of attacks and vulnerability assessment, the evolution of situations and tracking of actor behaviors, root cause and forensic analysis, and future scenarios and threat predictions. Through this survey, readers will be deepened in their understanding of the fundamental importance and practical applications of CSA, and their insights into research and applications in this field will be enhanced. This survey is expected to serve as a useful guide and reference for researchers and experts particularly interested in CSA research and applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.5
• /
• pp.507-526
• /
• 2009

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2928-2940
• /
• 2013

Key exposure is a major threat to secure cryptosystems. To mitigate the impact caused by key-compromise attacks, a key-insulated cryptographic mechanism is a better alternative. For securing the large message communication in peer-to-peer networks, in this paper, we propose the first novel identity-based key-insulated encryption (IB-KIE) scheme with message linkages. Our scheme has the properties of unbounded time periods and random-access key-updates. In the proposed scheme, each client can periodically update his private key while the corresponding public one remains unchanged. The essential security assumption of our proposed scheme is based on the well-known bilinear Diffie-Hellman problem (BDHP). To ensure the practical feasibility, we also formally prove that the proposed scheme achieves the security requirement of confidentiality against indistinguishability under adaptive chosen-ciphertext attacks (IND-CCA2) in the random oracle model.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.3
• /
• pp.107-115
• /
• 2002

The rapid progress of wireless LAN technology has prompted new security problems and countermeasures against them. Since the mobility of users and wireless access to the network exasperate potential security threat such as eavesdropping and illegal access, security services for wireless LAN should be provided. In this paper, we define the security model, WEP and AES encrypt/decrypt technologies which are proposed in the IEEE802.11 standard and the IEEE802.11eS draft and propose the Key distribution protocol for the wireless LAN.

• Journal of Korean Society for Atmospheric Environment
• /
• v.32 no.3
• /
• pp.237-247
• /
• 2016

Global climate change is becoming one of the greatest challenges facing humanity. This article proposes a psychological perspective of climate change adaptation. Climate change-related severe adverse weather events may trigger mental health problems, including increased post-traumatic stress disorder (PTSD), depression, anxiety, violence, and even suicide. Forced migration could be considered a coping method for dealing with weather events, but it may also pose a psychological threat. People respond to severe weather events in different ways based on their individual characteristics. Psychological risks from adverse weather events are mediated and moderated by these factors, which are influenced by personal cognition, affect, and motivation. Examinations from a psychological perspective, which have been neglected in the science of climate change thus far, may provide keys to successful adaptation and the prevention of serious psychological problems resulting from the experience of severe weather events. A new prevention strategy has been suggested for coping with climate threats through encouraging attitude change, establishing proactive support systems for vulnerable groups, establishing a PTSD network, and implementing a stress inoculation program.