• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.125-136
• /
• 2011

The vulnerabilities existed in Korean electricity control systems is unexposed because it is being operated in a closed network with superior security. The threat will become greater once the closed network develops into a smart grid environment with superior intelligence. Security will have a greater impact once each household will be connected to the power plant via the smart meter. This research focuses on stable data transfer in harsh external environment and whole-nation coverage network, and suggested standardized and optimized Virtual Private Network (VPN) Gateway architecture to support Power Line Communication (PLC). The functionality and stability of the prototype has been verified with field tests. For implementation of outdoor type VPN device for smart grid, we adopted PLC low voltage remote-meter-net for data communication. Also, IPSec type tunneling and ARIA algorithm based encryption of data collected by PLC low voltage remote meter is transmitted.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.9-19
• /
• 2022

As the expansion of digital transformation, we are more exposed to the threat of cyber attacks, and many institution or company is operating a signature-based intrusion prevention system at the forefront of the network to prevent the inflow of attacks. However, in order to provide appropriate services to the related ICT system, strict blocking rules cannot be applied, causing many false events and lowering operational efficiency. Therefore, many research projects using artificial intelligence are being performed to improve attack detection accuracy. Most researches were performed using a specific research data set which cannot be seen in real network, so it was impossible to use in the actual system. In this paper, we propose a technique for classifying major attack keywords in the security event log collected from the actual system, assigning a weight to each key keyword, and then performing a similarity check using TF-IDF to determine whether an actual attack has occurred.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.167-176
• /
• 2024

Chatbot services are used in various fields in connection with AI services. Security research on AI is also in its infancy, but research on practical security in the service implementation stage using it is more insufficient. This paper analyzes the security requirements for chatbot services linked to AI services. First, the paper analyzes the recently published papers and articles on AI security. A general implementation model is established by investigating chatbot services provided in the market. The implementation model includes five components including a chatbot management system and an AI engine Based on the established model, the protection assets and threats specialized in Chatbot services are summarized. Threats are organized around threats specialized in chatbot services through a survey of chatbot service managers in operation. Ten major threats were drawn. It derived the necessary security areas to cope with the organized threats and analyzed the necessary security requirements for each area. This will be used as a security evaluation criterion in the process of reviewing and improving the security level of chatbot service.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.8
• /
• pp.53-58
• /
• 2024

Traffic accidents are not only a threat to human lives but also pose significant societal costs. Recently, research has been conducted to address the issue of traffic accidents by predicting the risk using deep learning technology and spatiotemporal information of roads. However, while traffic accidents are influenced not only by the spatiotemporal information of roads but also by human factors, research on the latter has been relatively less active. This paper analyzes driver groups and characteristics by applying clustering techniques to a traffic accident dataset and proposes and applies a method to calculate the Risk Level for each driver group and characteristic. In this process, the preprocessing technique suggested in this paper demonstrates a higher Silhouette Score of 0.255 compared to the commonly used One-Hot Embedding & Min-Max Scaling techniques, indicating its suitability as a preprocessing method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.875-884
• /
• 2024

The proliferation of IoT networks has led to an increase in cyber attacks, highlighting the importance of Network Intrusion Detection Systems (NIDS). To overcome the limitations of traditional NIDS and cope with more sophisticated cyber attacks, there is a trend towards integrating artificial intelligence models into NIDS. However, AI-based NIDS are vulnerable to adversarial attacks, which exploit the weaknesses of algorithm. Model Type Inference Attack is one of the types of attacks that infer information inside the model. This paper proposes an optimized framework for Model Type Inference attacks against NIDS models, applying more realistic assumptions. The proposed method successfully trained an attack model to infer the type of NIDS models with an accuracy of approximately 0.92, presenting a new security threat to AI-based NIDS and emphasizing the importance of developing defence method against such attacks.

• Strategy21
• /
• s.34
• /
• pp.58-92
• /
• 2014

Even after S. Korea took 5.24 Measure(24 May 2014), N. Korea has not stopped raising provocations such as the shelling of Yeonpyeong Island, electronic and cyber attacks. To make matters worse, the communist country lunched long-range missiles(twice) and conducted 3rd nuclear test, escalating tensions which could possibly lead to an all-out war. Korean Government failed to respond properly. However, escalation into an all-out war was deterred by the CFC immediately carrying out its peacetime duty(CODA). The US made a rapid dispatch of its augmentation forces(Aircraft carrier, nuclear-powered submarine, strategic bomber, F-22) to the Korean Peninsula. In recognition of the importance of the Combined Forces Command, since May 2013 the Park Geun-Hye Administration has been pushing ahead with re-postponement of Wartime Operational Control Transfer(which initially meant the disassembling of the CFC as of 1 December 2015) More recently, there has been a series of unusual indicators from the North. Judging from its inventory of 20 nuclear weapons, 1,000 ballistic missiles and biochemical weapons, it is safe to say that N. Korea has gained at least war deterrence against S. Korea. Normally a nation with nuclear weapons shrink its size of conventional forces, but the North is pursuing the opposite, rather increasing them. In addition, there was a change of war plan by N. Korea in 2010, changing 'Conquering the Korean Peninsula' to 'Negotiation after the seizure of the Greater Seoul Metropolitan Area(GSMA)' and establishing detailed plans for wartime projects. The change reflects the chain reaction in which requests from pro-north groups within the South will lead to the proclamation of war. Kim, Jeong-Un, leader of N. Korean regime, sent threatening messages using words such as 'exercising a nuclear preemptive strike right' and 'burning of Seoul'. Nam, Jae-June, Director of National Intelligence Service, stated that Kim, Jung-Un is throwing big talks, saying communization of the entire Korean Peninsula will come within the time frame of 3 years. Kim, Gwan-Jin, Defense Minister, shared an alarming message that there is a high possibility that the North will raise local provocations or a full-fledged war whenever while putting much emphasis on defense posture. As for the response concept of the Korean Government, it has been decided that 'ROK·US Combined Local Provocation Counter-Measure' will be adopted to act against local provocations from the North. Major provocation types include ▲ violation of the Northern Limit Line(NLL) with mobilization of military ships ▲ artillery provocations on Northwestern Islands ▲ low altitude airborne intrusion ▲ rear infiltration of SOF ▲ local conflicts within the Military Demarcation Line(MDL) ▲ attacking friendly ships by submarines. Counter-measures currently established by the US involves the support from USFK and USFJ. In order to keep the sworn promise, the US is reinforcing both USFK and USFJ. An all-out war situation will be met by 'CFC OPLAN5027' and 'Tailored Expansion Deterrence Forces' with the CFC playing a central role. The US augmentation forces stands at 690,000 troops, some 160 ships, 2,000 aircraft and this comprise 50% of US total forces, which is estimated to be ninefold of Korean forces. The CFC needs to be in center in handling both local provocations and an all-out war situation. However, the combat power of S. Korean conventional forces is approximately around 80% of that of N. Korea, which has been confirmed from comments made by Kim, Gwan-Jin, Defense Minister, during an interpellation session at the National Assembly. This means that S. Korean forces are not much growing. In particular, asymmetric capabilities of the North is posing a serious threat to the South including WMD, cyber warfare forces, SOF, forces targeting 5 Northwestern Islands, sub-surface and amphibious assault forces. The presence of such threats urgently requires immediate complementary efforts. For complementary efforts, the Korean Government should consider ① reinforcement of Korean forces; putting a stoppage to shrinking military, acquisition of adequate defense budget, building a missile defense and military leadership structure validity review, ② implementation of military tasks against the North; disciplinary measures on the sinking of ROKS Cheon-an/shelling of Yeonpyeong Islands, arrangement of inter-Korean military agreements, drawing lessons from studies on the correlation between aid for N. Korea, execution of inter-Korean Summit and provocations from the North, and ③ bolstering the ROK·US alliance; disregarding wartime operational control transfer plan(disassembling of CFC) and creation of a combined division.

• Korean Security Journal
• /
• no.24
• /
• pp.91-123
• /
• 2010

The threat factors available for occurrence given G20 Summit Meeting are expected leader terrorism, hostage terrorism, bomb terrorism, public facilities terrorism, and aircraft terrorism. As for the threat groups, which are expected in Korea, the North Korea, Islam extremist group, and the group such as NGO organization of being opposed to international meeting are regarded as having possibility of causing hazard. Thus, the purpose of this study is to suggest VIP Security-measure plans in the main site in preparation for G20 Summit Meeting. Accordingly, each country in the world is adopting 'the principle of Triple Ring' in common. Thus, it elicited a coping plan by 1st line(inner ring) 2nd line(middle ring) 3rd line(outer ring) based on this principle, and proposed even an opinion together that will need to be reflected in light of policy for the VIP security measures. In conclusion, as for the VIP Security-measure plans in the main site in preparation for G20 Summit Meeting, In the inner ring(safety sector), first, an intercepting measure needs to be devised for a spot of getting into and out of vehicles given the Straight Street. Second, the Walking Formation needs to be reinforced boldly in the exposed area. In the middle ring(security sector), first, the control plan needs to be devised by considering particularity of the main site. Second, there is necessity for adopting the efficient security badge operation plan that is included RFID function within security badge. In the outer ring(aid protective sector), first, there is necessity of preparing for several VIP terrorisms, of collecting information and intelligence, and of reinforcing the information collection system against terrorism under the cooperation with the overseas information agency. Second, the urgent measure training in time of emergency needs to be carried out toward security agent event manpower. Third, to maintain the certain pace in VIP motorcade, the efficient traffic control system needs to be operated. Finally, as for what will need to be reflected in light of policy for VIP security measures, first, there is necessity for allowing VIP residence to be efficiently dispersed to be distributed and controlled. Second, there is necessity for allowing impure element to misjudge or attack to be failed by utilizing diverse deception operations. Third, according to the reorganization in North Korea's Organization of the South Directed Operations, the powerful 'military-support measure' needs to be driven from this G20 Summit Meeting. For this, the necessity was proposed for further reinforcing the front back defense posture under the supervision of the Ministry of National Defense and for positively coping even with detecting and removing poison in preparation for CBR (chemical, biological, and radio-logical) terrorism.

• Korean Security Journal
• /
• no.38
• /
• pp.57-82
• /
• 2014

The purpose of this paper is to introduce the industrial security policies in Germany and to look for the implication for the development of korean industrial security. Due to highly developed economy and industrial technology, Germany has become the main stage for the industrial espionage for a long time. In Germany industrial espionage is classified into two categories; Economy-espionage and Competition-espionage. While economy-espionage is related to the Espionage of foreign intelligence agencies, Competition-espionage means the act of espionage, that is implemented by the private sector. When it comes to economy-espionage, prevention of economy-espionage is the duty of the State, because it threat the national interest. Otherwise, the private sector has to take the responsibility of prevention of competition-espionage. It goes without saying that, the state has to investigate the crime, when espionage happens. But Prevention is more important than investigation in this regard. For the realization of Public-Private-Partnership, the private sector should be the genuine counterpart of the Public through the sharing responsibility of industrial-espionage prevention. Another talking point this paper suggest, is the national ethic in connection with economy-espionage. The State could be not only a actor of espionage prevention, but also a perpetrator. The economy-espionage for the purpose of national interest would not be justified, unless it has nothing to do with national security.

• Korean Security Journal
• /
• no.39
• /
• pp.295-317
• /
• 2014

In advanced country, private investigation system is made up of private security and in domestic, there is growing need constantly to introduce private investigation but it is not passed until now in assembly so a messenger office which is run illegally is growing because of demand by subdividing business areas. That is a proof that both the police and private security don't meet demand of public peace to the public. that's why the police has own businesses like a investigation, traffic, intelligence, crime prevention and private security's business areas are limited like a facilities security, escort security, protection of a person, machine security, special security as the Private Security Act. This study attempts to know structural difference between private security system and private investigation system in case private investigation system becomes one of the private security. on some question, respondents reply like that private security and private investigation is very different(71.2%), different(22.4%), average(6.3%), similar(0.0%), very similar(0.0%). the result seems like respondents recognize private security and private investigation as different businesses. In the result of non-quantity analysis, the differences seem like a business character, expense, business scope, public power, scale of organization, object of threat, legislation. In domestic, effort to legislate private investigation system has undergone difficulty since congressman Ha Soon Bong's motion in 1999 and today, congressman Yoon Jae Ok's All Amendments Private Security Act and congressman Song Young Geun's Private Inveswtigation Act are pending in assembly. This study's result is intended for examining difference in exploration between private security and private investigation and then there is going to propose to the policy in case private investigation system is passed in assembly by amending Private Security Act like congressman Yoon Jea Ok's All Amendment Private Security Act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.