• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.153-163
• /
• 2024

Despite the increasing hacking threats and security threats as IT technology advances and many companies adopt security solutions, cyberattacks and threats still persist for years. APT attack is a technique of selecting a specific target and continuing to attack. The threat of an APT attack uses all possible means through the electronic network to perform APT for years. Zero-day attacks, malicious code distribution, and social engineering techniques are performed, and some of them directly invade companies. These techniques have been in effect since 2000, and are similarly used in voice phishing, especially for social engineering techniques. Therefore, it is necessary to study countermeasures against APT attacks. This study analyzes the attack cases of Korean-based APT groups in Korea and suggests the correct method of using intelligence to analyze APT attack groups.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.577-586
• /
• 2024

As new technologies are developed, new security threats such as the emergence of AI technologies that create ransomware are also increasing. New security equipment such as XDR has been developed to cope with these security threats, but when using various security equipment together rather than a single security equipment environment, there is a difficulty in creating numerous regular expressions for identifying and classifying essential data. To solve this problem, this paper proposes a method of identifying essential information for identifying threat information by introducing artificial intelligence-based entity name recognition technology in various security equipment usage environments. After analyzing the security equipment log data to select essential information, the storage format of information and the tag list for utilizing artificial intelligence were defined, and the method of identifying and extracting essential data is proposed through entity name recognition technology using artificial intelligence. As a result of various security equipment log data and 23 tag-based entity name recognition tests, the weight average of f1-score for each tag is 0.44 for Bi-LSTM-CRF and 0.99 for BERT-CRF. In the future, we plan to study the process of integrating the regular expression-based threat information identification and extraction method and artificial intelligence-based threat information and apply the process based on new data.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.19-27
• /
• 2022

With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.

• Annual Conference of KIPS
• /
• 2019.10a
• /
• pp.420-423
• /
• 2019

최근 국내에서 발생되고 있는 사이버 공격들의 대부분은 기존 보안장비로 탐지가 어려운 지능형 공격으로 2017년 한 해 동안 발생한 사이버 공격의 경제적 피해액은 약 77조원에 달하고 있다. 또한 이러한 공격을 탐지하는데 평균 145일 정도가 소요되고 있으며 국내 기업 중 약 70% 가량은 사이버 공격을 적극적으로 대응하고 있지 않다. 이러한 공격들은 대부분 과거에 발생한 공격의 변형이거나, 특정 공격 집단이 수행하는 유사/변종 공격들이다. 이러한 사이버 공격을 사전에 탐지하거나 이미 발생된 공격의 변형된 공격을 신속하게 탐지하기 위해서 본 논문에서는 기존 사이버 공격에 사용된 다양한 정보들을 능동적으로 수집하여, 이들 간의 연관성을 분석하고, 실시간으로 유입되는 공격 의심정보와 비교분석하는 기술을 제시한다.

• Journal of Internet Computing and Services
• /
• v.13 no.5
• /
• pp.21-31
• /
• 2012

Threat Evaluation(TE) which has air intelligence attained by identifying friend or foe evaluates the target's threat degree, so it provides information to Weapon Assignment(WA) step. Most of TE data are passed by sensor measured values, but existing techniques(fuzzy, bayesian network, and so on) have many weaknesses that erroneous linkages and missing data may fall into confusion in decision making. Therefore we need to efficient Threat Evaluation system that can refine various sensor data's linkages and calculate reliable threat values under unpredictable war situations. In this paper, we suggest new threat evaluation system based on information fusion JDL model, and it is principle that combine fuzzy which is favorable to refine ambiguous relationships with bayesian network useful to inference battled situation having insufficient evidence and to use learning algorithm. Finally, the system's performance by getting threat evaluation on an air defense scenario is presented.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.233-240
• /
• 2019

In order to predict and respond to cyber attacks, a number of security companies quickly identify the methods, types and characteristics of attack techniques and are publishing Security Intelligence Reports(SIRs) on them. However, the SIRs distributed by each company are huge and unstructured. In this paper, we propose a framework that uses five analytic techniques to formulate a report and extract key information in order to reduce the time required to extract information on large unstructured SIRs efficiently. Since the SIRs data do not have the correct answer label, we propose four analysis techniques, Keyword Extraction, Topic Modeling, Summarization, and Document Similarity, through Unsupervised Learning. Finally, has built the data to extract threat information from SIRs, analysis applies to the Named Entity Recognition (NER) technology to recognize the words belonging to the IP, Domain/URL, Hash, Malware and determine if the word belongs to which type We propose a framework that applies a total of five analysis techniques, including technology.

• The Journal of Bigdata
• /
• v.6 no.2
• /
• pp.99-108
• /
• 2021

Recently, unexpected and more advanced cyber medical treat attacks are on the rise. However, in responding to various patterns of cyber medical threat attack, rule-based security methodologies such as physical blocking and replacement of medical devices have the limitations such as lack of the man-power and high cost. As a way to solve the problems, the medical community is also paying attention to artificial intelligence technology that enables security threat detection and prediction by self-learning the past abnormal behaviors. In this study, there has collecting and learning the medical information data from integrated Medical-Information-Systems of the medical center and introduce the research methodology which is to develop the AI-based Net-Working Behavior Adaptive Information data. By doing this study, we will introduce all technological matters of rule-based security programs and discuss strategies to activate artificial intelligence technology in the medical information business with the various restrictions.

• Journal of the Korean Society of Systems Engineering
• /
• v.19 no.2
• /
• pp.126-134
• /
• 2023

Drones are emerging as a new security threat, and the world is working to reduce them. Detection and identification are the most difficult and important parts of the anti-drone systems. Existing detection and identification methods each have their strengths and weaknesses, so complementary operations are required. Detection and identification performance in anti-drone systems can be improved through the use of artificial intelligence. This is because artificial intelligence can quickly analyze differences smaller than humans. There are three ways to utilize artificial intelligence. Through reinforcement learning-based physical control, noise and blur generated when the optical camera tracks the drone may be reduced, and tracking stability may be improved. The latest NeRF algorithm can be used to solve the problem of lack of enemy drone data. It is necessary to build a data network to utilize artificial intelligence. Through this, data can be efficiently collected and managed. In addition, model performance can be improved by regularly generating artificial intelligence learning data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.2966-2986
• /
• 2023

Climate change is a constant threat to human life, and it is important to understand the public perception of this issue. Previous studies examining climate change have been based on limited survey data. In this study, the authors used big data such as news articles and social media data, within which the authors selected specific keywords related to climate change. Using these natural language data, topic modeling was performed for discourse analysis regarding climate change based on various topics. In addition, before applying topic modeling, sentiment analysis was adjusted to discover the differences between discourses on climate change. Through this approach, discourses of positive and negative tendencies were classified. As a result, it was possible to identify the tendency of each document by extracting key words for the classified discourse. This study aims to prove that topic modeling is a useful methodology for exploring discourse on platforms with big data. Moreover, the reliability of the study was increased by performing topic modeling in consideration of objective indicators (i.e., coherence score, perplexity). Theoretically, based on the social amplification of risk framework (SARF), this study demonstrates that the diffusion of the agenda of climate change in public news media leads to personal anxiety and fear on social media.

• Korean Security Journal
• /
• no.36
• /
• pp.227-253
• /
• 2013

The threat of crime became a global issue nowadays. Terrorism, organized crime, crime by nation can be mentioned as typical examples. The crimes in modern society can't be identified to happen when, where and how being different from those traditional crimes(murder, robbery, sexual abuse, arson). This was the result of changed security environment that needs to address wide range of crimes as being indicated sporadic characteristics of modern threat of crime such as terrorism threat targeting unidentified masses as well as the emergence of systemic phenomenon of organized crimes and crime committed by nation. In this regard, the case of 9.11 occurred in 2001 can be deemed as an example that made a dramatic turn around to the security environment. After the terrorism, it provided an opportunity to rethink not only USA but also to the institutions all over the world that deals with crime about gathering, management, utilization of crime intelligence. As a result of which there appeared a change in police activities more effectively in gathering & managing crime information and ILP is the very activity that emerged from the USA/UK countries. This aims police activities to minimize the threat of crime being the system reflecting a framework to manage more directly to control crime by gathering and processing information. In view of the global change of security environment as a common phenomenon, the need to direct to ILP has increased in Korea in line with such security environmental change. Accordingly, this study focused on the method of introduction of ILP and presentation of matters for discussion by reviewing ILP activities of the USA/UK countries.