Digital Library[ Search Result ]
The Classification Model of Fileless Cyber Attacks
GyungMin Lee, ShinWoo Shim, ByoungMo Cho, TaeKyu Kim, KyoungGon Kim
http://doi.org/10.5626/JOK.2020.47.5.454
Since late 2000, state-sponsored and sophisticated cyber-attacks have continued unabated. Also, preparing countermeasures against cyber-attack techniques based on traces are also in development. Cyber attackers use a variety of techniques to veil their attacks from these analyses and countermeasures. In particular, fileless cyber-attacks that do not create a file used for an attack are increasing. Fileless cyber-attacks are difficult to analyze because there are no executable files to analyze from the defender"s perspective. In this paper, we investigate and analyze fileless cyber-attacks and present a model based on the cyber kill chain to classify fileless cyber-attacks. Through this, it is expected to identify and respond to attack types more quickly than when new fileless cyber-attacks occur.
Implementation of Software Source Code Obfuscation Tool for Weapon System Anti-Tampering
Gyuho Lee, Jaegwan Yu, Insung Kim, Taekyu Kim
http://doi.org/10.5626/JOK.2019.46.5.448
The increasing functional complexity and diversity of the weapon systems has reinforced the significance of weapon system software. However, as the range of software functions expands, the insertion of core algorithms and critical data into the weapon system execution binaries, and reverse engineering has facilitated hacking and tampering of such information with malicious intent. In this paper, we propose an obfuscation tool that utilizes obfuscation techniques against source code for the development of weapon system software. In particular, control flow obfuscation techniques were applied to obfuscate core algorithms, and data obfuscation techniques were proposed to conceal important data. In addition, considering the actual performance of the weapon system software, the system was implemented in a user-friendly and flexible structure for selection based on level. The experimental findings confirmed the performance of the techniques used. These source code-based obfuscation techniques can be used to create anti-reverse engineering binary files and to develop anti-tampering platforms for weapon system software in the future.
Collecting Network Field Information using Machine Learning
Kyu Seok Han, Taekyu Kim, Shinwoo Shim, Sung Goo Jun, Jiwon Yoon
http://doi.org/10.5626/JOK.2018.45.10.1096
Recently, various systems based on Internet of Things (IOT) and Information and Communications Technologies(ICT) have been developed. Today, assorted devices are connected to a network, and various operating systems according to devices having different resources and functions have appeared. With the increased need for in hacking security, researches on the vulnerability analysis of the operating system installed on each device and the actual attack technique have been carried out. Accordingly, the type and detailed version of the operating system of the device, Function (API) is emerging as important information in security. Since the control of this information gathering in the cyber warfare is the first stage of the cyber threat, many studies have been conducted on mehods for controlling the network traffic while scanning. In order to bypass this control of the network, information collectors prepare countermeasures to secretly collect port information. In this paper, we deal with a scanning method that can acquire information about opponents through network basic commands which are not important in the network control system.
Efficient Ways of Attack for Network Isolation
Kyu Seok Han, Jiwon Yoon, Taekyu Kim, Young Woo Park, Jungkyu Han
http://doi.org/10.5626/JOK.2018.45.5.489
Many devices and objects have recently been connected to the network using the Internet of Thing technology. In a local area network (LAN) network for small scale, many devices are connected and the complexity of the network topology is greatly increased. Large-scale networks of such small-scale networks are also expanding nationwide. he flow of gathering and spreading data in a concentrated or distributed manner within a large network is being made. This is useful for various industries, financial, telecommunications, military, and power generation facilities in statebased industries use the nationwide Internet network to control and maintain a stream of data that can cope with emergency situations. In a network environment that has such a circumstance, if a critical device (node) or a small range of network (LAN) that is involved in the control, data collection, storage, or data processing is isolated and isolated from the entire network. This paper discusses techniques for isolating critical LANs or Nodes in large networks.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr