Dong Hwi Lee

A conceptual design of knowledge-based real-time cyber-threat early warning system

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modern information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion in a nationwide scale, and unless effective countermeasures against such attacks are formulated in time, this could develop into a catastrophic condition. As a result, there has been vigorous search to develop a functional state-level cyber-threat early-warning system: however, the efforts have not yielded satisfying results or created plausible alternatives to date due to the insufficiency of the existing system and technical difficulties. The existing cyber-threat forecasting depends on the individual experience and ability of security manager whose decision is based on the limited data collected from ESM and TMS. Consequently, this could result in a disastrous warning failure against a variety of unknown and unpredictable attacks. It is the aim of this paper to offer a conceptual design for “Knowledge-based Real-Time Cyber-Threat Early-Warning System, and promote further researches into the subject.

PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions

Due to further development of the Network and Information Processing Systems, many information accesses may be allowed via a login process. In order to control those accesses, there exist some control instructions within the network traffics. However, it has a weak point that someone can steal a user’s account details and access the information based on the authority that has been given to the user. It looks that the access controls work but the information that is accessed by a user may also be abused. We collected many RBAC traffics that are generated in the RBAC access control system, which is then analysed to find out and formulate any connections to a user’s information access. Using the outcomes from the above, we propose a system in this paper that should be able to detect any user accesses with a high probability of accessing information illegally.

Intelligence report and the analysis against the phishing attack which uses a social engineering technique

The hacking aspect of recent times is changing, the phishing attack which uses a social engineering technique is becoming the threat which is serious in Information Security. It cheats the user and it acquires a password or financial information of the individual and organization. The phishing attack uses the home page which is fabrication and E-mail, and acquires personal information which is sensitive and financial information. This study proposes the establishment of National Fishing Response Center, complement of relation legal system, Critical intelligence distribution channel of individual and enterprise.

A Study on the Information Superiority of Network Centric Warfare for Future Battlefield

Information superiority plays very important role for winning the war. Recent warfield have been shown rapid and precise because of new technology. Technologies such as VoIP, wireless LAN, WiBro, RFID and Bio recognition appear as new technologies for giving and receiving information effectively in our current world, it is believed to take superior position of information to address weaknesses in information transferring and protection for each system and then apply them future battlefield information system. In this study, reviewing future battlefields system that US army goes after and those of Korean army will suggest how to accomplish information superiority for army in future battlefields.

The Study of Response Model & Mechanism Against Windows Kernel Compromises

Malicious codes have been widely documented and detected in information security breach occurrences of Microsoft Windows platform. Legacy information security systems are particularly vulnerable to breaches, due to Window kernel-based malicious codes,that penetrate existing protection and remain undetected. To date there has not been enough quality study into and information sharing about Windows kernel and inner code mechanisms, and this is the corereason for the success of these codes into entering systems and remaining undetected. This paper focus on classification and formalization of type, target and mechanism of various Windows kernel-based attacks, and will present suggestions for effective response methodologies in the categories of ; Kernel memory protection, process & driver protection and File system & registry protection. An effective Windows kernel protection system will be presented through the collection and analysis of Windows kernel and inside mechanisms, and through suggestions for the implementation methodologies of unreleased and new Windows kernel protection skill. Results presented in this paper will explain that the suggested system be highly effective and has more accurate for intrusion detection ratios, then the current legacy security systems (i.e., virus vaccines, and Windows IPS, etc) intrusion detection ratios. So, It is expected that the suggested system provides a good solution to prevent IT infrastructure from complicated and intelligent Windows kernel attacks.

Improvement of evidence collection module using live response technology on a windows system

Recently, A malware (or malicious code) of information leakage type is increasing for leaking personal data, credit information, financial information, etc. Also, this various forms is fast changing. However, a recent trend of an existing windows forensics module for the type of violation is a lack of adaptability. In this paper malware of information leakage type don’t detection with windows forensic analysis tools. So there are improve new evidence collection module using live response technology to identify and respond more quickly technology can offer.

A Study on the Optimal Model for Information Security Management Level

The security threat the individual organization and businesses are facing is mixture of malevolent techniques both in the physical and cyber space, and the targets are expanding in the wide areas, and also the range and level of damage is increasing rapidly and broadly. The preferable way to cope with these threats is to promote positive and continuous activities with consistency, such as policy development, classification of assets, recognition of threatening, countermeasures against the intrusion accident, so that the security level which the organization sets the goal at may accomplished. However, it is difficult to cope with all the threatening situations in reality positively, and there are limitations, such as the shortage of budget and physical infrastructures. In this study, therefore, the optimal model for Information Security Management is suggested, so that the organizations planning to achieve the optimal level of security management may refer to it, and the individual organizations and businesses may back up the support of the decision making about the confronting information protecting strategies and build up and evaluate the continuous and systematic security architecture.

KMFM Realization for Real-Time P2P Messenger IP Trace

Criminals exchange various kinds of important information escaping from polices trace network by using a messenger. In order to cut off malignant crimes increasing and sophisticated daily, this must be cut off by tracing the IP of the messenger in real-time. The analysis method suggested in this thesis finds out the common part among packets after capturing various messenger packets by using the world wide used Wincap3.1 and analyzing in the way of trial-and- error. Here, I realized the real-time KMFM (Kyonggi Messenger Forensic Monitor) which analyzes the extracted information showed on a screen by using the mathematical function so as to extract the necessary parts after extracting the pattern coinciding with the hex value.

Standardization Model and Implementation of Event Type in Real Time Cyber Threats

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. A general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

A stable evidence collection procedure of a volatile data in research

I would like to explain a method how to get important data from a volatile data securely, when we are not available to use network in computer system by incident. The main idea is that the first investigator who collects a volatile data by applying scripts built in USB media should be in crime scene at the time. In according to volatile data, he generates hash value, and gets witness signature. After that, he analyses the volatile data with authentication in forensics system.