• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3258-3279
• /
• 2019

Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1018-1025
• /
• 2014

An ROP attack creates gadget sequences which consist of existing code snippets in a program, and hijacks the control flow of a program by chaining and executing gadget sequences consecutively. Existing defense schemes have limitations in that they cause high execution overhead, an increase in the binary size overhead, and a low applicability. In this paper, we solve these problems by introducing zero-sum defender, which is a fast and space-efficient mitigation scheme against ROP attacks. We find a fundamental property of gadget execution in which control flow starts in the middle of a function without a call instruction and ends with a return instruction. So, we exploit this property by monitoring whether the execution is abused by ROP attacks. We achieve a very low runtime overhead with a very small increase in the binary size. In our experimental results, we verified that our defense scheme prevents real world ROP attacks, and we showed that there is only a 2% performance overhead and a 1% binary size increase overhead in several benchmarks.

• Journal of the Korean Society of Hazard Mitigation
• /
• v.8 no.4
• /
• pp.75-79
• /
• 2008

As Information Technology developed, Information requirement has been went higher. In the field of GIS(Geographic Information System) more information is processed more quickly and accurately. Especially, quick analysis of forest fire information (topography, ignition point, weather condition, etc.) over a wide area is essential in order to minimize victim, environmental damage, and economical damage, decide course of evacuating, estimate a fire spread course, and attack resource arrangement. We determined a fire spread distance at each unit time through an experiment with various slope degrees and distinction of flat, upslope and downslope. For the tests on the upslope, as the slope increased, the rate of spread increased. On the downslope in contrast with the upslope, as the slope increased, the rate of spread decreased. We analyzed a spread rate of forest fire on each slope as the method classified upslope(+) and downslope(-) using the results obtained from the experiment. Consequently, the proposed method is able to be used to effectively support the attack of forest fire by providing accurate predictions of fire spread.

• Journal of the Korean Recycled Construction Resources Institute
• /
• v.3 no.4
• /
• pp.301-306
• /
• 2015

For the purpose of developing high performance marine concrete with improved crack resistance and durability, this analytical study aimed to estimate strength, hydration heat characteristics, and chloride attack resistance of concrete with mineral admixture. Ground granulated furnace slag and fly ash were considered for mineral admixture. The replacement of ground granulated furnace slag and fly ash considered in the analysis was in the range of 0~70% and 0~40 %, respectively. The analysis results indicated that both ground granulated furnace slag and fly ash decreased compressive strength, and the effect of adding ground granulated furnace slag on mitigation of hydration heat was limited whereas fly ash had an noticeable influence on it. It was also found that the replacement with ground granulated furnace slag enhanced the chloride attack resistance but fly ash deteriorated the resistance. From the analytical studies, It could be expected that a ternary blended cement composition with proper amount of ground granulated furnace slag and fly ash might be effective to control crack resistance as well as chloride attack resistance of marine concrete.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• Wind and Structures
• /
• v.20 no.2
• /
• pp.327-347
• /
• 2015

This paper investigates the effects of Reynolds number (Re) on the aerodynamic characteristics of a twin-deck bridge. A 1:36 scale sectional model of a twin girder bridge was tested using the Wall of Wind (WOW) open jet wind tunnel facility at Florida International University (FIU). Static tests were performed on the model, instrumented with pressure taps and load cells, at high wind speeds with Re ranging from $1.3{\times}10^6$ to $6.1{\times}10^6$ based on the section width. Results show that the section was almost insensitive to Re when pitched to negative angles of attack. However, mean and fluctuating pressure distributions changed noticeably for zero and positive wind angles of attack while testing at different Re regimes. The pressure results suggested that with the Re increase, a larger separation bubble formed on the bottom surface of the upstream girder accompanied with a narrower wake region. As a result, drag coefficient decreased mildly and negative lift coefficient increased. Flow modification due to the Re increase also helped in distributing forces more equally between the two girders. The bare deck section was found to be prone to vortex shedding with limited dependence on the Re. Based on the observations, vortex mitigation devices attached to the bottom surface were effective in inhibiting vortex shedding, particularly at lower Re regime.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1997.10a
• /
• pp.713-718
• /
• 1997

In the TMI-2 accident, approximately twenty(20) tons of molten core material drained into the lower plenum. Early advanced light water reactor (LWR) designs assumed a lower head failure and incorporated various measures for ex-vessel accident mitigation. However, one of the major findings from the TMI-2 Vessel Investigation Project was that one part of the reactor lower head wall estimated to have attained a temperature of 1100$^{\circ}C$ for about 30 minutes has seemingly experienced a comparatively rapid cooldown with no major threat to the vessel integrity. In this regard, recent empirical and analytical studies have shifted interests to such in-vessel retention designs or strategies as reactor cavity flooding, in-vessel flooding and engineered gap cooling of the vessel Accurate thermohydrodynamic and creep deformation modeling and rupture prediction are the key to the success in developing practically useful in-vessel accident/risk management strategies. As an advanced in-vessel design concept, this work presents the COrium Attack Syndrome Immunization Structures (COASIS) that are being developed as prospective in-vessel retention devices for a next-generation LWR in concert with existing ex-vessel management measures. Both the engineered gap structures in-vessel (COASISI) and ex-vessel (COASISO) are demonstrated to maintain effective heat transfer geometry during molten core debris attack when applied to the Korean Standard Nuclear Power Plant(KSNPP) reactor. The likelihood of lower head creep rupture during a severe accident is found to be significantly suppressed by the COASIS options.

• Nuclear Engineering and Technology
• /
• v.53 no.10
• /
• pp.3319-3326
• /
• 2021

As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

• Electronics and Telecommunications Trends
• /
• v.38 no.5
• /
• pp.71-80
• /
• 2023

With the rapid advancement of the Internet, the use of encrypted traffic has surged in order to protect data during transmission. Simultaneously, network attacks have also begun to leverage encrypted traffic, leading to active research in the field of encrypted traffic analysis to overcome the limitations of traditional detection methods. In this paper, we provide an overview of the encrypted traffic analysis field, covering the analysis process, domains, models, evaluation methods, and research trends. Specifically, it focuses on the research trends in the field of anomaly detection in encrypted network traffic analysis. Furthermore, considerations for model development in encrypted traffic analysis are discussed, including traffic dataset composition, selection of traffic representation methods, creation of analysis models, and mitigation of AI model attacks. In the future, the volume of encrypted network traffic will continue to increase, particularly with a higher proportion of attack traffic utilizing encryption. Research on attack detection in such an environment must be consistently conducted to address these challenges.

• Structural Engineering and Mechanics
• /
• v.84 no.2
• /
• pp.167-180
• /
• 2022

A strategic structure when exposed to direct hit of conventional bomb/projectile are severely damaged because of large amounts of energy released by the impact and penetration of bomb. When massive concrete slabs suffer a direct hit, the energy released during impact and penetration process are able to easily break up large mass of concrete. When over stressed under such impact of bombs, the concrete structure fails showing brittle behavioural nature. This paper is intended to study and suggest the protective measures for structures used for strategic application by adopting a means to dissipate the large quantum of energy released. To quantitatively evaluate the force, displacement and energy in such scenario, a fine numerical model of the proposed layered structure of different combinations was built in ANSYS programme in which tri-nitrotoluene (TNT) explosive was detonated at penetration depth calculated for GP1000 Lbs bomb. The distinct blast mitigation effect of the proposed structure was demonstrated by adopting various layers/barriers created as protective measures for the strategic structure. The calculated result shows that the blast effect on the structure is potentially reduced due to provision of buster slab with sand cushioning provided as protective measure to the main structure. This concept of layered protective measures may be adopted for safeguarding strategic structures such as Domes, Tunnels and Underground Structures.