Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.

Abstract: Disclosed herein are an apparatus and method for transmitting a covert message in wireless communication. The apparatus for transmitting a covert message in wireless communication may be configured to, in a covert message in which a data frame is composed of a Start Frame Delimiter (SFD), a header, a payload, and a Cyclic Redundancy Check (CRC), transmit the SFD of the covert message corresponding to a first sequence number masked with a preset SFD mask length, transmit the header of the covert message corresponding to a second sequence number masked with a preset header mask length, transmit the payload of the covert message corresponding to a third sequence number masked with a preset payload mask length, and transmit the CRC of the covert message corresponding to a fourth sequence number masked with a preset CRC mask length.

Abstract: Disclosed herein are an artificial Intelligence (AI)-based cyber training method. The AI-based cyber training method may include generating a unit attack by training an attack agent based on environment and state information of a cyber range (CR) and a set of attack tools executable on a system, executing the unit attack in the CR, and then determining whether the unit attack has succeeded, and determining whether to perform an attack or a defense based on whether the unit attack has succeeded.

Abstract: Disclosed herein is a method for transmitting information using a monitor brightness change. The method may include generating a transmission data frame structure for transmitting digital information, encoding the bit of the digital information, and converting the encoded bit of the digital information into a wireless signal that is a brightness change signal of blue (B) color, among red, green, and blue (RGB) for configuring colors on a monitor.

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.

Abstract: Disclosed herein are an apparatus and method for detecting a malicious script. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to extract token-type features, each of which corresponds to a lexical unit, and tree-node-type features of an abstract syntax tree from an input script, to train two learning models to respectively learn two pieces of learning data that are generated in consideration of features extracted respectively from the token-type features and the node-type features as having the highest frequency, and to detect whether the script is a malicious script based on the result of ensemble-based malicious script detection performed for the script, which is acquired using an ensemble detection model generated from the two learning models.

Abstract: Disclosed herein is a device equipped with flash memory, which includes memory in which at least one program is recorded and a processor for executing the program. The memory includes flash memory including a data area and a backup area, and the program divides data into two or more segments depending on whether the data can be stored in a single page and stores the same in the data area. The first segment is stored in a page along with a segment number, indicating the sequential position of the divided data, a segment offset, indicating the number of pages between the pages in which the current segment and the next segment are stored, the size of a data file name, the size of the data, and the file name. At least one additional segment may be stored in another page along with the segment number and segment offset thereof.

Abstract: Provided is a module and method for transmitting information using a wireless hidden signal, which is capable of transmitting important information data requiring extreme security using a wireless hidden signal, and allowing the important information to be detected and distinguished by only promised transmitting/receiving parties so that the possibility of the wireless hidden signal being discovered can be minimized and security can be enhanced. The module for transferring information using a wireless hidden signal includes: a hidden formatting unit configured to generate a transmission data frame structure based on data that needs to be wirelessly transmitted; a hidden encoding unit configured to encode the generated transmission data frame structure to generate and output a hidden encoded bit stream; and a hidden modulation unit configured to convert the output hidden encoded bit stream into a wireless signal in a wireless transmission format.

Abstract: Disclosed herein is a method for detecting a covert channel in wireless communication. The method includes setting a wireless communication specification, detecting a covert timing channel, and detecting a covert storage channel.

Abstract: An electronic device includes a peripheral device, a processor, an interrupt controller configured to manage interrupts generated by the peripheral device and the processor on the basis of a register, and a virtualizer, wherein the virtualizer may be configured to virtualize a portion of the processor and a portion of the at least one peripheral device to generate a first partition, generate first interrupt information corresponding to an interrupt usable in the first partition, generate first processor information corresponding to a portion of the processor usable in the first partition, check whether a configuration of the register is related to at least one of the first interrupt information and the first processor information when the register is configured by the first partition, and allow the configuration of the register when the configuration of the register is related to the at least one information.

Abstract: Disclosed herein are an apparatus and method for inferring a cyberattack path based on attention. The apparatus includes memory in which at least one program is recorded and a processor for executing the program. The program generates test data required for generating an intelligent attack graph and generates an attack graph based on an intelligent attack path prediction model.

Abstract: Disclosed herein are an apparatus and method for verifying the integrity of a hardware board. The apparatus includes one or more processors and execution memory for storing at least one program that is executed by the processors, wherein the program is configured to compare images of components arranged on a verification target board and a source board in a first image, obtained by photographing the verification target board, and in a second image prestored for the source board, as to whether images of the components are identical to each other, and compare first firmware extracted from the verification target board with second firmware of the source board, as to whether first firmware is identical to second firmware and verify integrity of the verification target board based on whether the images are identical to each other and on whether the pieces of firmware are identical to each other.

Abstract: Disclosed herein are an apparatus and method for detecting violation of control flow integrity. The apparatus includes memory for storing a program and a processor for executing the program, wherein the processor multiple branch identifier registers to which identifiers of branch targets are written, a set branch identifier instruction configured to command an identifier of a branch target to be written to a branch identifier register at a predetermined sequence number, among the multiple branch identifier registers, and a check branch identifier instruction configured to command a signal indicating detection of a control flow hijacking attack to be issued based on whether a value written to the branch identifier register at the predetermined sequence number is identical to a value of an identifier of a branch target at the predetermined sequence number, wherein the program detects whether a control flow is hijacked based on the multiple branch identifier registers.

Abstract: Disclosed herein are a network environment synchronization apparatus and method. The network environment synchronization apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect data from a network environment and generate a management structure in which collected data is distributed into preset respective group units, generate data discriminators for respective group units using a preset hash function, determine whether data of the management structure has changed with reference to data newly collected from the network environment based on the data discriminators, and when it is determined whether data of the management structure has changed, update the data of the management structure with the newly collected data.

Abstract: Disclosed herein is a device equipped with flash memory, which includes memory in which at least one program is recorded and a processor for executing the program. The memory includes flash memory including a data area and a backup area, and the program divides data into two or more segments depending on whether the data can be stored in a single page and stores the same in the data area. The first segment is stored in a page along with a segment number, indicating the sequential position of the divided data, a segment offset, indicating the number of pages between the pages in which the current segment and the next segment are stored, the size of a data file name, the size of the data, and the file name. At least one additional segment may be stored in another page along with the segment number and segment offset thereof.

Abstract: Disclosed herein are an apparatus and method for authenticating an IoT device. The method, performed by the IoT device authentication apparatus, includes transmitting, by the IoT device authentication apparatus, a random number to the IoT device and encrypting, by the IoT device authentication apparatus, the random number using a previously registered first white-box cryptography value through a white-box cryptography method; generating, by the IoT device, a first device response value from a previously registered first device challenge value using a Physical Unclonable Function (PUF) and encrypting, by the IoT device, the random number, received from the IoT device authentication apparatus, using the first device response value; and performing, by the IoT device authentication apparatus, authentication of the IoT device by checking whether the random number encrypted using the white-box cryptography method matches the random number encrypted using the PUF, which is received from the IoT device.

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.

Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.

Abstract: Disclosed herein are an apparatus and method for device authentication. The method for device authentication based on a certificate using a PUF, performed by an apparatus for device authentication based on a certificate using a PUF, includes acquiring previously stored first Challenge-Response-Pair (CRP) information corresponding to identification information received from a device that requests authentication and generating a certificate including a public key generated using the first CRP information; transmitting a message in which the certificate encrypted using the first response value of the first CRP information as a server secret key and the first challenge value of the first CRP information are included to the device; and authenticating the device by verifying an encrypted signature message received from the device through a secure channel.

Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.