ChanHo Shin
ChanHo Shin
Still in military service (~25.5.31)

I served as a captain in the ROK Army for seven years, working in information security with AI.
I spent the first five years as a security researcher at the Agency for Defense Development (ADD), where I researched the application of deep learning in the field of cybersecurity. The next two years were spent at ROK Cyber Operations Command, where I contributed to military security by researching and analyzing operational applications which I was skilled at.
I earned a Master’s degree in Information Security at Korea University under the supervision of Seong-Jun Oh. My master’s thesis focused on Learning with noisy labels through data sampling.

Major News

  • 2024.11.29 Our team won the excellence prize(Chief of Staff, R.O.K Air Force) at MAICON(Military AI CONtest) 2024.
  • 2024.11.7 Out team won the 2nd prize at FSI(Financial Security Institute) AIxData Challenge 2024.
  • 2024.8.23 I received an M.S. degree at Korea University.
  • June 2024 Co-TES has been accepted to Pattern Recognition Letters.
  • September 2023 “Exploiting TTP Co-Occurrence via GloVe-Based Embedding With MITRE ATT&CK Framework” has been accepted to IEEE Access.

Education

  • 2020.3 ~ 2024.8 M.S. degree in Information Security, Korea University, Seoul, Republic of Korea
  • 2014.3 ~ 2018.2 B.Eng. in Cyber Defense, Korea University, Seoul, Republic of Korea
    • Cybersecurity Circle CyKor (2015~2017)
  • 2012.3 ~ 2014.2 Incheon Science High School, Incheon, Republic of Korea
    • Majored in Chemistry / Mathematics

Experience

Work and Research Experience

  • 2023.8 ~ 2025.5 Security Engineer/Team Leader, ROK Cyber Operations Command (ROK C.O.C.), Republic of Korea
    • Network log analysis and program development using AI and statistics
    • Others: Confidential
  • 2018.7 ~ 2023.8 Cybersecurity Researcher, Agency for Defense Development (ADD), Seoul, Republic of Korea
    • 2020.11 ~ 2023.7 Techniques to disrupt nation-sponsored cyberattacks’ goals
      • In charge of APT attack classification and goal prediction.
      • Also code integration manager within team.
      • Published 2 international papers([J1], [J2]) and two patents([p2], [p3]).
    • 2018.11 ~ 2020.10 Techniques to improve fuzzing performance with deep learning
      • In charge of seed scheduling algorithms.
      • Also code integration manager within team.
      • Published one patent([p1]) and reported five CVEs.

Other Experiences

  • CCDCOE LockedShields 2024 Blue Team (2024.4)
    • Member of system hardening and dev team.
    • Linux system hardening, Window system hardening, Automation with Ansible/Fabric
  • Next-generation security leader training program “Best of the Best” (2016.07 ~ 2017.01)
    • Vulnerability detection track

Honors and Awards

  • 2024.11.29 Excellence prize(Chief of Staff, R.O.K Air Force) at MAICON(Military AI CONtest) 2024.
  • 2024.11.20 Major General’s Commendation at ROK Cyber Operations Command (ROK C.O.C.) for Cyber Operation.
  • 2024.11.7 2nd prize at FSI(Financial Security Institute) AIxData Challenge 2024.
  • 2014.3 ~ 2018.2 Full Tuition Scholarship (Korea University)
    from Ministry of National Defense, Republic of Korea

CVE

  • CVE-2020-24240 (ADD, Seoul National University)

    GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a ‘\0’ byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself,not that a crash may occur in code that is generated by Bison.

  • CVE-2020-24241 (ADD, Seoul National University)

    In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.

  • CVE-2020-24242 (ADD, Seoul National University)

    In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.

  • CVE-2020-24977 (ADD, Seoul National University)

    GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  • CVE-2020-24978 (ADD, Seoul National University)

    In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c.

  • Reject CVE-2020-24979 (ADD, Seoul National University)
  • Reject CVE-2020-24980 (ADD, Seoul National University)

Publications

International Journals and Conferences

  • [J3] Co–TES: Learning noisy labels with a Co-Teaching Exchange Student method
    Chanho shin and Seong-jun Oh
    Pattern Recognition Letters
  • [J2] Exploiting TTP Co-Occurrence via GloVe-Based Embedding With MITRE ATT&CK Framework
    Chanho shin, Insup Lee, and Changhee Choi
    IEEE Access 2023
  • [J1] Performance evaluation method of cyber attack behaviour forecasting based on mitigation
    Changhee Choi, Sunguk Shin, and Chanho Shin
    The 12th international conference on ICT convergence (2021 ICTC)

Patent

  • [P3] Method for training attack prediction model and device therefor
    Changhee Choi, Chanho Shin, Sunguk Shin, Seongyeon Seo, and Insup Lee
    U.S. Patent Number. US20230308462A1, September 28th, 2023. [link]
  • [P2] METHOD FOR TRAINING ATTACK PREDICTION MODEL AND DEVICE THEREFOR
    Changhee Choi, Chanho Shin, Sunguk Shin, Seongyeon Seo, and Insup Lee
    Republic of Korea. Patent Number. 10-2022-0037634, March 25th, 2023.
  • [P1] Method And Apparatus For Scheduling Seed File In Fuzzing
    Pilkeun Park, Chanho Shin, Seounghun Jeong, and Taein Kang
    Republic of Korea. Patent Number. 10-2020-0102581, January 14th, 2022. [link]

Domestic Journals and Conferences

  • Insup Lee, Chanho Shin, and Changhee Choi, “Mutating Cyber Camapaign With TTP Word Replacement,” in Proc. of the KIMST Annual Conference, Jun. 2023.
  • Chanho Shin, Insup Lee, and Changhee Choi, “Towards GloVe-Based TTP Embedding With ATT&CK Framework,” in Proc. of the KIMST Annual Conference, Jun. 2023.
  • Changhee Choi, Insup Lee, Chanho Shin, and Sungho Lee, “Cyber Threat Campaign Analysis Based on PEGASUS and RoBERTa Model,” in Proc. of the KIMST Annual Conference, Jun. 2023.
  • Insup Lee, Chanho Shin, Sunguk Shin, Seongyeon Seo, and Changhee Choi, “Analyzing Cyberattack Campaign Similarity via TTP Sequence Embedding,” in Proc. of the KIMST Annual Conference, Jun. 2022.
  • Sunguk Shin, Insup Lee, Chanho Shin, Seongyeon Seo, and Changhee Choi, “Cyber Campaign Analysis With TTP Embedding Using TF-IDF,” in Proc. of the KIMST Annual Conference, Jun. 2022.
  • Chanho Shin, Sunguk Shin, Insup Lee, Seongyeon Seo, and Changhee Choi, “Classifying TTP Based on CIA Labeling,” in Proc. of the KIMST Annual Conference, Jun. 2022.
  • Changhee Choi, Chanho Shin, Sunguk Shin, Seongyeon Seo, and Insup Lee, “Cyber Attack Group Classification Using Siamese LSTM,” in Proc. of the KIMST Annual Conference, Jun. 2022.
  • Chan Ho Shin and Changhee Choi, “Cyberattack Goal Classification Based on MITRE ATT&CK: CIA Labeling”, Journal of Internet Computing and Services, Dec. 2022.
  • Changhee Choi, Chanho Shin, and Sunguk Shin, “Cyber attack group classification based on MITRE ATT&CK model”, Journal of Internet Computing and Services, Dec. 2022.
  • Sungyoung Cho, Yongwoo Park, Kunho Lee, Changhee Choi, Chanho Shin, and Kyeongsik Lee, “An APT Attack Scoring Method Using MITRE ATT&CK”, Journal of The Korea Institute of Information Security and Cryptology, Aug. 2022.
  • Chanho Shin, Sunguk Shin, and Changhee Choi, “Classifying the goal of cyber attack based on CIA labeling”, Korean Society for Internet Information Spring Conference, Apr. 2022.
  • Sunguk Shin, Chanho Shin, and Changhee Choi, “Cyber threat country classification with attack technique embedding”, Korean Society for Internet Information Spring Conference, Apr. 2022.
  • Changhee Choi, Chanho Shin, and Sunguk Shin, “Cyber attack group classification based on TTP Information”, Korean Society for Internet Information Spring Conference, Apr. 2022.
  • Chanho Shin, Sunguk Shin, Seongyeon Seo, Insup Lee, and Changhee Choi, “Embedding and Training RNN to Estimating the Goal of Cyber Attack,” in Proc. of the KIMST Fall Conference, Nov. 2021.
  • Sunguk Shin, Chanho Shin, Seongyeon Seo, Insup Lee, and Changhee Choi, “The Proposed Approach for Country Prediction With TTP-based Cyber Data Using GCN,” in Proc. of the KIMST Fall Conference, Nov. 2021.
  • Changhee Choi, Chanho Shin, Sunguk Shin, Seongyeon Seo, and Insup Lee, “Deep Learning for Estimating Next Action of Cyber Attack,” in Proc. of the KIMST Fall Conference, Nov. 2021.
  • Chan Ho Shin, “Analysis of Research Trends on Fuzzing Seeds Files”, Korean Institute of Information Scientists and Engineers, Dec. 2019.

Skills

  • Programming / CS python, C, AI/ML, fuzzing
  • Language Korean, English, Japanese

Last Update: December 2024