• Title, Summary, Keyword: 사이버킬체인

Search Result 10, Processing Time 0.049 seconds

Cyber kill chain strategy for hitting attacker origin (공격 원점지 타격을 위한 사이버 킬체인 전략)

  • Yoo, Jae-won;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.306-309
    • /
    • 2017
  • The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

  • PDF

Cyber kill chain strategy for hitting attacker origin (공격 원점 타격을 위한 사이버 킬체인 전략)

  • Yoo, Jae-won;Park, Dea-woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.11
    • /
    • pp.2199-2205
    • /
    • 2017
  • The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

A Study on the Concept of Social Engineering Cyber Kill Chain for Social Engineering based Cyber Operations (사회공학 사이버작전을 고려한 사회공학 사이버킬체인 개념정립 연구)

  • Shin, Kyuyong;Kim, Kyoung Min;Lee, Jongkwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1247-1258
    • /
    • 2018
  • The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

A Study on the Design and Fabrication of Cyber Watchdog Systems (사이버 감시/정찰 시스템 설계 및 제작 연구)

  • Yeom, Seong-Kyu;Yooun, Hosang;Shin, Dongkyoo;Shin, Dongll
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.314-317
    • /
    • 2017
  • 최근 ICT 기술이 발달함에 따라 전쟁의 양상이 물리적에서 사이버전으로 이동되고 있으며 이미 사이버 공간을 제 5의 전장으로 불리운다. 또한 오랜 기간 동안 단계적으로 준비 과정을 거쳐 공격하는 APT 사례가 증가함에 따라 공격 징후를 사전에 탐지해 선제 대응하는 사이버 킬 체인이라는 방안이 각광받고 있다. 이러한 사이버 킬 체인 중 가장 기초가 되는 감시/정찰을 수행하기 위한 방안을 연구하면서 적의 영역에 침투했다는 가정하에서 정보를 수집하는 프로그램을 설계 및 제작해 보았다.

Cyber KillChain Based Security Policy Utilizing Hash for Internet of Things (해시를 활용한 사이버킬체인 기반의 사물인터넷 보안 정책)

  • Jeong, So-Won;Choi, Yu-Rim;Lee, Il-Gu
    • Journal of Digital Convergence
    • /
    • v.16 no.9
    • /
    • pp.179-185
    • /
    • 2018
  • Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

Cyber Weapon Model for the National Cybersecurity (국가사이버안보를 위한 사이버무기 모델 연구)

  • Bae, Si-Hyun;Park, Dae-Woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.2
    • /
    • pp.223-228
    • /
    • 2019
  • Recently, the United States has been trying to strengthen its cybersecurity by upgrading its position as an Unified Combatant Command that focuses on the Cyber Command in the United States, strengthening operations in cyberspace, and actively responding to cyber threats. Other major powers are also working to strengthen cyber capabilities, and they are working to strengthen their organization and power. The world demands economic power for its own interests rather than its own borders. But Cyber World is a world without borders and no defense. Therefore, a cyber weapon system is necessary for superiority in cyberspace (defense, attack) for national cybersecurity. In this paper, we analyze operational procedures for cyber weapons operation. And we design cyber weapons to analyze and develop the best cyber weapons to lead victory in cyberwarfare. It also conducts cyber weapons research to solve the confrontation between Cyber World.

A Study on the Operation Concept of Cyber Warfare Execution Procedures (사이버전 수행절차 운영개념에 관한 연구)

  • Kim, Sung-Joong;Yoo, JiHoon;Oh, HaengRok;Shin, Dongil;Shin, DongKyoo
    • Journal of Internet Computing and Services
    • /
    • v.21 no.2
    • /
    • pp.73-80
    • /
    • 2020
  • Due to the expansion of cyber space, war patterns are also changing from traditional warfare to cyber warfare. Cyber warfare is the use of computer technology to disrupt the activities of nations and organizations, especially in the defense sector. However, the defense against effective cyber threat environment is inadequate. To complement this, a new cyber warfare operation concept is needed. In this paper, we study the concepts of cyber intelligence surveillance reconnaissance, active defense and response, combat damage assessment, and command control in order to carry out cyber operations effectively. In addition, this paper proposes the concept of cyber warfare operation that can achieve a continuous strategic advantage in cyber battlefield.

Detection of Abnormal Traffic by Pre-Inflow Agent (사전유입 에이전트가 발생하는 이상트래픽 탐지 방안)

  • Cho, Young Min;Kwon, Hun Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1169-1177
    • /
    • 2018
  • Modern society is a period of rapid digital transformation. This digital-centric business proliferation offers convenience and efficiency to businesses and individuals, but cyber threats are increasing. In particular, cyber attacks are becoming more and more intelligent and precise, and various attempts have been made to prevent these attacks from being discovered. Therefore, it is increasingly difficult to respond to such attacks. According to the cyber kill chain concept, the attacker penetrates to achieve the goal in several stages. We aim to detect one of these stages and neutralize the attack. In this paper, we propose a method to detect anomalous traffic caused by an agent attacking an external attacker, assuming that an agent executing a malicious action has been introduced in advance due to various reasons such as a system error or a user's mistake.

Efficient Operation Model for Effective APT Defense (효율적인 APT 대응 시스템 운영 모델)

  • Han, Eun-hye;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.501-519
    • /
    • 2017
  • With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

Analysis of Influencing Factors of Cyber Weapon System Core Technology Realization Period (사이버 무기체계 핵심기술 실현시기의 영향 요인 분석)

  • Lee, Ho-gyun;Lim, Jong-in;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.281-292
    • /
    • 2017
  • It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.