• Title, Summary, Keyword: Cyber KillChain

Search Result 12, Processing Time 0.022 seconds

Analysis of Influencing Factors of Cyber Weapon System Core Technology Realization Period (사이버 무기체계 핵심기술 실현시기의 영향 요인 분석)

  • Lee, Ho-gyun;Lim, Jong-in;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.281-292
    • /
    • 2017
  • It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.

Analysis of Threat Model and Requirements in Network-based Moving Target Defense

  • Kang, Koo-Hong;Park, Tae-Keun;Moon, Dae-Sung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.10
    • /
    • pp.83-92
    • /
    • 2017
  • Reconnaissance is performed gathering information from a series of scanning probes where the objective is to identify attributes of target hosts. Network reconnaissance of IP addresses and ports is prerequisite to various cyber attacks. In order to increase the attacker's workload and to break the attack kill chain, a few proactive techniques based on the network-based moving target defense (NMTD) paradigm, referred to as IP address mutation/randomization, have been presented. However, there are no commercial or trial systems deployed in real networks. In this paper, we propose a threat model and the request for requirements for developing NMTD techniques. For this purpose, we first examine the challenging problems in the NMTD mechanisms that were proposed for the legacy TCP/IP network. Secondly, we present a threat model in terms of attacker's intelligence, the intended information scope, and the attacker's location. Lastly, we provide seven basic requirements to develop an NMTD mechanism for the legacy TCP/IP network: 1) end-host address mutation, 2) post tracking, 3) address mutation unit, 4) service transparency, 5) name and address access, 6) adaptive defense, and 7) controller operation. We believe that this paper gives some insight into how to design and implement a new NMTD mechanism that would be deployable in real network.