• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2199-2205
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.306-309
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.3
• /
• pp.91-98
• /
• 2021

In most hacking attacks, hackers tend to access target systems in a variety of circumvent connection methods to hide their original IP. Therefore, finding the attacker's IP(Internet Protocol) from the defender's point of view is one of important issue to recognize hackers. If an attacker uses a proxy, original IP can be obtained through a program other than web browser in attacker's computer. Unfortunately, this method has no effect on the connection through VPN(Virtual Private Network), because VPN affects all applications. In an academic domain, various IP traceback methods using network equipments such as routers have been studied, but it is very difficult to be realized due to various problems including standardization and privacy. To overcome this limitation, this paper proposes a practical way to use client's network configuration temporarily until it can detect original IP. The proposed method does not only restrict usage of network, but also does not violate any privacy. We implemented and verified the proposed method in real internet with various VPN tools.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.15-23
• /
• 2021

In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.149-159
• /
• 2008

In this paper, we propose a blind watermarking algorithm of 3d mesh model using spherical parameterization. Spherical parameterization is a useful method which is applicable to 3D data processing. Especially, orthogonal coordinate can not analyse the feature of the vertex coordination of the 3D mesh model, but this is possible to analyse and process. In this paper, the centroid center of the 3D model was set to the origin of the spherical coordinate, the orthogonal coordinate system was transformed to the spherical coordinate system, and then the spherical parameterization was applied. The watermark was embedded via addition/modification of the vertex after the feature analysis of the geometrical information and topological information. This algorithm is robust against to the typical geometrical attacks such as translation, scaling and rotation. It is also robust to the mesh reordering, file format change, mesh simplification, and smoothing. In this case, the this algorithm can extract the watermark information about $90{\sim}98%$ from the attacked model. This means it can be applicable to the game, virtual reality and rapid prototyping fields.

• Journal of the Korea Society for Simulation
• /
• v.33 no.3
• /
• pp.13-26
• /
• 2024

The CBRN(Chemical, Biological, Radiological, and Nuclear) hazard prediction model is a system that supports commanders in making better decisions by creating contamination distribution and damage prediction areas based on the weapons used, terrain, and weather information in the events of biochemical and radiological accidents. NBC_RAMS(Nuclear, Biological and Chemical Reporting And Modeling S/W System) developed by ADD (Agency for Defense Development) is used not only supporting for decision making plan for various military operations and exercises but also for post analyzing CBRN related events. With the NBC_RAMS's core engine, we introduced a CBR hazard assessment scenario analysis system that can generate contaminant distribution prediction results reflecting various CBR scenarios, and described how to apply it in specific purposes in terms of input information, meteorological data, land data with land coverage and DEM, and building data with pologon form. As a practical use case, a technology development case is addressed that tracks the origin location of contaminant source with artificial intelligence and a technology that selects the optimal location of a CBR detection sensor with score data by analyzing large amounts of data generated using the CBRN scenario analysis system. Through this system, it is possible to generate AI-specialized CBRN related to training and analysis data and support planning of operation and exercise by predicting battle field.