• Journal of Internet Computing and Services
• /
• 제6권1호
• /
• pp.1-12
• /
• 2005

Recently, the patterns of cyber attack through internet have been various and have become more complicated and thus it is difficult to detect a network intruder effectively and to response the intrusion quickly. Therefore, It is almost not possible to chase the real location of a network intruder and to isolate the Intruder from network in UDP based DoS or DDoS attacks spoofing source IP address and in TCP based detour connection attacks. In this paper, we propose active security architecture on active network to correspond to various cyber attacks promptly. Security management framework is designed using active technology, and security control mechanism to chase and isolate a network intruder is implemented. We also test the operation of the active security mechanism implemented on test_bed according to several attack scenarios and analyze the experiment results.

• Review of KIISC
• /
• 제22권8호
• /
• pp.26-30
• /
• 2012

인터넷전화(VoIP)는 기존 인터넷망을 이용하여 통화내용을 전달한다. 따라서 일반적인 인터넷서비스가 가지고 있는 취약점을 동일하게 가지고 있다. 또한, 기존 유선전화(PSTN)와 달리 물리적인 접근 없이 원격에서 해킹을 통한 도청이 가능하며, 반국가 집단에 의한 사이버테러 감행 시 기관의 업무전산망과 전화망이 동시에 마비될 가능성이 있다. 본 논문에서는 인터넷전화 보안 위협 중에서 호 가로채기, 통화내용 도청, 서비스 오용에 대한 모의해킹을 한다. 또한 모의해킹 시나리오를 작성하고, 인터넷전화 시험센터에서 모의해킹을 통하여 발견된 취약점을 연구한다. 발견된 인터넷전화 취약점에 대한 공격방어 방안을 제시한다.

• Review of KIISC
• /
• 제15권1호
• /
• pp.41-49
• /
• 2005

정보화에 대한 의존도가 심화됨에 따라 사이버상의 테러는 기업과 국가안보를 위협하는 단계에까지 이르렀으나 아직까지 이를 방어하기 위한 정보보호시스템은 침해사고에 대한 정보가 공유되지 못하고 독립되어 운영되고 있는 실정이다. 이에 기업과 국가는 물론 전세계에서 발생되는 실시간 위협 상황에 대해 조기분석과 대응을 위한 정보공유의 필요성이 무엇보다 강조되고 있다. 본 논문에서는 종합침해사고대응시스템에서 침해사고에 대한 실시간 분석 및 대응을 위한 중요자인인 블랙리스트 DB 구축방법과 관리방안을 제시하였다. 인터넷상에서 광범위하고 지속적인 공격을 시도하는 공격 IP정보를 효율적으로 판별하고 추출한 IP를 실시간으로 자동대응할 수 있는 모델을 제안하였으며 사고 시나리오를 통해 통해 검증하였다.

• The Journal of the Korea institute of electronic communication sciences
• /
• 제8권9호
• /
• pp.1313-1318
• /
• 2013

In order to actively respond to cyber attacks, not only the security systems such as IDS, IPS, and Firewalls, but also ESM, a system that detects cyber attacks by analyzing various log data, are preferably deployed. However, as the attacks be come more elaborate and advanced, existing signature-based detection methods start to face their limitations. In response to that, researches upon symptom detection technology based on attack modeling by employing big-data analysis technology are actively on-going. This symptom detection technology is effective when it can accurately extract features of attacks and manipulate them to successfully execute the attack modeling. We propose the ways to extract attack features which can play a role as the basis of the modeling and detect intelligent threats by carrying out scenario-based modeling.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• 제29권4C호
• /
• pp.441-447
• /
• 2004

Information security simulator is required for the study on the cyber intrusion and defense as information security has been increasingly popular Until now, the main purposes of information security simulation are security estimation of small network as well as performance analysis of information protection systems. However, network simulators that can simulate attacks in a huge network are in needs since large scale internet attacks are very common in these days. In this paper we proposed a simulator design and its implementation details. Our simulator is implemented by expanding the SSFNet program to the client-sewer architecture. A cyber attack scenario used in our simulator is composed by the advanced attack tree model. We analyzed the simulation results to show the correctness of our network defense simulator.

• Journal of the Korea Convergence Society
• /
• 제8권6호
• /
• pp.17-27
• /
• 2017

Recently, as cyber attacks have been activated, many such attacks have come into contact with various media. Research on security engineering and reverse engineering is active, but there is a lack of research that integrates them and applies attack systems through cost effective attack engineering. In this paper, security - enhanced information systems are developed by security engineering and reverse engineering is used to identify vulnerabilities. Using this vulnerability, we compare and analyze lifecycle models that construct or remodel attack system through attack engineering, and specify structure and behavior of each system, and propose more effective modeling. In addition, we extend the existing models and tools to propose graphical attack specification models that specify attack methods and scenarios in terms of models such as functional, static, and dynamic.

• Proceedings of the Korea Information Processing Society Conference
• /
• 한국정보처리학회 2019년도 추계학술발표대회
• /
• pp.401-404
• /
• 2019

최근 국가기반시설 산업제어시스템은 시나리오를 기반으로 시뮬레이션 훈련을 진행한다. 그러나 국내 ICS 보안 기술은 외부 경계 보호에 중점을 둔 시나리오가 대다수였기 때문에 내부에서 발생할 수 있는 시나리오 가이드라인이 상대적으로 부족하고 이를 평가하는 기준 또한 제대로 정의되어 있지 않다. 내부 공격이 증가함에 따라 국내에서도 사회공학적 기법에 초점을 둔 시뮬레이션 훈련을 진행할 필요가 있다. 이에 본 논문은 NEI 08-09 의 운영·관리항목 중 가장 빈번하게 발생하는 위협을 바탕으로 한 시나리오 및 구성요소를 개발하고, 이를 평가할 수 있는 명확한 기준을 제시하여 효과적인 비상대응 훈련을 수행할 수 있도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제30권4호
• /
• pp.745-756
• /
• 2020

An ICS(industrial control system) is a complex system that safely and efficiently monitors and controls industrial processes such as electric power, water treatment, transportation, automation plants and chemical plants. Because successful cyber attacks targeting ICS can lead to casualties or serious economic losses, it becomes a prime target of hacker groups sponsored by national state. Cyber campaigns such as Stuxnet, Industroyer and TRITON are real examples of successful ICS attacks, and were developed based on the deep knowledge of the target ICS. Therefore, for incident investigation of ICSs, inspectors also need knowledge of control processes and accident investigation techniques specialized for ICSs. Because there is no applicable technology, it is especially necessary to develop techniques and tools for embedded controllers located at cyber and physical boundaries. As the first step in this research, we reviewed logging capability of 4 PLC(Programmable Logic Controller)s widely used in an ICS area, and checked whether selected PLCs generate logs that can be used for digital investigation in the proposed cyber attack scenario.

• Journal of Internet Computing and Services
• /
• 제23권5호
• /
• pp.111-126
• /
• 2022

As operations that were only conducted in physical space in the past change to operations that include cyberspace, it is necessary to analyze how cyber attacks affect weapon systems using cyber systems. For this purpose, it would be meaningful to analyze a tool that analyzes the effects of physical weapon systems in connection with cyber. The ROK military has secured and is operating the US JMEM, which contains the results of analyzing the effects of physical weapon systems. JMEM is applied only to conventional weapon systems, so it is impossible to analyze the impact of cyber weapon systems. In this study, based on the previously conducted cyber attack damage assessment framework, a framework for analyzing the impact of cyber attacks on physical missions was presented. To this end, based on the MOE and MOP of physical warfare, a cyber index for the analysis of cyber weapon system effectiveness was calculated. In addition, in conjunction with JMEM, which is used as a weapon system effect manual in physical operations, a framework was designed and tested to determine the mission impact by comparing and analyzing the results of the battle in cyberspace with the effects of physical operations. In order to prove the proposed framework, we analyzed and designed operational scenarios through domestic and foreign military manuals and previous studies, defined assets, and conducted experiments. As a result of the experiment, the larger the decrease in the cyber mission effect value, the greater the effect on physical operations. It can be used to predict the impact of physical operations caused by cyber attacks in various operations, and it will help the battlefield commander to make quick decisions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제11권2호
• /
• pp.13-26
• /
• 2001

This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.