• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.71-80
• /
• 2023

Cyberspace has emerged as the fifth domain of warfare, alongside land, sea, air, and space. It has become a crucial focus for offensive and defensive military operations. Governments worldwide have demonstrated their intent to engage in offensive cyber operations within this domain. This paper proposes an innovative offensive cyber kill chain model that integrates the existing defensive strategy, the cyber kill chain model, with the joint air tasking order (ATO) mission execution cycle and joint target processing procedure. By combining physical and cyber operations within a joint framework, this model aims to enhance national cyber operations capabilities at a strategic level. The integration of these elements seeks to address the evolving challenges in cyberspace and contribute to more effective jointness in conducting cyber operations.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.91-101
• /
• 2020

We analyzed APT attack cases that occurred overseas in the past using a cyber kill chain model and a TTP model. As a result of the analysis, we found that the cyber kill chain model is effective in figuring out the overall outline, but is not suitable for establishing a specific defense strategy, however, TTP model is suitable to have a practical defense system. Based on these analysis results, it is suggested that defense technology development which is based on TTP model to build defense-in-depth system for preparing cyber attacks.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.41-50
• /
• 2021

Cyber Kill Chain is derived from Kill chain of traditional military terms. Kill chain means "a continuous and cyclical process from detection to destruction of military targets requiring destruction, or dividing it into several distinct actions." The kill chain has evolved the existing operational procedures to effectively deal with time-limited emergency targets that require immediate response due to changes in location and increased risk, such as nuclear weapons and missiles. It began with the military concept of incapacitating the attacker's intended purpose by preventing it from functioning at any one stage of the process of reaching it. Thus the basic concept of the cyber kill chain is that the attack performed by a cyber attacker consists of each stage, and the cyber attacker can achieve the attack goal only when each stage is successfully performed, and from a defense point of view, each stage is detailed. It is believed that if a response procedure is prepared and responded, the chain of attacks is broken, and the attack of the attacker can be neutralized or delayed. Also, from the point of view of an attack, if a specific response procedure is prepared at each stage, the chain of attacks can be successful and the target of the attack can be neutralized. The cyber command and control system is a system that is applied to both defense and attack, and should present defensive countermeasures and offensive countermeasures to neutralize the enemy's kill chain during defense, and each step-by-step procedure to neutralize the enemy when attacking. Therefore, thist paper proposed a cyber kill chain model from the perspective of defense and attack of the cyber command and control system, and also researched and presented the threat classification/analysis/prediction framework of the cyber command and control system from the defense aspect

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.779-791
• /
• 2021

Common web services have been continuously targeted by hackers due to an access control policy that must be allowed to an unspecified number of people. In order to cope with this situation, companies regularly check web vulnerabilities and take measures according to the risk of discovered vulnerabilities. The risk of these web vulnerabilities is calculated through preliminary statistics and self-evaluation of domestic and foreign related organizations. However, unlike static diagnosis such as security setting and source code, web vulnerability check is performed through dynamic diagnosis. Even with the same vulnerability item, various attack results can be derived, and the degree of risk may vary depending on the subject of diagnosis and the environment. In this respect, the predefined risk level may be different from that of the actual vulnerability. In this paper, to improve this point, we present a web vulnerability risk assessment model based on the attack result centering on the cyber kill chain.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.2
• /
• pp.223-228
• /
• 2019

Recently, the United States has been trying to strengthen its cybersecurity by upgrading its position as an Unified Combatant Command that focuses on the Cyber Command in the United States, strengthening operations in cyberspace, and actively responding to cyber threats. Other major powers are also working to strengthen cyber capabilities, and they are working to strengthen their organization and power. The world demands economic power for its own interests rather than its own borders. But Cyber World is a world without borders and no defense. Therefore, a cyber weapon system is necessary for superiority in cyberspace (defense, attack) for national cybersecurity. In this paper, we analyze operational procedures for cyber weapons operation. And we design cyber weapons to analyze and develop the best cyber weapons to lead victory in cyberwarfare. It also conducts cyber weapons research to solve the confrontation between Cyber World.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.501-519
• /
• 2017

With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.