• Journal of the Korea Institute of Military Science and Technology
• /
• v.19 no.1
• /
• pp.57-65
• /
• 2016

Threat evaluation is a process to estimate the threat score which enemy aerial threat poses to defended assets. The objective of threat evaluation is concerned with making an engagement priority list for optimal weapon allocation. Traditionally, the threat evaluation of massive air threats has been carried out by air defence experts, but the human decision making is less effective in real aerial attack situations with massive enemy fighters. Therefore, automation to enhance the speed and efficiency of the human operation is required. The automatic threat evaluation by air defense experts who will perform multi-variable judgment needs formal models to accurately quantify their linguistic evaluation of threat level. In this paper we propose a threat evaluation model by using a fuzzy rule-based inference method. Fuzzy inference is an appropriate method for quantifying threat level and integrating various threat attribute information. The performance of the model has been tested with a simulation that reflected real air threat situation and it has been verified that the proposed model was better than two conventional threat evaluation models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.821-834
• /
• 2019

As cyber security threats increase, there is a growing demand for highly reliable systems. Common Criteria, an international standard for evaluating information security products, requires formal specification and verification of the system to ensure a high level of security, and more and more cases are being observed. In this paper, we propose highly reliable drone systems that ensure high level security level and trust. Based on the results, we use formal methods especially Z/EVES to improve the system model in terms of scheduling in the system kernel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.591-605
• /
• 2022

As drones are widely used, attack attempts using drone vulnerabilities are increasing, and drone security is growing in importance. This paper derives security requirements for reconnaissance drone delivered to government office through threat modeling. Threats are analyzed by the data flow of the drone and collecting possible vulnerabilities. Attack tree is built by analyzed threats. The security requirements were derived from the attack tree and compared with the security requirements suggested by national organizations. Utilizing the security requirements derived from this paper will help in the development and evaluation of secure drones.

• Proceedings of the Korea Society of Environmental Toocicology Conference
• /
• 2001.05a
• /
• pp.130-130
• /
• 2001

산업사회의 발달로 말미암아 발생되는 여러 가지 문제 중 환경에 미치는 영향은 막대하다 하겠다. 특히 환경오염물질의 하수누출은 생태계뿐만 아니라 인간의 생명을 직접 혹은 간접적으로 위협하고 있다. 이러한 심각성을 인식하고 최근에 환경영향평가의 방법이 많이 개발되고 있다. 그러나 지금까지의 방법으로는 환경오염물질이 미치는 독성은 아직 미지수로 남아 있다. 이러한 분위기에 편승하여 환경독성 평가방법 중 어류 또는 포유류의 면역계에 대한 영향을 평가하는 방법을 개발하여 환경오염평가에 활용하고 있다. (중략)

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1167-1188
• /
• 2017

The purpose of this study is to investigate the factors affecting cyber threat information provision in order to activate cyber threat information sharing in Korea. In particular, we looked at the intention to provide simple information and important information according to the importance of information. The research method was conducted on the information security practitioners' online survey in terms of users of information sharing system. And empirical analysis was conducted. As a result of the study, only the CEO's attitude influenced the intention to provide simple information. On the other hand, important information was influenced not only by the CEO's attitude but also by the information evaluation system, privatization, and mitigating legal penalties. The results of this study can identify the problems of the cyber threat information sharing system in Korea. And we can confirm the priority of improvement and the change of information providing intention before and after improvement of information sharing system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.261-270
• /
• 2010

As the usage of social network service(SNS) increases recently, great attention has been shown to the information security in SNS. However, there has been little investment in SNS environment for security while preferential investment to attract subscribers has been made so far. Moreover, there is still a lack of confidence for investment effect and an absence of framework to analyze the threat factors of information security in SNS. In this paper, we propose to model for decision-making standard of SNS information security investment by the AHP. The result shows that 'service image' is the most important criterion for the decision of SNS information security. It also shows that 'Profile-squatting and reputation slander through ID thefts' and 'Corporate espionage' are important threat factors in SNS information security.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.103-110
• /
• 2022

Botnets have been exploited for a variety of purposes, ranging from monetary demands to national threats, and are one of the most threatening types of attacks in the field of cybersecurity. Botnets emerged as a centralized structure in the early days and then evolved to a P2P structure. Bitcoin is the first online cryptocurrency based on blockchain technology announced by Satoshi Nakamoto in 2008 and is the most widely used cryptocurrency in the world. As the number of Bitcoin users increases, the size of Bitcoin network is also expanding. As a result, a botnet using the Bitcoin network as a C&C channel has emerged, and related research has been recently reported. In this study, we propose an encrypted botnet C&C communication mechanism and technique in the Bitcoin network and validate the proposed method by conducting performance evaluation through various experiments after building it on the Bitcoin testnet. By this research, we want to inform the possibility of botnet threats in the Bitcoin network to researchers.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.4
• /
• pp.93-104
• /
• 2023

Recently, the technology of drones is developing remarkably. The role of military drones is so great that they can cause serious damage to the enemy's important strategic assets without any damage to our allies in all battlefield environments (land, sea, air). However, the battleship combat management system currently operated by the Korean Navy is vulnerable to defense because there is no customized defense system against drones. As drones continue to develop, they are bound to pose a major threat to navy in the future. This paper proposes a way for the warfare software of naval combat management system sets a combat mode suitable for anti-drone battle, evaluates the threat priority in order to preemptively respond to drone threats and eliminate drone threats through automatic allocation of self-ship-mounted weapons and sensors, and through a test of the improved warfare software in a simulated environment, it was proved that the time to respond to the drone was improved by 62%.