• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.133-139
• /
• 2018

The 5 Game changer means the concepts of the army's operation against the enemy's asymmetric threats so that minimize damage to the public and leads to victory in war in the shortest time. A study of network architecture of Dronebot operation is a key study to carry out integrated operation with integrated C4I system by organically linking several drones battle groups through ICT. The NBC reconnaissance drones can be used instead of vehicles and humans to detect NBC materials and share situations quickly. However, there is still a lack of research on the swarm flight of the NBC reconnaissance drones and the weaknesses of cyber electronic warfare. In this study, we present weaknesses and countermeasures of CBRNs in swarm flight operations and provide a basis for future research.

• Journal of Intelligence and Information Systems
• /
• v.17 no.4
• /
• pp.157-173
• /
• 2011

As the Internet use explodes recently, the malicious attacks and hacking for a system connected to network occur frequently. This means the fatal damage can be caused by these intrusions in the government agency, public office, and company operating various systems. For such reasons, there are growing interests and demand about the intrusion detection systems (IDS)-the security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. The intrusion detection models that have been applied in conventional IDS are generally designed by modeling the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. These kinds of intrusion detection models perform well under the normal situations. However, they show poor performance when they meet a new or unknown pattern of the network attacks. For this reason, several recent studies try to adopt various artificial intelligence techniques, which can proactively respond to the unknown threats. Especially, artificial neural networks (ANNs) have popularly been applied in the prior studies because of its superior prediction accuracy. However, ANNs have some intrinsic limitations such as the risk of overfitting, the requirement of the large sample size, and the lack of understanding the prediction process (i.e. black box theory). As a result, the most recent studies on IDS have started to adopt support vector machine (SVM), the classification technique that is more stable and powerful compared to ANNs. SVM is known as a relatively high predictive power and generalization capability. Under this background, this study proposes a novel intelligent intrusion detection model that uses SVM as the classification model in order to improve the predictive ability of IDS. Also, our model is designed to consider the asymmetric error cost by optimizing the classification threshold. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, when considering total cost of misclassification in IDS, it is more reasonable to assign heavier weights on FNE rather than FPE. Therefore, we designed our proposed intrusion detection model to optimize the classification threshold in order to minimize the total misclassification cost. In this case, conventional SVM cannot be applied because it is designed to generate discrete output (i.e. a class). To resolve this problem, we used the revised SVM technique proposed by Platt(2000), which is able to generate the probability estimate. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 1,000 samples from them by using random sampling method. In addition, the SVM model was compared with the logistic regression (LOGIT), decision trees (DT), and ANN to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell 4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on SVM outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that our model reduced the total misclassification cost compared to the ANN-based intrusion detection model. As a result, it is expected that the intrusion detection model proposed in this paper would not only enhance the performance of IDS, but also lead to better management of FNE.

• Strategy21
• /
• s.31
• /
• pp.57-84
• /
• 2013

North Korea's continuous threats and provocative behaviors have aggravated tension on the Korean peninsula particularly with the recent nuclear weapons test. South Korea's best way to cope with this situation is to maintain the balance among three policy directions: dialogue, sanctions, and deterrence. Among the three, I argue that deterrence should be prioritized. There are different sources of deterrence such as military power, economic power, and diplomatic clouts. States can build deterrence capability independently. Alternatively, they may do so through relations with other states including alliances, bilateral relations, or multilateral relations in the international community. What South Korea needs most urgently is to maintain deterrence against North Korea's local provocations through the enhancement of independent military capability particularly by addressing the asymmetric vulnerability between militaries of the South and the North. Most of all, the South Korean government should recognize the seriousness of the negative consequences that North Korea's 'Nuclear shadow strategy' would bring about for the inter-Korea relations and security situations in Northeast Asia. Based on this understanding, it should develop an 'assertive deterrence strategy' that emphasizes 'multi-purpose, multi-stage, and tailored deterrence whose main idea lies in punitive retaliation.' This deterrence strategy requires a flexible targeting policy and a variety of retaliatory measures capable of taking out all targets in North Korea. At the same time, the force structures of the army, the air force, and the navy should be improved in a way that maximizes their deterrence capability. For example, the army should work on expanding the guided missile command and the special forces command and reforming the reserve forces. The navy and the air force should increase striking capabilities including air-to-ground, ship-to-ground, and submarine-to-ground strikes to a great extent. The marine corps can enhance its deterrence capability by changing the force structure from the stationary defense-oriented one that would have to suffer some degree of troop attrition at the early stage of hostilities to the one that focuses on 'counteroffensive landing operations.' The government should continue efforts for defense reform in order to obtain these capabilities while building the 'Korean-style triad system' that consists of advanced air, ground, and surface/ subsurface weapon systems. Besides these measures, South Korea should start to acquire a minimum level of nuclear potential within the legal boundary that the international law defines. For this, South Korea should withdraw from the Nuclear Non-proliferation Treaty. Moreover, it should obtain the right to process and enrich uranium through changing the U.S.-South Korea nuclear cooperation treaty. Whether or not we should be armed with nuclear weapons should not be understood in terms of "all or nothing." We should consider an 'in-between' option as the Japanese case proves. With regard to the wartime OPCON transition, we need to re-consider the timing of the transition as an effort to demonstrate the costliness of North Korea's provocative behaviors. If impossible, South Korea should take measures to make the Strategic Alliance 2015 serve as a persisting deterrence system against North Korea. As the last point, all the following governments of South Korea should keep in mind that continuing reconciliatory efforts should always be pursued along with other security policies toward North Korea.

• Strategy21
• /
• s.30
• /
• pp.99-142
• /
• 2012

Withe increased North Korea's security threats, the South Korean navy has been faced with deteriorating security environment. While North Korea has increased asymmetric forces in the maritime and underwater with the development of nuclear weapons, and China and Japan have made a large investment in the buildup of naval forces, the power of the Pacific fleet of the US, a key ally is expected to be weakened. The biggest threat comes from China's intervention in case of full-scale war with North Korea, but low-density conflict issues are also serious problems. North Korea has violated the Armistice Agreement 2,660 times since the end of Korean War, among which the number of marine provocations reaches 1,430 times, and the tension over the NLL issue has been intensifying. With tension mounting between Korea and Japan over the Dokdo issue and conflict escalating with China over Ieo do Islet, the US Navy has confronted situation where it cannot fully concentrate on the security of the Korean peninsula, which leads to need for strengthening of South Korea's naval forces. Let's look at naval forces of neighboring countries. North Korea is threatening South Korean navy with its increased asymmetric forces, including submarines. China has achieved the remarkable development of naval forces since the promotion of 3-step plan to strengthen naval power from 1989, and it now retains highly modernized naval forces. Japan makes an investment in the construction of stat of the art warship every year. Since Japan's warship boasts of its advanced performance, Japan's Maritime Self Defense Force is evaluated the second most powerful behind the US Navy on the assumption that submarine power is not included in the naval forces. In this situation, naval power construction of South Korean navy should be done in phases, focusing on the followings; First, military strength to repel the energy warship quickly without any damage in case of battle with North Korea needs to be secured. Second, it is necessary to develop abilities to discourage the use of nuclear weapons of North Korea and attack its nuclear facilities in case of emergency. Third, construction of military power to suppress armed provocations from China and Japan is required. Based on the above naval power construction methods, the direction of power construction is suggested as follows. The sea fleet needs to build up its war potential to defeat the naval forces of North Korea quickly and participate in anti-submarine operations in response to North Korea's provocations. The task fleet should be composed of 3 task flotilla and retain the power to support the sea fleet and suppress the occurrence of maritime disputes with neighboring countries. In addition, it is necessary to expand submarine power, a high value power asset in preparation for establishment of submarine headquarters in 2015, develop anti-submarine helicopter and load SLAM-ER missile onto P-3C patrol aircraft. In case of maine corps, division class military force should be able to conduct landing operations. It takes more than 10 years to construct a new warship. Accordingly, it is necessary to establish plans for naval power construction carefully in consideration of reality and future. For the naval forces to safeguard maritime sovereignty and contribute to national security, the acquisition of a huge budget and buildup of military power is required. In this regard, enhancement of naval power can be achieved only through national, political and military understanding and agreement. It is necessary to let the nation know that modern naval forces with improved weapon system can serve as comprehensive armed forces to secure the command of the sea, perform defense of territory and territorial sky and attack the enemy's strategic facilities and budget inputted in the naval forces is the essential source for early end of the war and minimization of damage to the people. If the naval power construction is not realized, we can be faced with a national disgrace of usurpation of national sovereignty of 100 years ago. Accordingly, the strengthening of naval forces must be realized.

• Journal of Intelligence and Information Systems
• /
• v.18 no.1
• /
• pp.125-141
• /
• 2012

These days, the malicious attacks and hacks on the networked systems are dramatically increasing, and the patterns of them are changing rapidly. Consequently, it becomes more important to appropriately handle these malicious attacks and hacks, and there exist sufficient interests and demand in effective network security systems just like intrusion detection systems. Intrusion detection systems are the network security systems for detecting, identifying and responding to unauthorized or abnormal activities appropriately. Conventional intrusion detection systems have generally been designed using the experts' implicit knowledge on the network intrusions or the hackers' abnormal behaviors. However, they cannot handle new or unknown patterns of the network attacks, although they perform very well under the normal situation. As a result, recent studies on intrusion detection systems use artificial intelligence techniques, which can proactively respond to the unknown threats. For a long time, researchers have adopted and tested various kinds of artificial intelligence techniques such as artificial neural networks, decision trees, and support vector machines to detect intrusions on the network. However, most of them have just applied these techniques singularly, even though combining the techniques may lead to better detection. With this reason, we propose a new integrated model for intrusion detection. Our model is designed to combine prediction results of four different binary classification models-logistic regression (LOGIT), decision trees (DT), artificial neural networks (ANN), and support vector machines (SVM), which may be complementary to each other. As a tool for finding optimal combining weights, genetic algorithms (GA) are used. Our proposed model is designed to be built in two steps. At the first step, the optimal integration model whose prediction error (i.e. erroneous classification rate) is the least is generated. After that, in the second step, it explores the optimal classification threshold for determining intrusions, which minimizes the total misclassification cost. To calculate the total misclassification cost of intrusion detection system, we need to understand its asymmetric error cost scheme. Generally, there are two common forms of errors in intrusion detection. The first error type is the False-Positive Error (FPE). In the case of FPE, the wrong judgment on it may result in the unnecessary fixation. The second error type is the False-Negative Error (FNE) that mainly misjudges the malware of the program as normal. Compared to FPE, FNE is more fatal. Thus, total misclassification cost is more affected by FNE rather than FPE. To validate the practical applicability of our model, we applied it to the real-world dataset for network intrusion detection. The experimental dataset was collected from the IDS sensor of an official institution in Korea from January to June 2010. We collected 15,000 log data in total, and selected 10,000 samples from them by using random sampling method. Also, we compared the results from our model with the results from single techniques to confirm the superiority of the proposed model. LOGIT and DT was experimented using PASW Statistics v18.0, and ANN was experimented using Neuroshell R4.0. For SVM, LIBSVM v2.90-a freeware for training SVM classifier-was used. Empirical results showed that our proposed model based on GA outperformed all the other comparative models in detecting network intrusions from the accuracy perspective. They also showed that the proposed model outperformed all the other comparative models in the total misclassification cost perspective. Consequently, it is expected that our study may contribute to build cost-effective intelligent intrusion detection systems.

• Strategy21
• /
• s.34
• /
• pp.58-92
• /
• 2014

Even after S. Korea took 5.24 Measure(24 May 2014), N. Korea has not stopped raising provocations such as the shelling of Yeonpyeong Island, electronic and cyber attacks. To make matters worse, the communist country lunched long-range missiles(twice) and conducted 3rd nuclear test, escalating tensions which could possibly lead to an all-out war. Korean Government failed to respond properly. However, escalation into an all-out war was deterred by the CFC immediately carrying out its peacetime duty(CODA). The US made a rapid dispatch of its augmentation forces(Aircraft carrier, nuclear-powered submarine, strategic bomber, F-22) to the Korean Peninsula. In recognition of the importance of the Combined Forces Command, since May 2013 the Park Geun-Hye Administration has been pushing ahead with re-postponement of Wartime Operational Control Transfer(which initially meant the disassembling of the CFC as of 1 December 2015) More recently, there has been a series of unusual indicators from the North. Judging from its inventory of 20 nuclear weapons, 1,000 ballistic missiles and biochemical weapons, it is safe to say that N. Korea has gained at least war deterrence against S. Korea. Normally a nation with nuclear weapons shrink its size of conventional forces, but the North is pursuing the opposite, rather increasing them. In addition, there was a change of war plan by N. Korea in 2010, changing 'Conquering the Korean Peninsula' to 'Negotiation after the seizure of the Greater Seoul Metropolitan Area(GSMA)' and establishing detailed plans for wartime projects. The change reflects the chain reaction in which requests from pro-north groups within the South will lead to the proclamation of war. Kim, Jeong-Un, leader of N. Korean regime, sent threatening messages using words such as 'exercising a nuclear preemptive strike right' and 'burning of Seoul'. Nam, Jae-June, Director of National Intelligence Service, stated that Kim, Jung-Un is throwing big talks, saying communization of the entire Korean Peninsula will come within the time frame of 3 years. Kim, Gwan-Jin, Defense Minister, shared an alarming message that there is a high possibility that the North will raise local provocations or a full-fledged war whenever while putting much emphasis on defense posture. As for the response concept of the Korean Government, it has been decided that 'ROK·US Combined Local Provocation Counter-Measure' will be adopted to act against local provocations from the North. Major provocation types include ▲ violation of the Northern Limit Line(NLL) with mobilization of military ships ▲ artillery provocations on Northwestern Islands ▲ low altitude airborne intrusion ▲ rear infiltration of SOF ▲ local conflicts within the Military Demarcation Line(MDL) ▲ attacking friendly ships by submarines. Counter-measures currently established by the US involves the support from USFK and USFJ. In order to keep the sworn promise, the US is reinforcing both USFK and USFJ. An all-out war situation will be met by 'CFC OPLAN5027' and 'Tailored Expansion Deterrence Forces' with the CFC playing a central role. The US augmentation forces stands at 690,000 troops, some 160 ships, 2,000 aircraft and this comprise 50% of US total forces, which is estimated to be ninefold of Korean forces. The CFC needs to be in center in handling both local provocations and an all-out war situation. However, the combat power of S. Korean conventional forces is approximately around 80% of that of N. Korea, which has been confirmed from comments made by Kim, Gwan-Jin, Defense Minister, during an interpellation session at the National Assembly. This means that S. Korean forces are not much growing. In particular, asymmetric capabilities of the North is posing a serious threat to the South including WMD, cyber warfare forces, SOF, forces targeting 5 Northwestern Islands, sub-surface and amphibious assault forces. The presence of such threats urgently requires immediate complementary efforts. For complementary efforts, the Korean Government should consider ① reinforcement of Korean forces; putting a stoppage to shrinking military, acquisition of adequate defense budget, building a missile defense and military leadership structure validity review, ② implementation of military tasks against the North; disciplinary measures on the sinking of ROKS Cheon-an/shelling of Yeonpyeong Islands, arrangement of inter-Korean military agreements, drawing lessons from studies on the correlation between aid for N. Korea, execution of inter-Korean Summit and provocations from the North, and ③ bolstering the ROK·US alliance; disregarding wartime operational control transfer plan(disassembling of CFC) and creation of a combined division.