• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1027-1037
• /
• 2019

Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.3
• /
• pp.135-149
• /
• 2008

Traditional attack detection schemes based on packets or flows have very high computational complexity. And, network based anomaly detection schemes can reduce the complexity, but they have a limitation to figure out the pattern of the distributed global scale network attack. In this paper, we propose an efficient and fast method for detecting distributed global-scale network attack symptoms in high-speed backbone networks. The proposed method is implemented at the aggregate traffic level. So, our proposed scheme has much lower computational complexity, and is implemented in very high-speed backbone networks. In addition, the proposed method can detect attack patterns, such as attacks in which the target is a certain host or the backbone infrastructure itself, via collaboration of edge routers on the backbone network. The effectiveness of the proposed method are demonstrated via simulation.

• Transactions on Control, Automation and Systems Engineering
• /
• v.4 no.3
• /
• pp.231-238
• /
• 2002

In this paper, we present a new approach to autopilot design for skid-to-turn missiles which may have severe aerodynamic cross-couplings and nonlinearities with angle of attack. The model of missile motion is derived in the maneuver plane and, based on that model, pitch, yaw, and roll autopilot are designed. They are composed of a nonlinear term which compensates for the aerodynamic couplings and nonlinearities and a linear controller driven by the measured outputs of missile accelerations and angular rates. Besides the outputs, further information such as Mach number, dynamic pressure, total angle of attack, and bank angle is required. With the proposed autopilot and simple estimators of bank angle and total angle of attack, it is shown by computer simulations that the induced moments and some aerodynamic nonlinearities are properly compensated and that the performance is superior to that of the conventional ones.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.13-26
• /
• 2001

This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2186-2203
• /
• 2020

Security administrators of companies and organizations need to come up with proper countermeasures against cyber-attacks considering infrastructures and security policies in their possession. In order to develop and verify such countermeasures, the administrators should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. If the administrators are able to design various scenarios of cyber-attacks and to develop simulation models from their viewpoints, they can simulate desired situations and observe the results more easily. It is challenging to simulate cyber-security issues, because there is lack of theoretical basis for modeling a wide range of the security field as well as pre-defined basic components used to model cyber-attacks. In this paper, we propose a modeling method for cyber-security simulations by developing a basic component and a composite model, called Abstracted Cyber-Security Unit Model (ACSUM) and Abstracted Cyber-security SIMulation model (ACSIM), respectively. The proposed models are based on DEVS(Discrete Event systems Specification) formalism, a modeling theory for discrete event simulations. We develop attack scenarios by sequencing attack behaviors using ACSUMs and then model ACSIMs by combining and abstracting the ACSUMs from a security perspective. The concepts of ACSUM and ACSIM enable the security administrators to simulate numerous cyber-security issues from their viewpoints. As a case study, we model a worm scenario using ACSUM and simulate three types of simulation models based on ACSIM from a different security perspective.

• Journal of Internet Computing and Services
• /
• v.5 no.4
• /
• pp.23-33
• /
• 2004

In this paper, we propose a novel traffic measurement based detection of network attack symptoms on high speed Internet backbone links. In order to do so, we characterize the traffic patterns from the normal and the network attacks appeared on Internet backbone links, and we derive two efficient measures for representing the network attack symptoms at aggregate traffic level. The two measures are the power spectrum and the ratio of packet counts to traffic volume of the aggregate traffic. And, we propose a new methodology to detect networks attack symptoms by measuring those traffic measures. Experimental results show that the proposed scheme can detect the network attack symptoms very exactly and quickly. Unlike existing methods based on Individual packets or flows, since the proposed method is operated on the aggregate traffic level. the computational complexity can be significantly reduced and applicable to high speed Internet backbone links.

• Computers and Concrete
• /
• v.2 no.4
• /
• pp.293-307
• /
• 2005

The development and the main features of an expert system for modeling the requirements of durable concrete in chemical exposure, called the Durable Concrete Advisor for Chemical Exposure (DCACE), are described. The system was developed to help improve the quality of concrete exposed to chemical environment by minimizing mistakes and deficiencies in selecting concrete constituents. Using Kappa-PC expert system shell, an object-oriented model was developed where the rule-based reasoning operates on or across objects. The American Concrete Institute manual of concrete practice was chosen as the main source of knowledge. Other textual sources were also consulted for knowledge acquisition. The major objectives of the research were acquisition and formalization of the relevant knowledge and building an expert system for making durable concrete for chemical exposure regarding sulfate attack, acid attack, seawater attack and carbonation. Similar to most expert systems, this system has explanation facilities, can be incrementally expanded, and has an easy to understand knowledge base. The performance of the system is demonstrated by an example session. The system is user-friendly and can be used as an educational tool.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.591-605
• /
• 2022

As drones are widely used, attack attempts using drone vulnerabilities are increasing, and drone security is growing in importance. This paper derives security requirements for reconnaissance drone delivered to government office through threat modeling. Threats are analyzed by the data flow of the drone and collecting possible vulnerabilities. Attack tree is built by analyzed threats. The security requirements were derived from the attack tree and compared with the security requirements suggested by national organizations. Utilizing the security requirements derived from this paper will help in the development and evaluation of secure drones.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.16 no.5
• /
• pp.607-612
• /
• 2013

The effect of the flow actuator on the asymmetric vortex structure around the ogive-cylinder body with fineness ratio of 4 flying at the speed of Mach 0.1 at angle of attack of 50 degree is studied. The ogive-cylinder model is developed with the actuator placed near the nose tip and numerically simulated using the in-house CFD code named KFLOW. The numerical simulation employs two different actuator modeling: one is the boundary condition given by blowing normal to the surface and another shearing on the surface. The numerical simulation reveals that response of the vortex structure to the actuation is dependent on the type of modeling as well as the strength and direction of the actuation.