• Journal of the Korea Society for Simulation
• /
• v.12 no.2
• /
• pp.63-73
• /
• 2003

The major objective of this paper is to propose the method of attacker and host modeling for cyber-attack simulation. In the security modeling and simulation for information assurance, it is essential the modeling of attacker that is able to generate various cyber-attack scenarios as well as the modeling of host, which is able to represent behavior on attack concretely The security modeling and simulation, which was announced by Cohen, Nong Ye and etc., is too simple to concretely analyze attack behavior on the host. And, the attacker modeling, which was announced by CERT, Laura and etc., is impossible to represent complex attack excepting fixed forms. To deal with this problem, we have accomplished attacker modeling by adopted the rule-based SES which integrates the existing SES with rule-based expert system for synthesis and performed host modeling by using the DEVS formalism. Our approach is to show the difference from others in that (ⅰ) it is able to represent complex and repetitive attack, (ⅱ) it automatically generates the cyber-attack scenario suitable on the target system, (ⅲ) it is able to analyze host's behavior of cyber attack concretely. Simulation tests performed on the sample network verify the soundness of proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.465-472
• /
• 2019

In recent years, the cyber attack has become a universal phenomenon, and the attacks in cyberspace are regarded as a kind of war, cyber-warfare. However, cyber-warfare is difficult to identify the damage caused by the attack. In order to effectively evaluate the damage to the attack that may occur in the cyber-warfare, this paper describes the damage evaluation simulation of the cyber-warfare based on DEVSim++, which can calculate the damage to the cyber attack using the MOCE (Measure of Cyber Effectiveness). Also, in order to help the commander in the cyber Command&Control phase, the number of victims by attack classification is expressed in the form of Venn diagram.

• Journal of the Korea Society for Simulation
• /
• v.13 no.3
• /
• pp.11-20
• /
• 2004

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (i) it is able to analyze behaviors of systems being emerged by interaction between functional elements of network components, (ii) it is able to analyze vulnerability in quantitative manner, and (iii) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.06a
• /
• pp.191-198
• /
• 2003

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (ⅰ) it is able to analyze behaviors of system emerged by interaction with functional elements of components composing network and each other, (ⅱ) it is able to analyze vulnerability in quantitative manner, and (ⅲ) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• Convergence Security Journal
• /
• v.16 no.6_1
• /
• pp.43-50
• /
• 2016

As North Korea has a sufficient ability to attack our society's vulnerable computer network, various large-scale cyber attacks are expected to be tried. North Korea's cyber military strength is known a world-class level. The number of its cyber agents is increasing consistently. Recently North Korea's cyber attack has been made regardless of trick and target. But up to now North Korea's cyber attack is more of an exploration than a real attack. Its purpose was to check how fast Korea found a problem and recovered from it. In future, cyber attack that damages substantially is highly probable. In case of an attack against national infrastructure like traffic, financial and energy services, the extent of the damage will be great beyond imagination. In this paper, characteristics of recent North Korea's cyber attack is addressed in depth and countermeasures such as the enactment of cyber terror prevention law, simulation training enforcement, private and public cooperation system construction, cyber security infrastructure expansion, etc. are proposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2186-2203
• /
• 2020

Security administrators of companies and organizations need to come up with proper countermeasures against cyber-attacks considering infrastructures and security policies in their possession. In order to develop and verify such countermeasures, the administrators should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. If the administrators are able to design various scenarios of cyber-attacks and to develop simulation models from their viewpoints, they can simulate desired situations and observe the results more easily. It is challenging to simulate cyber-security issues, because there is lack of theoretical basis for modeling a wide range of the security field as well as pre-defined basic components used to model cyber-attacks. In this paper, we propose a modeling method for cyber-security simulations by developing a basic component and a composite model, called Abstracted Cyber-Security Unit Model (ACSUM) and Abstracted Cyber-security SIMulation model (ACSIM), respectively. The proposed models are based on DEVS(Discrete Event systems Specification) formalism, a modeling theory for discrete event simulations. We develop attack scenarios by sequencing attack behaviors using ACSUMs and then model ACSIMs by combining and abstracting the ACSUMs from a security perspective. The concepts of ACSUM and ACSIM enable the security administrators to simulate numerous cyber-security issues from their viewpoints. As a case study, we model a worm scenario using ACSUM and simulate three types of simulation models based on ACSIM from a different security perspective.

• Journal of the Semiconductor & Display Technology
• /
• v.22 no.3
• /
• pp.112-118
• /
• 2023

As technology advances, the need for enhanced preparedness against cyber-attacks becomes an increasingly critical problem. Therefore, it is imperative to consider various circumstances and to prepare for cyber-attack strategic technology. This paper proposes a method to solve network security problems by applying reinforcement learning to cyber-security. In general, traditional static cyber-security methods have difficulty effectively responding to modern dynamic attack patterns. To address this, we implement cyber-attack scenarios such as 'Tiny Alpha' and 'Small Alpha' and evaluate the performance of various reinforcement learning methods using Network Attack Simulator, which is a cyber-attack simulation environment based on the gymnasium (formerly Open AI gym) interface. In addition, we experimented with different RL algorithms such as value-based methods (Q-Learning, Deep-Q-Network, and Double Deep-Q-Network) and policy-based methods (Actor-Critic). As a result, we observed that value-based methods with discrete action spaces consistently outperformed policy-based methods with continuous action spaces, demonstrating a performance difference ranging from a minimum of 20.9% to a maximum of 53.2%. This result shows that the scheme not only suggests opportunities for enhancing cybersecurity strategies, but also indicates potential applications in cyber-security education and system validation across a large number of domains such as military, government, and corporate sectors.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.18 no.6
• /
• pp.311-317
• /
• 2023

This paper presents a sliding mode observer (SMO) for reconstructing cyber attacks affecting a system. The system is first re-expressed such that its design freedom is easier to manipulate. The SMO is then used to reconstruct the cyber attack affecting the system. A simulation example is used to verify the performance of the SMO under two types of cyber attacks, and its results demonstrate the effectiveness of our proposed scheme.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.4
• /
• pp.457-467
• /
• 2002

In order to simulate cyber attacks and predict network behavior by attacks, we should represent attributes of network components in the simulation model, and should express characteristics of systems that carry out various cyber attacks and defend from these attacks. To simulate how network load may change under the cyber attacks, we extended SSF[9, 10] that is process-based event-oriented simulation system. We added a firewall class and a packet manipulator into the SSFNet that is a component of SSF. The firewall class, which is related to the security, is to simulate cyber attacks, and the packet manipulator is a set of functions to write attack programs for the simulation. The extended SSFNet enables to simulate a network with the security systems and provides advantages that make easy to port already exsiting attack programs and apply them to the simulation evironment. We made a vitual network model to verify operations of the added classes, and simulated a smurf attack that is a representative denial of sevive attack, and observed the network behavior under the smurf attack. The results showed that the firewall class and packet manipulator developed in this paper worked normaly.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.31-37
• /
• 2020

In this paper, we propose a system architecture and methodology based on cyber kill chain and MITRE ATT&CK for experiment analysis on cyber warfare simulation. Threat analysis is possible by applying various attacks that have actually occurred with continuous updates to reflect newly emerging attacks. In terms of cyber attack and defense, the current system(AS-IS) and the new system(TO-BE) are analyzed for effectiveness and quantitative results are presented. It can be used to establish proactive cyber COA(Course of Action) strategy, and also for strategic decision making. Through a case study, we presented the usability of the system architecture and methodology proposed in this paper. The proposed method will contribute to strengthening cyber warfare capabilities by increasing the level of technology for cyber warfare experiments.