• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.37-47
• /
• 2020

The In the 4^th industrial revolution, cyber space will evolve into hyper-connectivity, super-convergence, and super-intelligence due to the development of advanced information and communication technologies, which will connect the nation's core infrastructure into a single network. As applying the 4^th industrial revolution technology to the cyber attack technique, it is evolving in an intelligent and sophisticate method. In order to response intelligent cyber attacks, it is difficult to guarantee self-defense in cyberspace by policy-oriented, preplanned-centric and hierarchical cyber response strategies. Therefore, this research aims to propose a situation-flexible & action-oriented cyber response mechanism that can respond flexibly by selecting the most optimal smart security solution according to changes in the cyber attack steps. The proposed cyber response mechanism operates the smart security solutions according to the action-oriented detailed strategies. In addition, artificial intelligence-based decision-making systems are used to select the smart security technology with the best responsiveness.

• Journal of Information Technology Services
• /
• v.15 no.1
• /
• pp.67-79
• /
• 2016

This study aims to present the necessary elements that should be part of South Korea's National Defense Strategy against the recent North Korean cyber-attacks. The elements proposed in this study also reflect the recent trend of cyber-attack incidents that are happening in the Unites States and other countries and have been classified into the three levels of cyber incidents: cyberwarfare, cyberterrorism and cybercrime. As such, the elements proposed are presented in accordance with this classification system. In order to properly take into account the recent trend of cyber-attacks perpetrated by North Korea, this paper analyzed the characteristics of recent North Korean cyber-attacks as well as the countermeasures and responses of South Korea. Moreover, by making use of case studies of cyber-attack incidents by foreign nations that threaten national security, the response measures at a national level can be deduced and applied as in this study. Thus, the authors of this study hope that the newly proposed elements here within will help to strengthen the level of Korea's cyber security against foreign attacks, specifically that of North Korea such as the KHNP hacking incidents and so on. It is hoped that further damage such as leakage of confidential information, invasion of privacy and physical intimidation can be mitigated.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.389-395
• /
• 2022

With the evolution of technology, cyber physical systems (CPSs) are being upgraded, and new types of cyber attacks are being discovered accordingly. There are many forms of cyber attack, and all cyber attacks are made to manipulate the target systems. A representative system among cyber physical systems is a cyber physical power system (CPPS), that is, a smart grid. Smart grid is a new type of power system that provides reliable, safe, and efficient energy transmission and distribution. In this paper, specific types of cyber attacks well known as false data injection attacks targeting state estimation and energy distribution of smart grid, and protection strategies for defense of these attacks and dynamic monitoring for detection are described.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.61-66
• /
• 2019

Cyber space is a place where free activities are guaranteed. However, it is also true that not all individuals and countries strive for peaceful cyberspace, and that there is a growing tendency to gain unfair advantage through this space. Therefore, the state should reform laws and institutions to keep cyberspace safe. By establishing the "Basic Law on Cyberspace" which includes the law of the state law on cyberspace, it is necessary to be able to recognize and respond to the direction of the national legal discipline on cyberspace. The development of digital forensics is an urgent task due to the rapid development of IT. However, if the law is delayed for various reasons, some of the existing laws should be amended to improve the stability of the law in accordance with the circumstances. To this end, it is necessary to revise the "Information and Communication Infrastructure Protection Act", "Information and Communication Network Enhancement and Information Protection Act", "Integrated Defense Law", "Establishment of Defense Information Infrastructure Infrastructure and Defense Information Resource Management Act".

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.131-139
• /
• 2023

In recent years, there have been frequent incidents of invasion of national defense networks by insiders. This trend can be said to disprove that the physical network separation policy currently applied by the Korea Ministry of National Defense can no longer guarantee military cyber security. Therefore, stronger cybersecurity measures are needed. In this regard, Zero Trust with a philosophy of never trusting and always verifying is emerging as a new alternative security paradigm. This paper analyzes the zero trust establishment trends currently being pursued by the US Department of Defense, and based on the implications derived from this, proposes a zero trust establishment plan tailored to the Korean military. The zero trust establishment plan tailored to the Korean military proposed in this paper includes a zero trust establishment strategy, a plan to organize a dedicated organization and secure budget, and a plan to secure zero trust establishment technology. Compared to cyber security based on the existing physical network separation policy, it has several advantages in terms of cyber security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.759-766
• /
• 2015

This paper proposes a location-based key management scheme in wireless sensor networks, and among the existing location-based key management techniques, we focused on the LDK (Location Dependent Key management). In order to improve the problems occurred by communication interference, we introduced the key revision process and the method of key establishment using grid information. According to the simulation of this scheme, it increased connectivity while decreased compromise ratio than those of the previous LDK, futhermore, we confirmed that a hexagon distribution of AN reduces the network cost.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.4C
• /
• pp.441-447
• /
• 2004

Information security simulator is required for the study on the cyber intrusion and defense as information security has been increasingly popular Until now, the main purposes of information security simulation are security estimation of small network as well as performance analysis of information protection systems. However, network simulators that can simulate attacks in a huge network are in needs since large scale internet attacks are very common in these days. In this paper we proposed a simulator design and its implementation details. Our simulator is implemented by expanding the SSFNet program to the client-sewer architecture. A cyber attack scenario used in our simulator is composed by the advanced attack tree model. We analyzed the simulation results to show the correctness of our network defense simulator.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.57-64
• /
• 2018

In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. In this paper, we design a protected server network with a large number of decoys to anonymize the protected servers that dynamically mutate their IP address and port numbers according to Hidden Tunnel Networking, which is a network-based moving target defense scheme. In the network, a protected server is one-to-one mapped to a decoy-bed that generates a number of decoys, and the decoys share the same IP address pool with the protected server. First, the protected server network supports mutating the IP address and port numbers of the protected server very frequently regardless of the number of decoys. Second, it provides independence of the decoy-bed configuration. Third, it allows the protected servers to freely change their IP address pool. Lastly, it can reduce the possibility that an attacker will reuse the discovered attributes of a protected server in previous scanning. We believe that applying Hidden Tunnel Networking to protected servers in the proposed network can significantly reduce the probability of the protected servers being identified and compromised by attackers through deploying a large number of decoys.

• Review of Korea Contents Association
• /
• v.11 no.4
• /
• pp.18-22
• /
• 2013

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.15-26
• /
• 2022

Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.