• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.256-274
• /
• 2022

The continuous information technology and telecommunication (ICT) developments inspire several Saudi Arabia citizens to transact and interact online. However, when using online platforms, several people are likely to lose their personal information to cybercriminals. In the survey, 553 Saudi Arabia citizens and 103 information technology (IT) specialists confirm the expansion of digital economy and the need for smart cities with various services, including e-commerce and solid cyber security. 96.6% of the participants believe Saudi Arabia is digitalizing its economy; yet, 33.3% of the participants believe that residents are uninformed about living and operating in smart cities. Several people (47.29%) with medium internet speed are more aware about smart cities than those with fastest internet speed (34%). Besides, online transactions via credit cards subjected 55.5% of the participants to privacy and security issues. These findings validate the essence of cyber security awareness programs among Saudi Arabia citizens and IT professionals to boost public trust and acceptance of cybersecurity frameworks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.857-880
• /
• 2016

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.95-102
• /
• 2017

A large volume of research has been devoted to the development of security tools for protecting the Smart Grid systems, however the most of them have not taken the Availability, Integrity, Confidentiality (AIC) security triad model, not like CIA triad model in traditional Information Technology (IT) systems, into account the security measures for the electricity control systems. Thus, this study would propose a novel security framework, an abnormal behavior detection system, to maximize the availability of the control systems by considering a unique set of characteristics of the systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.237-246
• /
• 2016

Recently various types of cyber attacks have occurred. The strategic goals & tactical means of these have evolved. Especially KHNP cyber attack was the type of hacktivism combined hack and psychological warfare. The cyber attackers have forecd the nation to participate in the cyber warfare and the government to make strategic decisions to the releases of confidential information and the threats of stopping KHNP. In this paper, we would like to study the effective strategic decision-making model utilizing the game theory and including an attack intelligence on open policy Decision framework.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.6
• /
• pp.797-805
• /
• 2019

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.2
• /
• pp.13-26
• /
• 2001

This paper presents the network security modeling methodology and simulation using the hierarchical and modular modeling and simulation framework. Recently, Howard and Amoroso developed the cause-effect model of the cyber attack, defense, and consequences, Cohen has been proposed the simplified network security simulation methodology using the cause-effect model, however, it is not clear that it can support more complex network security model and also the model-based cyber attack simulation. To deal with this problem, we have adopted the hierarchical and modular modeling and simulation environment so called the System Entity Structure/Model Base (SES/MB) framework which integrates the dynamic-based formalism of simulation with the symbolic formalism of AI. Several simulation tests performed on sample network system verify the soundness of our method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.527-535
• /
• 2023

To develop experts capable of responding to cyber security incidents, numerous institutions have established cyber training facilities to cultivate security professionals equipped with effective defense strategies. However, these challenges such as limited resources, scenario-based content development, and cost constraints. To address these issues, this paper proposes a virtual infrastructure variation generation framework. It provides customized, diverse IT infrastructure environments for each organization, allowing cyber defense trainers to accumulate a wide range of experiences. By leveraging Infrastructure-as-Code (IaC) containers and employing Word2Vec, a natural language processing model, mutable code elements are extracted and trained, enabling the generation of new code and presenting novel container environments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2610-2628
• /
• 2019

Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.