• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1021-1030
• /
• 2021

This paper proposes S-CAFG(Stage-based Cyber Attack Flow Graph), a model for effectively describing training scenarios that simulate modern complex cyber attacks. On top of existing graph and tree models, we add a stage node to model more complex scenarios. In order to evaluate the proposed model, we create a complicated scenario and compare how the previous models and S-CAFG express the scenario. As a result, we confirm that S-CAFG can effectively describe various attack scenarios such as simultaneous attacks, additional attacks, and bypass path selection.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.8
• /
• pp.123-133
• /
• 2022

In this paper, we propose a Leveled Micro-Degree Job Competency Certification Model that considers the level of the job based on the job defined in the NCS. There is a mismatch of manpower due to the problem of university education that cannot keep up with the rapidly changing technological environment caused by the 4th Industrial Revolution. The Nano-Degree and Micro-Degree systems designed to solve this problem are used for job competency certification of cyber security personnel. NCS sub-categorized job field is defined as Micro-Degree and detailed job by ability unit is defined as Nano-Degree, the level of the ability unit defined by level is equally applied to the Micro-Degree. And it is a system that certifies the job competency corresponding to the degree-based university academic background. By applying this system to the curriculum of Cyber Security School, Yeungnam University College, we proposed a method to configure the Nano-Degree course based on NCS duties. The method proposed in this paper can be used as a method for verifying job competency of Nano-Degree and Micro-Degree, which are recently introduced by many universities.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.135-141
• /
• 2020

The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.3
• /
• pp.65-72
• /
• 2020

With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.59-66
• /
• 2023

Text mining (TM) is most widely used to find patterns from various text documents. Cyber-bullying is the term that is used to abuse a person online or offline platform. Nowadays cyber-bullying becomes more dangerous to people who are using social networking sites (SNS). Cyber-bullying is of many types such as text messaging, morphed images, morphed videos, etc. It is a very difficult task to prevent this type of abuse of the person in online SNS. Finding accurate text mining patterns gives better results in detecting cyber-bullying on any platform. Cyber-bullying is developed with the online SNS to send defamatory statements or orally bully other persons or by using the online platform to abuse in front of SNS users. Deep Learning (DL) is one of the significant domains which are used to extract and learn the quality features dynamically from the low-level text inclusions. In this scenario, Convolutional neural networks (CNN) are used for training the text data, images, and videos. CNN is a very powerful approach to training on these types of data and achieved better text classification. In this paper, an Ensemble model is introduced with the integration of Term Frequency (TF)-Inverse document frequency (IDF) and Deep Neural Network (DNN) with advanced feature-extracting techniques to classify the bullying text, images, and videos. The proposed approach also focused on reducing the training time and memory usage which helps the classification improvement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.71-82
• /
• 2024

With the advancement of information and communication technology (ICT), the use of electronic document types such as PDF, MS Office, and HWP files has increased. Such trend has led the cyber attackers increasingly try to spread malicious documents through e-mails and messengers. To counter such attacks, AI-based methodologies have been actively employed in order to detect malicious document files. The main challenge in detecting malicious HWP(Hangul Word Processor) files is the lack of quality dataset due to its usage is limited in Korea, compared to PDF and MS-Office files that are highly being utilized worldwide. To address this limitation, data augmentation have been proposed to diversify training data by transforming existing dataset, but as the usefulness of the augmented data is not evaluated, augmented data could end up harming model's performance. In this paper, we propose an effective semi-supervised learning technique in detecting malicious HWP document files, which improves overall AI model performance via quantifying the utility of augmented data and filtering out useless training data.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.49-57
• /
• 2015

Changes in the national intelligence security industry is becoming increasingly rapidly changing due to the development of the network and the use of the Internet. Information also can be called by critical information assets, as well as social infrastructure of the country's reality is that individuals at risk. These professionals make to prevent terrorists to destroy national defense system and network was absolutely necessary. But, Cyber Terror Response NCOs to be responsible for cyber terrorism requires a professional NCOs with advanced knowledge. National Competency Standards(NCS) using a national information security field tutors to conduct training courses teaching - learning model to develop and to apply.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.187-188
• /
• 2022

As information processing technology develops with the trend of the times, the possibility of cyber threats to nuclear facilities is increasing. In the 2000s, there was a growing perception that cyberattacks on nuclear facilities were needed, and in fact, a cybersecurity regulatory system for nuclear power plants began to be established to prepare for cyberattacks. In Korea, in order to prepare for cyber threats, in 2013 and 2014, the Act on Protection and Radiation Disaster Prevention, Enforcement Decree, and Enforcement Rules of Nuclear Facilities, etc., and notices related to the Radioactive Disaster Prevention Act were revised. In 2015, domestic nuclear operators prepared information system security regulations for each facility in accordance with the revised laws and received approval from the Nuclear Safety Commission for implementation of information system security regulations divided into seven stages. In 2019, a special inspection for step-by-step implementation was completed, and since 2019, the cybersecurity system of operators has been continuously inspected through regular inspections. In this paper, we present some measures to build improved training to suit the steadily revised inspection of the nuclear facility cybersecurity system to counter cyber threats to the ever-evolving nuclear facilities.

• Convergence Security Journal
• /
• v.16 no.6_1
• /
• pp.43-50
• /
• 2016

As North Korea has a sufficient ability to attack our society's vulnerable computer network, various large-scale cyber attacks are expected to be tried. North Korea's cyber military strength is known a world-class level. The number of its cyber agents is increasing consistently. Recently North Korea's cyber attack has been made regardless of trick and target. But up to now North Korea's cyber attack is more of an exploration than a real attack. Its purpose was to check how fast Korea found a problem and recovered from it. In future, cyber attack that damages substantially is highly probable. In case of an attack against national infrastructure like traffic, financial and energy services, the extent of the damage will be great beyond imagination. In this paper, characteristics of recent North Korea's cyber attack is addressed in depth and countermeasures such as the enactment of cyber terror prevention law, simulation training enforcement, private and public cooperation system construction, cyber security infrastructure expansion, etc. are proposed.