• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.749-766
• /
• 2021

Cyber powers around the world are conducting cyber information-gathering activities in cyberspace, a global domain within the Internet-based information environment. Accordingly, it is imperative to obtain the latest information through the cyber intelligence preparation of the battlefield (IPB) process to prepare for future cyber operations. Research utilizing the cyber battlefield visualization method for effective cyber IPB and situation awareness aims to minimize uncertainty in the cyber battlefield and enable command control and determination by commanders. This paper designed architecture by classifying cyberspace into a physical, logical network layer and cyber persona layer to visualize the cyber battlefield using BGP archive data, which is comprised of BGP connection information data of routers around the world. To implement the architecture, BGP archive data was analyzed and pre-processed, and cyberspace was implemented in the form of a Di-Graph. Information products that can be obtained through visualization were classified for each layer of the cyberspace, and a visualization method was proposed for performing cyber IPB. Through this, we analyzed actual North Korea's BGP and OSINT data to implement North Korea's cyber battlefield centered on the Internet network in the form of a prototype. In the future, we will implement a prototype architecture based on Elastic Stack.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.6
• /
• pp.807-816
• /
• 2018

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.13-22
• /
• 2019

The purpose of this study is to suggest the educational system and direction of cyber operations officers of non-cyber operations forces who do not specialize in cyber operations. In order to carry out cyber operations as a joint operation, non-Cyber Operations officers must also know about cyber operations, but there is no education system for them at present, Since there is almost no previous research on this, research in the relevant field is necessary. Therefore, the education system was developed based on the prior literature review, that is, the education system, that is, the necessity of education, the object of education, the goals and contents of the education, and the curriculum. In addition, the relevant experts confirmed the validity of each item with Delphi method, and as a result, some improvement was needed, but it was shown to be suitable as a whole. In addition, detailed educational program development can be developed based on this in the future.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.55-69
• /
• 2020

The Internet cyber space has become more important as it enters the intelligent information society of the 4th Industrial Revolution beyond the information age through the development of ICT, the expansion of personalized services through mobile and SNS, the development of IoT, big data, and artificial intelligence. The Internet has formed a new paradigm in human civilization, but it has focused only on the efficiency of its functions. Therefore, various side effects such as information divide, cyber terrorism, cyber violence, hacking, and personal information leakage are emerging. In this situation, facing the intelligent information society can lead to an uncontrollable chaos. Therefore, this study classifies the cyber dysfunction of intelligent information society and analyzes social cognition, suggests cyber dysfunction standard of intelligent information society, and examines the seriousness of dysfunction, and suggests technical research directions for future technologies and services. The dysfunctional classification of the intelligent information society was classified into five areas of cyber crime and terrorism, infringement of rights, intelligent information usage culture, intelligent information reliability, and social problems by FGI methodology. Based on the classification, the social perception of current and future cyber dysfunction severity was surveyed and it showed female is more sensitive than male about the dysfunction. A GAP analysis confirmed social awareness that the future society would be more serious about AI and cyber crime

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.596-605
• /
• 2017

Recently, it has been pointed out that the lack of professional ethics of computer and security experts is serious as college students majoring in information security and insiders who are in charge of security work are involved in crimes after being tempted to cyber crimes. In this paper, we investigate and analyze the security ethics awareness and education situation of college students majoring in information security, and examine the security ethics education method for human resource development with personality and qualities. As the information society becomes more widespread, the ethics and occupational consciousness of the university students who are majoring in information security are recognized as lack of awareness and education about security ethics, As a solution to solve these problems, it is expected that it will be possible to nurture security experts who are aware of their vocation through the educational plan to enhance the security ethics of the information security major college students. According to the security ethics education system proposed in the paper, the security ethical consciousness of the group that received education was remarkably improved.

• Korean Journal of Culture and Social Issue
• /
• v.10 no.3
• /
• pp.83-101
• /
• 2004

This study investigated the effects of social presence as means of self-awareness and interpersonal-awareness on the cyber-aggressive behavior. The cyber-aggressive behavior (flaming and direct aggression use of character) should be differ from existence of social presence and type of social presence of internet users. To test hypothesis, an experiment was executed a field study on cyberspace, an on-line game, "fortress 2 blue forever". I made a chat-room in the game site to conduct an experiment to 107 person who entered the chat-room and blinded ignorance of this situation made by researchers. As the subjects enter the chat-room, he chats with 3 researchers who were waiting before he gets in. The social presence was operated with 3 phases by the contents of the chat (①control group; nothing, ②experimental group 1; reaction about other people ③experimental group 2; reaction about other people + self-exposure by an exchange information of their home region). The studies show that, subjects of the control group behaved more aggressively than other subjects of the experimental groups(both flaming and direct aggression use of character). Meantime, I compared experimental group 1 with experimental group 2 to investigate difference between the type of social presence. As the result, subjects of the experimental group 1 behaved more aggressively than experimental group 2 (only flaming, there's no difference in direct aggression use of character).

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2011-2022
• /
• 2022

According to the defense-in-depth concept, not only a preventive strategy but also an integrated cyberattack response strategy for NPPs should be established. However, there are limitations in terms of responding to penetrations, and the existing EOPs are insufficient for responding to intentional disruptions. In this study, we focus on manipulative attacks on process data. Based on an analysis of the related attack vectors and possible attack scenarios, we adopt the Kalman filter to detect process anomalies that can be caused by manipulations of process data. To compensate for these manipulations and secure MCR operators' situational awareness, we modify the Kalman filter such that it can filter out the effects of the manipulations adaptively. A case study was conducted using a hardware-in-the-loop system. The results indicated that the developed method can be used to verify whether the displayed safety-related state data are reliable and to implement the required safety response actions.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.2
• /
• pp.251-258
• /
• 2020

This study aims to address the current situation and damage from sexual violence, to arouse public opinion, help broader awareness, and further lead to community social efforts to cope actively with the situation. In Korean society, discourse on sex is often conducted in a double structure. Sexual violence is not just a personal misfortune; it is a problem for women as a whole. Furthermore, it is a challenge that society needs to address. Therefore, the government should evolve its response to sexual violence into a collective, not individual, movement of men and women toward social and cultural movements together. Although the visible reality of sexual violence is important, damaging their mental health by passing on a distorted cultural environment to future generations should be seen as a type of historical crime.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.35-41
• /
• 2016

Recently, the awareness of the domestic information security is very higher due to cyber war and hacking incidents. Yet, the information security professional is very scarce situation. In these circumstances are increasing of a opening the information security related departments of the domestic universities. And the Educational institutions are developed various curriculums. However, the domestic information security curriculum is different depending on the university or department. And there tends to be concentrated on the practical education rather than theoretical education. Therefore, in this paper will be analyzed to the Information security curriculum situation of the domestic Information Security related universities. This is expected to be utilized in a systematic curriculum development of the domestic information security education in a future.