• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.87-101
• /
• 2022

Cyber-attacks occur in the blink of an eye in cyberspace, and the damage is increasing all over the world. Therefore, it is necessary to develop a cyber common operational picture that can grasp the various assets belonging to the 3rd layer of cyberspace from various perspectives. By applying the method for grasping battlefield information used by the military, it is possible to achieve optimal cyberspace situational awareness. Therefore, in this study, the visualization screens necessary for the cyber common operational picture are identified and the criteria (response speed, user interface, object symbol, object size) are investigated. After that, the framework is designed by applying the identified and investigated items, and the visualization screens are implemented accordingly. Finally, among the criteria investigated by the visualization screen, an experiment is conducted on the response speed that cannot be recognized by a photograph. As a result, all the implemented visualization screens met the standard for response speed. Such research helps commanders and security officers to build a cyber common operational picture to prepare for cyber-attacks.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.33-40
• /
• 2021

Automatic Speech Recognition(ASR) is a technology that analyzes human speech sound into speech signals and then automatically converts them into character strings that can be understandable by human. Speech recognition technology has evolved from the basic level of recognizing a single word to the advanced level of recognizing sentences consisting of multiple words. In real-time voice conversation, the high recognition rate improves the convenience of natural information delivery and expands the scope of voice-based applications. On the other hand, with the active application of speech recognition technology, concerns about related cyber attacks and threats are also increasing. According to the existing studies, researches on the technology development itself, such as the design of the Automatic Speaker Verification(ASV) technique and improvement of accuracy, are being actively conducted. However, there are not many analysis studies of attacks and threats in depth and variety. In this study, we propose a cyber attack model that bypasses voice authentication by simply manipulating voice frequency and voice speed for AI voice recognition service equipped with automated identification technology and analyze cyber threats by conducting extensive experiments on the automated identification system of commercial smartphones. Through this, we intend to inform the seriousness of the related cyber threats and raise interests in research on effective countermeasures.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.77-90
• /
• 2013

As Cyber threats are rising, the scope of information Security (IS) is extending from technical protection of a single information system to organizational comprehensive IS capability. The ministry of National Defense (MND) has established the IS evaluation for defense organization in 'the Directive for Defense Informatization Affairs.' However, no information about an evaluation method, process and organization is provided. We surveyed information security management system (ISMS) and related best practices in public sector and other countries, and analysed the military information security affairs. Thus, this paper recommends the IS evaluation method and process. The trial IS evaluation is in progress this year and the MND will expand this IS evaluation to the entire organization.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.59-72
• /
• 2019

In this day and age physical and cyber boundaries have converged due to the development of new technologies, such as the Internet of Things (IoT) and the Cyber Physical System (CPS). As the relationship between physical system and cyber technology strengthens, more diverse and complex forms of risk emerge. As a result, it is becoming difficult for single organization or government to fully handle this situation alone and cooperation based on information sharing and the strengthening of active defense systems are needed. Shifting to a system in which information suitable for various entities can be shared and automatically responded to is also necessary. Therefore, this study tries to find improvements for the current system of threat information collecting and sharing that can actively and practically maintain cyber defense posture, focusing particularly on the structuring of information sharing platforms. To achieve our objective, we use a risk communication theory from the safety field and propose a new platform by combining an action-oriented security process model.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.585-598
• /
• 2019

A cyber-physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well-funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game-theoretical model considering both low- and high-interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.235-238
• /
• 2017

최근에는 랜섬웨어의 일종인 '워너크라이' 등의 바이러스로 인한 피해도 기하급수적으로 증가하고, 그 수법도 사용자가 파일에 접근하면 감염되던 형태에서 인터넷에 접속되기만 하면 감염되는 형태로 진화하면서 사이버전에 사용되어질 수 있는 사이버 공격에 대응하는 방어 및 회복 방책에 대한 관심이 한층 더 증폭되고 있다. 하지만 일반적으로 방어, 회복 등의 대응 과정은 공격의 피해를 평가하여 결과로 산출된 피해 정도를 전제 조건으로 가지기 때문에 먼저 해킹 공격의 피해를 평가하여야 한다. 본 논문에서는 사이버전에서 사용되어질 수 있는 해킹 공격 및 위협의 피해를 공격의 종류별로 평가하기 위해, 피해 정도를 수치화할 수 있는지의 여부 등을 기준으로 하여 총 3가지 Interruption, Modification, Interception로 구성된 해킹 공격의 분류 체계를 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.786-787
• /
• 2024

Large Language Model은 그 기능으로 말미암아 여러 애플리케이션에 통합되고 있다. 특히 OpenAI는 ChatGPT에 여러 세부 사항을 설정함으로써 차별화된 기능을 사용자가 제공할 수 있도록 한다. 하지만 최근 제시되는 프롬프트 연출 공격은 서비스의 핵심 요소를 쉽게 탈취할 수 있는 가능성을 제시한다. 본 연구는 지침 우회 방법론을 통해 기본 대비 공격의 성공률을 10%p 올렸다. 또한 유출공격을 평가할 수 있는 유효성과 성공률을 통해 모델의 방어 성능을 일반화한다.

• Journal of National Security and Military Science
• /
• s.1
• /
• pp.391-421
• /
• 2003

While the social activities using Internet become generalized, the side effect of the information security violation is increasing steadily and threaten the countries which is not ready to prevent from offensive penetration such as the Information-fighter or Cyber-military. In this paper, we define the concept and characteristics of the modern Information-Warfare and analyze various kinds of threatened elements and also examine the recent trend in other countries. And introducing Computer Forensics raised recently for the confrontation against the security violation in the future, we will show the developing strategies and the necessity in order to response cyber attacks. These developing strategies can be used to ensure and re-trace the technical evidence for the security violation and to achieve the disaster relief effectively. So we hope that can apply them to the actual preparation through developing cyber trial test of the defense and attack for the Information-Warfare.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.128-133
• /
• 2023

Satellite based communication is networks in which users in a wide area can access without wired-based ground infrastructure. In particular, the need is emerging due to the recent Ukraine-Russia war. Satellite network systems acquire data that is difficult to observe on Earth as well as communication networks and are also used for research and development, which allows additional data to be produced. However, due to the nature of communication networks existing in outer space, certain vulnerabilities are revealed, and attacks based on them can be exposed. In this paper, we analyze vulnerabilities that may arise due to the nature of satellite communication networks and describes current research, countermeasures, and future research directions.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.