• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.73-80
• /
• 2020

Due to the expansion of cyber space, war patterns are also changing from traditional warfare to cyber warfare. Cyber warfare is the use of computer technology to disrupt the activities of nations and organizations, especially in the defense sector. However, the defense against effective cyber threat environment is inadequate. To complement this, a new cyber warfare operation concept is needed. In this paper, we study the concepts of cyber intelligence surveillance reconnaissance, active defense and response, combat damage assessment, and command control in order to carry out cyber operations effectively. In addition, this paper proposes the concept of cyber warfare operation that can achieve a continuous strategic advantage in cyber battlefield.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.258-259
• /
• 2020

한국인터넷진흥원에서는 2020년 사이버 공격에 대한 7대 전망을 일상 속 보안 취약점, 공공기관·기업 대상 랜섬웨어, 가상동화 거래소를 통한 해킹 사고, 문자 메시지·이메일을 통한 악성코드 감염, 지능형 표적 공격, 소프트웨어 공급망 공격, 융합 서비스 보안 위협으로 제시하였다. 이에 본 논문에서는 신규 사이버위협에 대한 동향 분석을 통하여 기관의 정보보안을 위해 대응할 수 있는 방안에 대해 살펴보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.561-570
• /
• 2014

Nuclear Power Plant Instrumentation and Control System(NPP I&C) which is used to operate safely is changing from analog technology to digital technology. Ever since NPP Centrifuge of Iran Bushehr was shut down by Stuxnet attack in 2010, the possibility of cyber attacks against the NPP has been increasing. However, the domestic and international regulatory guidelines that was published to strengthen the cyber security of the NPP I&C describes security requirements and method s to establish policies and procedures. These guidelines are not appropriate for the development of real applicable cyber security technology. Therefore, specialized cyber security technologies for the NPP I&C need to be developed to enhance the security of nuclear power plants. This paper proposes a cyber security technology development system which is exclusively for the development of nuclear technology. Furthermore, this method has been applied to the ESF-CCS developed by The KINCS R&D project.

• ETRI Journal
• /
• v.41 no.5
• /
• pp.585-598
• /
• 2019

A cyber-physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well-funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game-theoretical model considering both low- and high-interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.

• Journal of the Society of Naval Architects of Korea
• /
• v.61 no.4
• /
• pp.278-288
• /
• 2024

According to International Association of Classification Societies (IACS) Unified Requirement (UR) E26, ships contracted for construction after July 1, 2024 should be designed, constructed, commissioned and operated taking into account of cyber security. In particular, ship network monitoring tools should be installed in accordance with requirement 4.3.1 in IACS UR E26. In this paper, we propose a Security Information and Event Management (SIEM) security policy model for ships as an effective threat detection method by analyzing the cyber security regulations and ship network status in the maritime domain. For this purpose, we derived the items managed in the SIEM from the maritime cyber security regulations such as those of International Maritime Organization (IMO) and IACS, and defined 14 detection policies considering the status of the ship network. We also presents the detection policy for non-expert crews to understand it, and occurrence conditions depending on the ship's network environment to minimize indiscriminate alarms. We expect that the results of this study will help improve the efficiency of ship SIEM to be installed in the future.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.282-284
• /
• 2018

ICT 기술의 발전에 따라 다양한 서비스들이 등장하고 있다. 특히 스마트 홈은 가전제품들을 인터넷에 접목시켜 집안 내에서뿐만 아니라 외부에서도 원격으로 제어가 가능하다. 이러한 편리성 때문에 여러 방면으로 이용성이 급증하고 있다. 하지만 아직까지 보안 기술에 있어 취약점이 많기 때문에 사생활이 노출될 가능성이 있다. 본 논문에서는 스마트 홈 환경에서 국내외 위협사례를 살펴보고, 발생 가능한 위험시나리오를 통해 위협요소를 분석한다. 또 대응방안을 제시하여 기기 개발시 보안 관점에서의 체계를 개선을 하기 위한 방안을 논하고자 한다.

• Journal of Information Science Theory and Practice
• /
• v.11 no.4
• /
• pp.14-39
• /
• 2023

Cybercrime is a significant threat to Internet users, involving crimes committed using computers or computer networks. The landscape of cyberspace presents a complex terrain, making the task of tracing the origins of sensitive data a formidable and often elusive endeavor. However, tracing the source of sensitive data in online cyberspace is critically challenging, and detecting cyber-criminals on the other hand remains a time-consuming process, especially in social networks. Cyber-criminals target individuals for financial gain or to cause harm to their assets, resulting in the loss or theft of millions of user data over the past few decades. Forensic professionals play a vital role in conducting successful investigations and acquiring legally acceptable evidence admissible in court proceedings using modern techniques. This study aims to provide an overview of forensic investigation methods for extracting digital evidence from computer systems and mobile devices to combat persistent cybercrime. It also discusses current cybercrime issues and mitigation procedures.

• The Journal of Bigdata
• /
• v.6 no.2
• /
• pp.99-108
• /
• 2021

Recently, unexpected and more advanced cyber medical treat attacks are on the rise. However, in responding to various patterns of cyber medical threat attack, rule-based security methodologies such as physical blocking and replacement of medical devices have the limitations such as lack of the man-power and high cost. As a way to solve the problems, the medical community is also paying attention to artificial intelligence technology that enables security threat detection and prediction by self-learning the past abnormal behaviors. In this study, there has collecting and learning the medical information data from integrated Medical-Information-Systems of the medical center and introduce the research methodology which is to develop the AI-based Net-Working Behavior Adaptive Information data. By doing this study, we will introduce all technological matters of rule-based security programs and discuss strategies to activate artificial intelligence technology in the medical information business with the various restrictions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.491-498
• /
• 2014

Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.445-457
• /
• 2013

This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.