• 조명전기설비학회논문지
• /
• 제25권6호
• /
• pp.90-99
• /
• 2011

As power industry evolves into Smart Grid scheme, previously closed power systems are being integrated into public communication networks. It increases the controllability and efficiency of the system, but also accompanies many cyber threats having existed in the Internet to the SCADA system. Therefore it is required to apply security countermeasures to the Smart Grid, which brings about investment costs. There have been few approaches to assess risks from cyber attack especially in electric power industry. So this paper proposes a methodology to assess quantitative impacts of various types of cyber attacks to a power system, and also shows the feasibility of the method through a case study.

• 스마트미디어저널
• /
• 제5권2호
• /
• pp.65-76
• /
• 2016

최근 클라우드 컴퓨팅이 새로운 공격 대상으로 부상하기 시작했으며, 클라우드의 다양한 서비스를 지연 및 방해하기 위한 악의적인 DDoS 공격이 진행되고 있다. 본 논문에서는 허니팟 보안 기술과 클라우드 컴퓨팅의 자원을 이용한 호넷 클라우드를 제안하며, 간략하게 사이버 탄력성에 의한 능동 상호동작의 프레임워크에 의한 보안 기능들을 정의 및 설계한다. 더불어 가상 허니팟 서비스를 위한 사이버 탄력성을 이용한 Low-Interaction vHonyepot의 기능들을 시뮬레이션하여 가능성을 검증한다.

• 한국군사과학기술학회지
• /
• 제26권2호
• /
• pp.179-187
• /
• 2023

APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. 'Cyberattack Tracing System' allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.

• International Journal of Internet, Broadcasting and Communication
• /
• 제15권4호
• /
• pp.128-133
• /
• 2023

Satellite based communication is networks in which users in a wide area can access without wired-based ground infrastructure. In particular, the need is emerging due to the recent Ukraine-Russia war. Satellite network systems acquire data that is difficult to observe on Earth as well as communication networks and are also used for research and development, which allows additional data to be produced. However, due to the nature of communication networks existing in outer space, certain vulnerabilities are revealed, and attacks based on them can be exposed. In this paper, we analyze vulnerabilities that may arise due to the nature of satellite communication networks and describes current research, countermeasures, and future research directions.

• 한국IT서비스학회지
• /
• 제15권2호
• /
• pp.157-167
• /
• 2016

Task environment for enterprises and public institutions are moving into cyberspace-based environment and structing the LTE wireless network. The applications "App" operated in the LTE wireless network are mostly being developed with Android-based. But Android-based malwares are surging and they are the potential DDoS attacks. DDoS attack is a major information security threat and a means of cyber attacks. DDoS attacks are difficult to detect in advance and to defense effectively. To this end, a DMZ is set up in front of a network infrastructure and a particular server for defensive information security. Because There is the proliferation of mobile devices and apps, and the activation of android diversify DDoS attack methods. a DMZ is a limit to detect and to protect against DDoS attacks. This paper proposes an information security method to detect and Protect DDoS attacks from the terminal phase using a Preemptive military strategy concept. and then DDoS attack detection and protection app is implemented and proved its effectiveness by reducing web service request and memory usage. DDoS attack detection and protecting will ensure the efficiency of the mobile network resources. This method is necessary for a continuous usage of a wireless network environment for the national security and disaster control.

• 한국컴퓨터정보학회논문지
• /
• 제25권9호
• /
• pp.71-80
• /
• 2020

사회가 초연결 사회가 되어 갈수록 우리는 더 많은 사이버 보안 전문가들이 필요하다. 이를 위해 본 논문에서는 실제 사이버 공격에 대한 분석결과와 MITRE ATT&CK 프레임워크를 바탕으로 사이버 모의 위협을 모델링하고 실제 사이버 보안 훈련 시스템에서 모의 된 사이버 위협을 생성할 수 있는 CyTEA를 개발하였다. 모의 된 사이버 위협이 실제 사이버 위협 수준의 유효성을 갖는지를 확인하기 위해 절차적, 환경적, 결과적 유사성을 기준으로 모의 수준을 알아보고 또 실제 사이버 보안 훈련 시스템에서 모의 위협을 실행하면서 방어훈련 시 예상되는 위협의 실제 위협실행 결과와 모의 위협의 실행 결과가 동일하여 실제 사이버 위협에 준하는 훈련을 가능함을 확인하였다.

• 정보보호학회논문지
• /
• 제18권6A호
• /
• pp.107-114
• /
• 2008

악성봇은 DDoS 공격, 스팸메일 발송 등 다양한 악성행위를 하는 웜/바이러스 이다. 이러한 악성봇의 악성행위를 차단 하기 위하여 국내외 많은 기관에서 노력을 기울이고 있다. 국내에서도 악성봇 DNS 싱크홀을 구축하여 악성봇에 의한 악성행위를 차단하고 있고, 일본에서도 CCC(Cyber Clean Center) 구축을 통하여 악성봇 감염 PC를 치료하고 있다. 그러나 악성봇 DNS 싱크홀은 감염 PC를 근본적으로 치료하지 못한다는 단점이 있고, CCC 또한 감염이 확인된 PC 중 30%만 치료가 되고 있는 문제점을 가지고 있다. 본 논문에서는 이러한 기존 기법들의 단점을 보완하고 장점을 취하여 악성봇에 의한 악성행위를 차단함과 동시에 근본적인 치료도 병행하는 방식으로 새로운 악성봇 치료기법을 제안 하였다.

• International Journal of Computer Science & Network Security
• /
• 제22권12호
• /
• pp.185-196
• /
• 2022

The Internet of Things (IoT) has become more and more widespread in recent years, thus attackers are placing greater emphasis on IoT environments. The IoT connects a large number of smart devices via wired and wireless networks that incorporate sensors or actuators in order to produce and share meaningful information. Attackers employed IoT devices as bots to assault the target server; however, because of their resource limitations, these devices are easily infected with IoT malware. The Distributed Denial of Service (DDoS) is one of the many security problems that might arise in an IoT context. DDOS attempt involves flooding a target server with irrelevant requests in an effort to disrupt it fully or partially. This worst practice blocks the legitimate user requests from being processed. We explored an intelligent intrusion detection system (IIDS) using a particular sort of machine learning, such as Artificial Neural Networks, (ANN) in order to handle and mitigate this type of cyber-attacks. In this research paper Feed-Forward Neural Network (FNN) is tested for detecting the DDOS attacks using a modified version of the KDD Cup 99 dataset. The aim of this paper is to determine the performance of the most effective and efficient Back-propagation algorithms among several algorithms and check the potential capability of ANN- based network model as a classifier to counteract the cyber-attacks in IoT environments. We have found that except Gradient Descent with Momentum Algorithm, the success rate obtained by the other three optimized and effective Back- Propagation algorithms is above 99.00%. The experimental findings showed that the accuracy rate of the proposed method using ANN is satisfactory.

• 정보보호학회논문지
• /
• 제28권1호
• /
• pp.123-133
• /
• 2018

사이버 물리 시스템(CPS: Cyber-Physical System)은 물리시스템과 사이버시스템이 통합되어 운영되는 시스템을 말한다. CPS는 대상 물리시스템을 안정적으로 운영하기 위해 다수의 센서를 이용하여 끊임없이 물리 대상을 모니터링하고 현재 상태에 따라 액추에이터 제어를 수행한다. 만약 악의적인 공격자가 자신들의 공격을 은닉하기 위해서 센서들의 측정값을 대상으로 위변조 공격을 수행한다면, 수집된 데이터에 기반하여 운영되는 사이버시스템은 현재 물리시스템의 운영 현황을 확인할 수 없게 된다. 이는 자동화 시스템 및 운전원의 대응을 지연시켜 더욱 큰 피해가 발생하게 된다. 점차 정교해지는 타겟형 공격들로부터 CPS를 안전하게 보호하기 위해서는 센서 및 측정값을 대상으로 수행되는 은닉형 공격을 탐지할 수 있는 대응기술을 개발해야 한다. 그러나 다양한 이기종 장치들이 존재하는 CPS에서 실제 현장장치들을 대상으로 취약점을 분석하고 실증하는 과정은 많은 시간을 필요로 한다. 따라서 본 연구에서는 CPS 은닉형 공격 탐지 기술의 성능 검증에 활용 가능한 중간자 PLC 실험환경 구축 방안을 제안하고 그 실험결과를 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권2호
• /
• pp.857-880
• /
• 2016

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.