• Title/Summary/Keyword: Stuxnet

Search Result 28, Processing Time 0.018 seconds

Analysing and Neutralizing the Stuxnet's Stealthing Techniques (Stuxnet의 파일 은닉 기법 분석 및 무력화 방법 연구)

  • Lee, Kyung-Roul;Yim, Kang-Bin
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.6
    • /
    • pp.838-844
    • /
    • 2010
  • This paper introduces Stuxnet, a malicious ware that presently stimulates severity of the cyber warfare worldwide, analyses how it propagates and what it affects if infected and proposes a process to cure infected systems according to its organization. Malicious wares such as Stuxnet secretes themselves within the system during propagation and it is required to analyze file hiding techniques they use to detect and remove them. According to the result of the analysis in this paper, Stuxnet uses the library hooking technique and the file system filter driver technique on both user level and kernel level, respectively, to hide its files. Therefore, this paper shows the results of the Stuxnet's file hiding approach and proposes an idea for countermeasure to neutralize it. A pilot implementation of the idea afterward shows that the stealthing techniques of Stuxnet are removed by the implementation.

A Study on Countermeasures to the North Korean Asymmetric Strategy-'Cyber Surprise Attack' (북한의 비대칭 전략-'사이버 기습공격'에 대한 대책 연구)

  • Kwon, Moon-Taek
    • Convergence Security Journal
    • /
    • v.10 no.4
    • /
    • pp.83-91
    • /
    • 2010
  • Information security is a critical issue for national defense. This paper provides a result of a study on the countermeasures to the North Korean Asymmetric Strategy-'Cyber Surprise Attack'. After the attack on Yeonpyeong island, the North Korea threatened there will be more surprise attack to the South Korea. Based on the analysis of 'Stuxnet' cyber attack to Iran and China, the North Korean surprise attack may be 'Stuxnet'class cyber attack. This paper several strategic countermeasures in order to overcome the anticipated the North Korean cyber surprise attack.

Risk Analysis and Monitoring Model of Urban SCADA Network Infrastructure (도시 기반시설 SCADA 망의 위험분석 및 모니터링 모델 연구)

  • Kim, Wan-Jib;Lee, Kyung-Ho;Kim, Huy-Kang;Youm, Heung-Youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.6
    • /
    • pp.67-81
    • /
    • 2011
  • In recently years, there are cyber-weapon aim to national infrastructure such as 'stuxnet'. Security experts of the world are paying attention to this phenomenon. The networks which controls traffic, subway, waterworks of the city are safe from threats such as computer virus, malware, because the networks were built on closed-networks. However, it's about time to develop countermeasure for the cyber-weapon. In this paper, we review status-quo of the control systems for metropolitan infrastructure and analyze the risk of industrial control system in SCADA(Supervisory Control And Data Acquisition) network. Finally, we propose a security model for control systems of metropolitan infrastructure.

ICS Security Risk Analysis Using Attack Tree (공격 트리를 이용한 산업 제어 시스템 보안 위험 분석)

  • Kim, Kyung-Ah;Lee, Dae-Sung;Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.53-58
    • /
    • 2011
  • There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

SDN based Discrimination Mechanism for Control Command of Industrial Control System (SDN 기반 산업제어시스템 제어명령 판별 메커니즘)

  • Cho, Minjeong;Seok, Byoungjin;Kim, Yeog;Lee, Changhoon
    • Journal of Digital Contents Society
    • /
    • v.19 no.6
    • /
    • pp.1185-1195
    • /
    • 2018
  • Industrial Control System (ICS) is a system that carry out monitoring and controls of industrial control process and is applied in infrastructure such as water, power, and gas. Recently, cyber attacks such as Brutal Kangaroo, Emotional Simian, and Stuxnet 3.0 have been continuously increasing in ICS, and these security risks cause damage of human life and massive financial losses. Attacks on the control layer among the attack methods for ICS can malfunction devices of the field device layer by manipulating control commands. Therefore, in this paper, we propose a mechanism that apply the SDN between the control layer and the field device layer in the industrial control system and to determine whether the control command is legitimate or not and we show simulation results on a simply composed control system.

Implementation Plan and Requirements Analysis of Access Control for Cyber Security of Nuclear Power Plants (원전 사이버보안을 위한 접근제어 요건분석 및 구현방안)

  • Kim, Do-Yeon
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.11 no.1
    • /
    • pp.1-8
    • /
    • 2016
  • The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.

Traffic Analysis Architecture for Secure Industrial Control System (안전한 제어시스템 환경을 위한 트래픽 분석망 설계)

  • Lee, Eun-Ji;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1223-1234
    • /
    • 2016
  • The Industrial control system is adopted by various industry field and national infrastructure, therefore if it received cyber attack, the serious security problems can be occured in the public sector. For this reason, security requirements of the industrial control system have been proposed, in accordance with the security guidelines of the electronic control system, and it is operated by separate from the external and the internal network. Nevertheless, cyber attack by malware (such as Stuxnet) targeting to control system have been occurred continuously, and also the real-time detection of untrusted traffic is very difficult because there are some difficulty of keeping up with quickly evolving the advent of new-variant malicious codes. In this paper, we propose the traffic analysis architecture for providing secure industrial control system based on the analyzed the security threats, the security requirements, and our proposed architecture.

A Study on the Multiplexing of a Communication Line for the Physical Load Balancing-Based Prevention of Infringement (물리적 부하 균형(Load-balancing) 기반의 침해방지를 위한 통신라인 다중화에 관한 연구)

  • Choi, Hee-Sik;Seo, Woo-Seok;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.81-91
    • /
    • 2012
  • Presently in 2011, there are countless attacking tools oriented to invading security on the internet. And most of the tools are possible to conduct the actual invasion. Also, as the program sources attacking the weaknesses of PS3 were released in 2010 and also various sources for attacking agents and attacking tools such as Stuxnet Source Code were released in 2011, the part for defense has the greatest burden; however, it can be also a chance for the defensive part to suggest and develop methods to defense identical or similar patterned attacking by analyzing attacking sources. As a way to cope with such attacking, this study divides the network areas targeted for attack based on load balancing by the approach gateways and communication lines according to the defensive policies by attacking types and also suggests methods to multiply communication lines. The result of this paper will be provided as practical data to realize defensive policies based on high hardware performances through enhancing the price competitiveness of hardware infrastructure with 2010 as a start.

제어시스템 침입탐지 시스템 기술 연구 동향

  • Choi, Seungoh;Kim, Woo-Nyon
    • Review of KIISC
    • /
    • v.24 no.5
    • /
    • pp.7-14
    • /
    • 2014
  • 국가기반시설 제어시스템은 독립망 운영 정책 적용과 독자적 제어시스템 통신 프로토콜 사용으로 안전하다고 여겨져 왔다. 하지만 최근 국가기반시설 제어시스템을 대상으로 한 최초의 사이버 무기인 스턱스넷(Stuxnet) 악성코드의 발견 이래로 현재까지도 지속적인 사이버 위협 및 사고사례가 보고되고 있다. 이에 따라 사회경제적으로 큰 혼란을 야기할 수 있는 제어시스템 대상 사이버공격에 대응하기 위해 일반 IT 환경과는 다른 제어시스템만의 특성이 반영된 보안기술이 요구되고 있다. 본 논문에서는 제어시스템 보안기술 중 침입탐지 시스템 기술 연구 동향을 분석하고 해당 기술이 적용되는 제어시스템 영역과 제어시스템 통신 프로토콜별 특성에 따른 기술들의 특징을 분석한다. 또한, 탐지 기법에 따른 제어시스템 공격 탐지 성능을 비교 및 분석한다.

배전DAS-업무망 보안 이슈 및 물리적 일방향 자료전달 시스템 적용 방안

  • Kim, Jihee;Kim, Jincheol;Park, Sungwan;Song, Jooyoung
    • Review of KIISC
    • /
    • v.24 no.5
    • /
    • pp.46-50
    • /
    • 2014
  • 제어시스템은 일반 업무환경에서 사용하고 있는 시스템과는 달리 업무망과 분리되어 운영되며, 비공개 제어프로토콜 사용으로 해커나 악성코드에 의해 사이버공격을 받을 가능성이 없다고 인식되어 왔다. 그러나 2010년 스턱스넷(Stuxnet) 악성코드가 이란의 핵시설 제어시스템에 침투하였고 2012년 듀크, 플레임 등 제어시스템을 대상으로 한 위협이 증가하게 되면서 제어시스템과 업무망 연계 지점의 보안 위협을 제거하기 위한 방안으로 물리적 일방향 자료전달 시스템의 도입이 추진되어 왔다. 본 논문에서는 배전DAS 업무망 연계를 위한 물리적 일방향 자료전달 시스템 구현에 대해서 설명하고 실증에 따른 결과를 제시한다.