• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.673-689
• /
• 2022

We propose an APT attack scoring method as a part of the process for detecting and responding to APT attacks. First, unlike previous work that considered inconsistent and subjective factors determined by cyber security experts in the process of scoring cyber attacks, we identify quantifiable factors from components of MITRE ATT&CK^Ⓡ techniques and propose a method of quantifying each identified factor. Then, we propose a method of calculating the score of the unit attack technique from the quantified factors, and the score of the entire APT attack composed of one or more multiple attack techniques. We present the possibility of quantification to determine the threat level and urgency of cyber attacks by applying the proposed scoring method to the APT attack reports, which contains the hundreds of APT attack cases occurred worldwide. Using our work, it will be possible to determine whether actual cyber attacks have occurred in the process of detecting APT attacks, and respond to more urgent and important cyber attacks by estimating the priority of APT attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.873-883
• /
• 2013

Security vulnerability quantification is the method that identify potential vulnerabilities by scoring vulnerabilities themselves and their countermeasures. However, due to the structural feature of smart grid system, it is difficult to apply existing security threat evaluation schemes. In this paper, we propose a network model to evaluate smartgrid security threat for AMI and derive attack scenarios. Additionally, we show that the result of security threat evaluation for proposed network model and attack scenario by applying MTTC scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• International Journal of Aeronautical and Space Sciences
• /
• v.13 no.1
• /
• pp.99-105
• /
• 2012

Track-before-detect techniques based on dynamic programming have provided solutions for detecting targets from a sequence of images. In its application to airborne threat detection, dynamic programming solutions should take into account the distinguishable properties of objects in a collision course. This paper describes the development of a new track scoring function that accumulates scores for airborne targets in Bayesian framework. Numerical results show that the proposed scoring function has slightly better detection capabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1179-1189
• /
• 2019

Cyber security evaluation is a series of processes that estimate the level of risk of assets and systems through asset analysis, threat analysis and vulnerability analysis and apply appropriate security measures. In order to prepare for increasing cyber attacks, systematic cyber security evaluation is required. Various indicators for measuring cyber security level such as CWSS and CVSS have been developed, but the quantitative method to apply appropriate security measures according to the risk priority through the standardized security evaluation result is insufficient. It is needed that an Scoring system taking into consideration the characteristics of the target assets, the applied environment, and the impact on the assets. In this paper, we propose a quantitative risk assessment model based on the analysis of existing cyber security scoring system and a method for quantification of assessment factors to apply to the established model. The level of qualitative attribute elements required for cyber security evaluation is expressed as a value through security requirement weight by AHP, threat influence, and vulnerability element applying probability. It is expected that the standardized cyber security evaluation system will be established by supplementing the limitations of the quantitative method of applying the statistical data through the proposed method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.635-637
• /
• 2021

Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

• The Plant Pathology Journal
• /
• v.27 no.4
• /
• pp.324-332
• /
• 2011

Soil-borne barley yellow mosaic disease caused by Barley yellow mosaic virus (BaYMV) or Barley mild mosaic virus (BaMMV) gives a serious threat to the winter barley cultivated in the southern regions in Korea. It is important to develop resistant varieties for stable and high-yield production. The objectives of this study were to evaluate 22 genotypes of exotic barley germplasms carrying the resistance genes rym1 through rym12, with the exception of rym10, and to determine the genes that confer resistance to BaYMV or BaMMV in Korea. Using the traditional visual scoring of symptoms at 4 locations over 3 years, average disease rate values differed (P < 0.001) among the genotypes. ELISA test revealed the presence of both BaYMV and BaMMV in all of the field sites but Jinju and significantly different rates of infection among genotypes and years. Barley genotypes differed in how virus quantities and pathogen-induced symptoms were correlated, especially in response to BaYMV. Disease incidence was affected by the climatic conditions present during the early growing stage before overwintering. A Chinese landrace, 'Mokusekko 3', carrying rym1 and rym5 was comparatively resistant at all locations studied. The barley genotypes carrying either rym6 or rym9 were susceptible to the viral strains. The genotypes carrying rym5 were resistant in Jinju and Milyang but susceptible in Iksan and Naju. The resistance genes rym2 and rym3 were effective in local strains and would be potent contributors to disease resistance.