• Journal of National Security and Military Science
• /
• s.1
• /
• pp.391-421
• /
• 2003

While the social activities using Internet become generalized, the side effect of the information security violation is increasing steadily and threaten the countries which is not ready to prevent from offensive penetration such as the Information-fighter or Cyber-military. In this paper, we define the concept and characteristics of the modern Information-Warfare and analyze various kinds of threatened elements and also examine the recent trend in other countries. And introducing Computer Forensics raised recently for the confrontation against the security violation in the future, we will show the developing strategies and the necessity in order to response cyber attacks. These developing strategies can be used to ensure and re-trace the technical evidence for the security violation and to achieve the disaster relief effectively. So we hope that can apply them to the actual preparation through developing cyber trial test of the defense and attack for the Information-Warfare.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2018

Theorists of war have often used Clausewitz's trinity theory as a framework for analyzing war strategies and histories. Heretofore, studies on cyber warfare have focused primarily on laws, policies, structuring organizations, manpower, and training pertaining to preparing the cyberspace for war. Currently, studies highlighting the comparative characteristics of war in cyberspace, how it differs from conventional warfare, and analytical frameworks for understanding war in cyberspace are rare. Using Clausewitz's trinity theory, this paper interprets the essence of war from the perspectives of (1) Intellect, (2) Bravery, and (3) Passion, to propose an analytical model for understanding war in cyberspace, one that factors in the intrinsic qualities and characteristics of cyberspace under spatial and temporal constraints. Furthermore, this paper applies the aforementioned analytical model to the Iraq War and concludes with a theoretical illustration that cyber warfare played a significant role in winning the war.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.191-199
• /
• 2020

Cyber warfare training is a key factor for boosting cyber warfare competence. In general, cyber warfare training is conducted by scenarios, and the effects of training can be enhanced by including various elements in the scenarios that can improve the quality of training. In this paper, we introduce the training information, network map, traffic generation policy, threat/defense behavior identified as elements to be included in training scenarios, and propose a method of authoring training scenarios by layering and combining them. We also propose a database design for integrated management of each scenario layer. The layered training scenario authoring method has the advantage of increasing convenience of authoring by reusing existing layers and extending training scenarios based on various combinations between the layers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.985-994
• /
• 2016

Since the inauguration of Defense Acquisition Program Administration(DAPA) in 2006, the national defense core technology research & development business has not only pertained to the weapons systems development but also to the improvement of the national science & technology capability via the acquisition of cutting-edge technologies. Furthermore, it has been closely related to the promotion of the defense industry and the mutual improvements of defense and civil technologies. The cyber warfare weapon system, a newly added national defense weapon system field since 2015, has become a promising weapon system branch for improving the national defense power as well as the national defense industry as shown in the case of Israel. By utilizing the existing result of the national defense core technology level, in order to establish the direction of technology planning of the cyber warfare weapon system, this paper analyzes the technology level and features of the cyber warfare weapon system in various aspects via comparisons with other weapons systems. The result of these analyses shows that the cyber warfare weapon system possesses a relatively high technology level due to the technology accumulation in the civilian sector while the relatively slow inclusion to the national weapons systems and the lack of the correspondence case regarding aggressive cyber responses in the defense sector yields a relatively low national rank. However, the technological gap between South Korea and the most advanced country in the field of cyber warfare technology is analyzed to be among the lowest, which indicates that with efficient and effective pursuits in terms of pthe weapons systems acquisitions as well as the core technologies research & development business, an outstanding cyber warfare capacity can be obtained in a short time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.7
• /
• pp.2425-2458
• /
• 2022

The continuous evolution and proliferation of computer technology and our increasing dependence on computer technology have created a new class of threats: "cyber threats." These threats can be defined as activities that can undermine a society's ability to maintain internal or external order while using information technology. Cyber threats can be mainly divided into two categories, namely cyber-terrorism and cyber-warfare. A variety of malware programs are often used as a primary weapon in these cyber threats. A significant amount of research work has been published covering different aspects of cyber threats, their countermeasures, and the policy-making for cyber laws. This article aims to review the research conducted in various important aspects of cyber threats and provides synthesized information regarding the fundamentals of cyber threats; discusses the countermeasures for such threats; provides relevant details of high-profile cyber-attacks; discusses the developments in global policy-making for cyber laws, and lastly presents promising future directions in this area.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.71-80
• /
• 2023

Cyberspace has emerged as the fifth domain of warfare, alongside land, sea, air, and space. It has become a crucial focus for offensive and defensive military operations. Governments worldwide have demonstrated their intent to engage in offensive cyber operations within this domain. This paper proposes an innovative offensive cyber kill chain model that integrates the existing defensive strategy, the cyber kill chain model, with the joint air tasking order (ATO) mission execution cycle and joint target processing procedure. By combining physical and cyber operations within a joint framework, this model aims to enhance national cyber operations capabilities at a strategic level. The integration of these elements seeks to address the evolving challenges in cyberspace and contribute to more effective jointness in conducting cyber operations.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.111-126
• /
• 2022

As operations that were only conducted in physical space in the past change to operations that include cyberspace, it is necessary to analyze how cyber attacks affect weapon systems using cyber systems. For this purpose, it would be meaningful to analyze a tool that analyzes the effects of physical weapon systems in connection with cyber. The ROK military has secured and is operating the US JMEM, which contains the results of analyzing the effects of physical weapon systems. JMEM is applied only to conventional weapon systems, so it is impossible to analyze the impact of cyber weapon systems. In this study, based on the previously conducted cyber attack damage assessment framework, a framework for analyzing the impact of cyber attacks on physical missions was presented. To this end, based on the MOE and MOP of physical warfare, a cyber index for the analysis of cyber weapon system effectiveness was calculated. In addition, in conjunction with JMEM, which is used as a weapon system effect manual in physical operations, a framework was designed and tested to determine the mission impact by comparing and analyzing the results of the battle in cyberspace with the effects of physical operations. In order to prove the proposed framework, we analyzed and designed operational scenarios through domestic and foreign military manuals and previous studies, defined assets, and conducted experiments. As a result of the experiment, the larger the decrease in the cyber mission effect value, the greater the effect on physical operations. It can be used to predict the impact of physical operations caused by cyber attacks in various operations, and it will help the battlefield commander to make quick decisions.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.71-80
• /
• 2020

In order to provide realistic traffic to the cyber warfare training system, it is necessary to prepare a traffic distribution plan in advance and to create a training data set using normal/threat data sets. This paper presents the design and implementation results of a method for creating a traffic distribution plan and a training data set to provide background traffic like a real environment to a cyber warfare training system. We propose a method of a traffic distribution plan by using the network topology of the training environment to distribute traffic and the traffic attribute information collected in real and simulated environments. We propose a method of generating a training data set according to a traffic distribution plan using a unit traffic and a mixed traffic method using the ratio of the protocol. Using the implemented tool, a traffic distribution plan was created, and the training data set creation result according to the distribution plan was confirmed.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.73-81
• /
• 2023

The progress in science and technology has widened the scope of the battlefield, leading to the emergence of cyber electronic warfare that exploits electromagnetic waves and networks. Drones have become more important due to advancements in battery technology and navigation systems. Nevertheless, tackling drone threats comes with its own set of difficulties. Radar plays a vital role in detecting drones, offering long-range capabilities and independence from weather conditions. However, the battlefield presents unique challenges like dealing with high levels of signal noise and ensuring the safety of the detection assets. This paper proposes various approaches to improve the operation of drone detection radar in cyber electronic warfare, with a focus on enhancing signal processing techniques, utilizing low probability of interception (LPI) radar, and implementing optimized deployment strategies.