• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.249-252
• /
• 2013

The recent cyber attacks paralyzed several major banking services, broadcasters, and affected the services of a telecommunications provider. Media outlets classified the attack as cyber terror and named it an Advanced Persistant Threat. Although the attack significantly disrupted these services for at least one day, various components used in the attack were not new. Previous major cyber attacks towards targets in South Korea employed more advanced techniques thus causing greater damage. This paper studies the anatomy of the recent 2013.3.20 attack, studies the technical sophistication of the malware and attack vectors used compared with previous attacks.

• Nuclear Engineering and Technology
• /
• v.51 no.1
• /
• pp.138-145
• /
• 2019

With the application of digital technology to safety-critical infrastructures, cyber-attacks have emerged as one of the new dangerous threats. In safety-critical infrastructures such as a nuclear power plant (NPP), a cyber-attack could have serious consequences by initiating dangerous events or rendering important safety systems unavailable. Since a cyber-attack is conducted intentionally, numerous possible cases should be considered for developing a cyber security system, such as the attack paths, methods, and potential target systems. Therefore, prior to developing a risk-informed cyber security strategy, the importance of cyber-attacks and significant critical digital assets (CDAs) should be analyzed. In this work, an importance analysis method for cyber-attacks on an NPP was proposed using the probabilistic safety assessment (PSA) method. To develop an importance analysis framework for cyber-attacks, possible cyber-attacks were identified with failure modes, and a PSA model for cyber-attacks was developed. For case studies, the quantitative evaluations of cyber-attack scenarios were performed using the proposed method. By using quantitative importance of cyber-attacks and identifying significant CDAs that must be defended against cyber-attacks, it is possible to develop an efficient and reliable defense strategy against cyber-attacks on NPPs.

• Journal of the Semiconductor & Display Technology
• /
• v.22 no.3
• /
• pp.112-118
• /
• 2023

As technology advances, the need for enhanced preparedness against cyber-attacks becomes an increasingly critical problem. Therefore, it is imperative to consider various circumstances and to prepare for cyber-attack strategic technology. This paper proposes a method to solve network security problems by applying reinforcement learning to cyber-security. In general, traditional static cyber-security methods have difficulty effectively responding to modern dynamic attack patterns. To address this, we implement cyber-attack scenarios such as 'Tiny Alpha' and 'Small Alpha' and evaluate the performance of various reinforcement learning methods using Network Attack Simulator, which is a cyber-attack simulation environment based on the gymnasium (formerly Open AI gym) interface. In addition, we experimented with different RL algorithms such as value-based methods (Q-Learning, Deep-Q-Network, and Double Deep-Q-Network) and policy-based methods (Actor-Critic). As a result, we observed that value-based methods with discrete action spaces consistently outperformed policy-based methods with continuous action spaces, demonstrating a performance difference ranging from a minimum of 20.9% to a maximum of 53.2%. This result shows that the scheme not only suggests opportunities for enhancing cybersecurity strategies, but also indicates potential applications in cyber-security education and system validation across a large number of domains such as military, government, and corporate sectors.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.12
• /
• pp.1771-1779
• /
• 2016

In these days, the world is getting connected to the internet like a sophisticated net, such an environment gives a suitable environment for cyber attackers, so-called cyber-terrorists. As a result, a number of cyber attacks has significantly increased and researches to find cyber attack traffics in the field of network monitoring has also been proceeding. But cyber attack traffics have been appearing in new forms in every attack making it harder to monitor. This paper suggests a method of tracking down cyber attack traffic sources by defining relational information flow of traffic data from highest cascaded and grouped relational flow. The result of applying this cyber attack source tracking method to real cyber attack traffic, was found to be reliable with quality results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1021-1030
• /
• 2021

This paper proposes S-CAFG(Stage-based Cyber Attack Flow Graph), a model for effectively describing training scenarios that simulate modern complex cyber attacks. On top of existing graph and tree models, we add a stage node to model more complex scenarios. In order to evaluate the proposed model, we create a complicated scenario and compare how the previous models and S-CAFG express the scenario. As a result, we confirm that S-CAFG can effectively describe various attack scenarios such as simultaneous attacks, additional attacks, and bypass path selection.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.103-113
• /
• 2017

Cyber attacks can be classified by type of cyber war, terrorism and crime etc., depending on the purpose and intent. Those are mobilized the various means and tactics which are like hacking, DDoS, propaganda. The damage caused by cyber attacks can be calculated by a variety of categories. We may identify cyber attackers to pursue trace-back based facts including digital forensics etc. However, recent cyber attacks are trying to induce confusion and deception through the manipulation of digital information or even conceal the attack. Therefore, we need to do the harm-based analysis. In this paper, we analyze the damage caused during cyber attacks from economic and political point of view and by inferring the attack intent could classify types of cyber attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.37-47
• /
• 2020

The In the 4^th industrial revolution, cyber space will evolve into hyper-connectivity, super-convergence, and super-intelligence due to the development of advanced information and communication technologies, which will connect the nation's core infrastructure into a single network. As applying the 4^th industrial revolution technology to the cyber attack technique, it is evolving in an intelligent and sophisticate method. In order to response intelligent cyber attacks, it is difficult to guarantee self-defense in cyberspace by policy-oriented, preplanned-centric and hierarchical cyber response strategies. Therefore, this research aims to propose a situation-flexible & action-oriented cyber response mechanism that can respond flexibly by selecting the most optimal smart security solution according to changes in the cyber attack steps. The proposed cyber response mechanism operates the smart security solutions according to the action-oriented detailed strategies. In addition, artificial intelligence-based decision-making systems are used to select the smart security technology with the best responsiveness.

• Journal of the Korea Society for Simulation
• /
• v.13 no.3
• /
• pp.11-20
• /
• 2004

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (i) it is able to analyze behaviors of systems being emerged by interaction between functional elements of network components, (ii) it is able to analyze vulnerability in quantitative manner, and (iii) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.