• Title/Summary/Keyword: cyber-attack

Search Result 488, Processing Time 0.023 seconds

A Study on Defense and Attack Model for Cyber Command Control System based Cyber Kill Chain (사이버 킬체인 기반 사이버 지휘통제체계 방어 및 공격 모델 연구)

  • Lee, Jung-Sik;Cho, Sung-Young;Oh, Heang-Rok;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.22 no.1
    • /
    • pp.41-50
    • /
    • 2021
  • Cyber Kill Chain is derived from Kill chain of traditional military terms. Kill chain means "a continuous and cyclical process from detection to destruction of military targets requiring destruction, or dividing it into several distinct actions." The kill chain has evolved the existing operational procedures to effectively deal with time-limited emergency targets that require immediate response due to changes in location and increased risk, such as nuclear weapons and missiles. It began with the military concept of incapacitating the attacker's intended purpose by preventing it from functioning at any one stage of the process of reaching it. Thus the basic concept of the cyber kill chain is that the attack performed by a cyber attacker consists of each stage, and the cyber attacker can achieve the attack goal only when each stage is successfully performed, and from a defense point of view, each stage is detailed. It is believed that if a response procedure is prepared and responded, the chain of attacks is broken, and the attack of the attacker can be neutralized or delayed. Also, from the point of view of an attack, if a specific response procedure is prepared at each stage, the chain of attacks can be successful and the target of the attack can be neutralized. The cyber command and control system is a system that is applied to both defense and attack, and should present defensive countermeasures and offensive countermeasures to neutralize the enemy's kill chain during defense, and each step-by-step procedure to neutralize the enemy when attacking. Therefore, thist paper proposed a cyber kill chain model from the perspective of defense and attack of the cyber command and control system, and also researched and presented the threat classification/analysis/prediction framework of the cyber command and control system from the defense aspect

A Study on Graph-Based Heterogeneous Threat Intelligence Analysis Technology (그래프 기반 이기종 위협정보 분석기술 연구)

  • Ye-eun Lee;Tae-jin Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.3
    • /
    • pp.417-430
    • /
    • 2024
  • As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.

Design and Implementation of Cyber Attack Simulator based on Attack Techniques Modeling

  • Kang, Yong Goo;Yoo, Jeong Do;Park, Eunji;Kim, Dong Hwa;Kim, Huy Kang
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.3
    • /
    • pp.65-72
    • /
    • 2020
  • With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

Prospection of Power IT networks (전력 IT 네트워크 보안 전망)

  • Kim, Hak-Man;Kang, Dong-Joo
    • Proceedings of the KIEE Conference
    • /
    • 2007.11b
    • /
    • pp.294-295
    • /
    • 2007
  • The importance of security is increased in power industry. Recently Power IT networks are attacked in cyber space and demage of attack become increased. For solving the problems, many research studies for network security enhancement are globally carried out in the world. In this paper, we introduce recent cyber attack cases, efforts for enhancing cyber safeness and put into perspective of potential security areas for power IT areas.

  • PDF

North Korea's cyber organization-related information research (Based on organization status and major attack cases) (북한의 사이버조직 관련 정보 연구 (조직 현황 및 주요 공격사례 중심으로))

  • Kim, Jin Gwang
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2020.07a
    • /
    • pp.111-114
    • /
    • 2020
  • 우리나라에 대한 사이버 공격의 배후로 추정되는 북한의 사이버조직에 우리는 얼마나 알고 있을까? 사이버 공간의 특성상 공격 흔적이 남지 않기에 언론사들은 북한의 사이버조직과 관련하여 일관된 정보를 거의 제공하지 못하고 있다. 따라서 갈수록 진화하는 북한의 사이버 공격에 효과적으로 대비하기 위해 본 논문에서는 비록 인터넷에 공개된 자료(논문, 기사 등)라 할지라도 이를 통해서 북한 사이버조직 현황 및 주요 공격사례를 중심으로 관련 정보를 살펴보고자 한다.

  • PDF

Securing a Cyber Physical System in Nuclear Power Plants Using Least Square Approximation and Computational Geometric Approach

  • Gawand, Hemangi Laxman;Bhattacharjee, A.K.;Roy, Kallol
    • Nuclear Engineering and Technology
    • /
    • v.49 no.3
    • /
    • pp.484-494
    • /
    • 2017
  • In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.

Using Machine Learning Techniques for Accurate Attack Detection in Intrusion Detection Systems using Cyber Threat Intelligence Feeds

  • Ehtsham Irshad;Abdul Basit Siddiqui
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.4
    • /
    • pp.179-191
    • /
    • 2024
  • With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

A Countermeasures on the Cyber Terror for the National Key Organizations (정부 주요기관에 대한 사이버 공격의 대처 방법)

  • Lee, Young-Gyo;Park, Joong-Soon
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.4 no.2
    • /
    • pp.39-47
    • /
    • 2008
  • As internet is spreaded widely, the number of cyber terror using hacking and virus is increased. Also the international cyber terror to the national key organizations go on increasing. If the national key organizations is attacked by the attack, the national paper, document and records are exposed to the other nations. The national paper, document and records can give damage to the nation. Especially, the unknown attack can give much damage to the nation. Therefore, this paper suggested a countermeasures on the cyber terror for the national key organizations provided the inner of the organization is safe. The uneffective item and invasion privacy item are included among the countermeasures. However the countermeasures can protect only one cyber terror to the national key organizations.

A Study on North Korea's Cyber Attacks and Countermeasures (북한의 사이버공격과 대응방안에 관한 연구)

  • Chung, Min Kyung;Lim, Jong In;Kwon, Hun Yeong
    • Journal of Information Technology Services
    • /
    • v.15 no.1
    • /
    • pp.67-79
    • /
    • 2016
  • This study aims to present the necessary elements that should be part of South Korea's National Defense Strategy against the recent North Korean cyber-attacks. The elements proposed in this study also reflect the recent trend of cyber-attack incidents that are happening in the Unites States and other countries and have been classified into the three levels of cyber incidents: cyberwarfare, cyberterrorism and cybercrime. As such, the elements proposed are presented in accordance with this classification system. In order to properly take into account the recent trend of cyber-attacks perpetrated by North Korea, this paper analyzed the characteristics of recent North Korean cyber-attacks as well as the countermeasures and responses of South Korea. Moreover, by making use of case studies of cyber-attack incidents by foreign nations that threaten national security, the response measures at a national level can be deduced and applied as in this study. Thus, the authors of this study hope that the newly proposed elements here within will help to strengthen the level of Korea's cyber security against foreign attacks, specifically that of North Korea such as the KHNP hacking incidents and so on. It is hoped that further damage such as leakage of confidential information, invasion of privacy and physical intimidation can be mitigated.

Application of STPA-SafeSec for a cyber-attack impact analysis of NPPs with a condensate water system test-bed

  • Shin, Jinsoo;Choi, Jong-Gyun;Lee, Jung-Woon;Lee, Cheol-Kwon;Song, Jae-Gu;Son, Jun-Young
    • Nuclear Engineering and Technology
    • /
    • v.53 no.10
    • /
    • pp.3319-3326
    • /
    • 2021
  • As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.