Browse > Article

Definition of aggressive response scale through quantitative evaluation of cyber attack  

Hong, Byoungjin (아주대학교 / NCW학과)
Lim, Jaesung (아주대학교 / NCW학과)
Kim, Wanju (아주대학교 / NCW학과)
Cho, Jaemyoung (아주대학교 / NCW학과)
Publication Information
Convergence Security Journal / v.17, no.4, 2017 , pp. 17-29 More about this Journal
Abstract
Various cyber attacks against our society and the government are continuing, and cases and damages are reported from time to time. And the area of cyber attack is not limited to cyberspace, but it is expanding into physical domain and affecting it. In the military arena, we have established and implemented the principle of responding proportionally to enemy physical attacks. This proportionality principle is also required in the version where the region is expanding. In order to apply it, it is necessary to have a quantitative and qualitative countermeasure against cyber attack. However, due to the nature of cyber attacks, it is not easy to assess the damage accurately and it is difficult to respond to the proportionality principle and the proportional nature. In this study, we calculated the damage scale by quantitatively and qualitatively evaluating the cyber attack damage using the Gorden-Lobe model and the security scoring technique based on the scenario. It is expected that the calculated results will be provided as appropriate level and criterion to counteract cyber attack.
Keywords
Cyber attack damage evaluation; aggressive response; Gorden-Lobe model; security scoring technique; proportionality principle;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 KISA, "Special Report of WannaCry Analysis", pp80-85, 2017.
2 Sysmantec, "WannaCry : Ransomware attacks show strong links to Lazarus group", https://www.symantec.com/, 2017.
3 Richard B. Andres, "The Emerging Structure of Strategic Cyber Offense, Cyber Defense, and Cyber Deterrence," in Derek S. Reveron (ed.) Cyber space and National Security : Threats, Opportunities, and Power in a Virtual World, Washington DC : Georgetown University Press, 2012.
4 Jeffrey Hunker, Bob Hutchinson, and Jonathan Margulies, "Role and Challenges for Sufficient Cyber-Attack Attribution," Dartmouth College : Institute for Information Infrastructure Protection, January 2008.
5 Hyo-young Lim, Wan-ju Kim, Hong-jun Noh, Jae-sung Lim. "Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups". Journal of KICS, 42(1), 193-204. 2017   DOI
6 Wanju Kim, Changwook Park, Soojin Lee, Jaesung Lim, "Methods for Classification and Attack Prediction of Attack Groups based on Framework of Cyber Defense Operations", Journal of KIISE : Computing Practices and Letters 20(6), pp. 317-328, Jun. 2014.
7 KISA, "Cyber Threat Trend in 2016 and 7 Cyber Threat Forecasts in 2017", 2017.
8 Gordon, Lawrence A, and Martin P. Loeb. "The economics of information security investment.", ACM Transactions on Information and System Security (TISSEC) 5.4, pp438-457, 2002.   DOI
9 Wansoo Cho, Taekyu Kim, Yonghyun Kim. "Modeling and Simulation of Cyber Damage Assessment for Cyber Warfare Effectiveness Analysis", Proceedings of Spring Conference of KIIE, pp 3119-3125. 2016.
10 Yoon Jong-Sung et al., "Influence Indicator Research and Development Trend Analysis Report", ADD, ADDR-525-150921, 2015.
11 Kim Tae-Kyu et al.. "Research on Matrix of Measurement of Effectiveness(MOEs) and Measurement of Performance(MOPs) for Cyber Threat and Defense Behavior on Cyberwarfare Simulation", Proceedings of Spring Conference of KIIE, pp3114-3118. 2016.
12 Danyliw, Roman, Jan Meijer, and Yuri Demchenko. "The incident object description exchange format." 2007.
13 Ostler, Ryan. "Defensive cyber battle damage assessment through attack methodology modeling", Air Force Inst of Tech Wright-patterson AFB of Graduate School of Engineering and Management, 2011.
14 Denning, D. "Assessing Cyber War. Assessing War: The Challenge of Measuring Success and Failure", Blanken, L., Ed, 266-284. 2015
15 Kotenko, Igor, and Andrey Chechulin. "A cyber attack modeling and impact assessment framework.", Cyber Conflict (CyCon), 2013 5th International Conference on. IEEE, 2013.
16 국방부, 국방부훈령 제1057호(국가 중요시설 지정 및 방호 훈령), 2009.
17 OWASP, "The OWASP Risk Rating Methodology", https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, 2017
18 FIRST, "Common Vulnerability Scoring System Version 3.0 Calculator", https://www.first.org/cvss/calculator/3.0, 2017
19 Jong-in Lim et al., Korea Univ., "Research on development of cyber threat scenarios and countermeasures", 2014.
20 NIST, "Special Publication 800-30, Risk Management Guide for Information Technology Systems", July 2002.