• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.4
• /
• pp.551-561
• /
• 2018

Footprint is defined as ground area that is projected from the outer edges of the battle space protected by a defence system. This concept can be effectively used for making decisions on site selection of anti missile systems to defend against enemy's ballistic missiles. In this paper, simulations of ballistic missile trajectories based on various launch conditions are performed first and then the footprint is derived with engagement zone set as a boundary condition. Results of the simulation with various relative positions between the defense system and defended asset are also presented. The proposed method, in which the trajectories are generated based on launch point of the ballistic missile, has an advantage of approximating the defended area close to reality. Two applications are introduced in the present paper to describe how the derivation of defended area could be utilized in deployment decision of defense systems.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.15-26
• /
• 2022

Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.962-965
• /
• 2010

분산 서비스 거부 공격은 인터넷이 매우 발달한 현대 시대에 큰 위협으로 등장하였다. 분산 서비스 거부 공격은 단순히 정상적인 서비스 제공이 어렵다는 문제만 아니라 어디서부터 시작된 공격인지, 어떤 경로를 통해서 공격이 진행되는지 알아내기가 힘들다는 점에서 공격을 방어하기가 매우 어려운 문제에 직면하게 된다. 또한 공격의 목표가 DNS 서버 또는 백본 라우터 등이 된다면 인터넷 서비스 자체도 힘들어 질 수 있다. 이러한 이유로 분산 서비스 거부 공격 방어 시스템이 개발되어야할 필요성이 높아지게 된다. 본 논문에서는 분산 서비스 거부 공격을 방어하기 위해 필요한 공격의 검출, 특히 폭주 분산 서비스 거부 공격을 검출해 내기 위해 플로우 정보를 이용하는 방법을 제시한다. 폭주 분산 서비스 거부 공격의 성능은 일반적인 네트워크 트래픽을 이용해 평가하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.302-305
• /
• 2024

딥 러닝 기술의 급속한 발전과 더불어, 이를 활용한 모델들에 대한 보안 위협도 증가하고 있다. 이들 중, 모델의 입출력 데이터를 이용해 내부 구조를 복제하려는 모델 추출 공격은 딥 러닝 모델 훈련에 높은 비용이 필요하다는 점에서 반드시 막아야 할 중요한 위협 중 하나라고 할 수 있다. 본 연구는 다양한 모델 추출 공격 기법과 이를 방어하기 위한 최신 연구 동향을 종합적으로 조사하고 분석하는 것을 목표로 하며, 또한 이를 통해 현재 존재하는 방어 메커니즘의 효과성을 평가하고, 향후 발전 가능성이 있는 새로운 방어 전략에 대한 통찰력을 제공하고자 한다.

• Defense and Technology
• /
• no.6 s.160
• /
• pp.26-33
• /
• 1992

SDI에서 GPALS로의 전환은 미국의 안보 전략의 변화이자, SDI 계획의 돌파구를 마련하기 위한 시도로 보여진다. GPALS가 표방하는 목표는 소련뿐만 아니라 제3세계 국가들에 의한 고의적, 우발적, 또는 비인가된 미사일 공격에 대해 미국 본토 및 해외 주둔 미군, 그리고 우방국 및 동맹국 등을 방호한다는 것이다. 따라서 GPALS로 인해 SDI는 최초의 논리인 "방호"로 복귀한 셈이다

• Defense and Technology
• /
• no.1 s.275
• /
• pp.22-31
• /
• 2002

한국의 해군력 건설 방향은 미래 해양 안보환경과 국가경제력에 상응함은 물론 주변국 해군에 대해 균형자적 역할을 담당할 수 있는 정예 해군력으로 건설해야 할 것이다. 이런 의미에서 수상 전투함은 높은 안정성, 고감도 탐지 장비와 함정 전투체계에 의한 성분작전 수행 능력 및 전역 탄도미사일 방어를 위한 탐지, 추적, 요격 및 실시간 지휘통제를 위한 함정 전투체계의 능력완비 등을 목표로 개발해 나가야 할 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Maritime Security
• /
• v.1 no.1
• /
• pp.61-92
• /
• 2020

This paper attempts to examine the changes in China's naval strategy and to analyze the goal, range, and method of each strategy during the Xi Jinping's era. Since the founding of New China, the People's Liberation of Army Navy(PLAN) has made four changes in the naval strategy. Under Xi Jinping's administration, China's naval strategy is far seas operation combined with near seas active defense. Now, China's naval strateg y is shifting from a defensive to an aggressive one, increasing the proportion of offensive weapon systems and the number of state-of-the-art warships, and the scope of the naval strategy has been specified in the second island chain including the Indian Ocean. With the changes of naval strategy, the PLAN will set a new strategic goal to secure maritime dominance and implement an assertive strategy to actively respond to the intervention and intrusion of external forces. Moreover, the PLAN will also improve its sea-based deterrence force and the maneuver force to block other countries in the long-distance maritime conflict zones. The operation method of China's future naval strateg y will gradually shift from 'interdiction' to 'rapid-response.'

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1021-1031
• /
• 2023

State-sponsored cyber attacks are highly impactful because they are carried out to achieve pre-planned goals. As a defender, it is difficult to respond to them because of the large scale of the attack and the possibility that unknown vulnerabilities may be exploited. In addition, overreacting can reduce the availability of users and cause business disruption. Therefore, there is a need for a response policy that can effectively defend against attacks while ensuring user availability. To solve this problem, this paper proposes a method to collect the number of processes and sessions of defense assets in real time and use them for learning. Using this method to learn reinforcement learning-based policies on a cyber attack simulator, the attack duration based on 100 time-steps was reduced by 27.9 time-steps and 3.1 time-steps for two attacker models, respectively, and the number of "restore" actions that impede user availability during the defense process was also reduced, resulting in an overall better policy.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2649-2656
• /
• 2012

Today, many enterprises have invested heavily for the part of information security in order to protect the internal critical information assets and the business agility. However, there is a big problem that big budget and too many manpower are needed to set the internal corporate network up to the same high level of defense for all of part. On the distributed enterprise networks in this paper, a defense model for effective and rapid response on the IP spoofing attack was designed to protect the enterprise network through the exchange of information between the trust hosts when an attacker attacked any target system using other trusted host.