• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.1881-1882
• /
• 2008

글로벌시대 '세계는 사이버 전쟁중이다'. 사이버냉전이 시작된 것이다. 해커들의 공격에 각국 정부 당국들이 전전긍긍하면서 대응책 마련에 부심하고 있다. 그런 가운데에서도 미 국방부와 국무부가 해커들에 뚫리는가 하면 영국, 독일, 프랑스의 정부 및 주요기간 전산망들을 해커들이 휘젓고 다니고 있어 보안에 빨간 불이 켜진 상태다. 더욱이 우리나라는 유럽 등으로부터 받는 공격도 적지 않지만 중국, 미국이 연습 상대나 놀이터쯤으로 여기고 있는 상대”라고 한다. 인터넷 보급률 세계 1위 명성에 걸 막게 네트워크 구성, 주요 전산망 연결이 얼마나 잘되어 있는가? 충분이 세계 해커들의 시험대상이 되기 충분하다. 이러한 상태에서 사이버 역기능에 대한 해결방안은 주기적 분석.대응 활동을 통해 보안대책을 신속히 추진하는 길만이 사이버안전을 지키는 일이다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.119-122
• /
• 2019

최근 웹 변조 공격은 대형 포탈, 은행, 학교 등 접속자가 많은 홈페이지에 악성 URL을 불법 삽입하여 해당 URL을 통해 접속자 PC에 자동으로 악성코드 유포하고 대규모 봇넷(botnet)을 형성한 후 DDoS 공격을 수행하거나 감염 PC들의 정보를 지속적으로 유출하는 형태로 수행된다. 이때, 홈페이지에 삽입되는 악성 URL은 탐지가 어렵도록 Javascript 난독화 기법(obfuscation technique) 등으로 은밀히 삽입된다. 본 논문에서는 웹 소스코드에 은닉된 악성 Javascript URL들에 대한 일괄 점검체계를 제안하며, 구현된 점검체계의 prototype을 활용하여 점검성능에 대한 시험결과를 제시한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.9
• /
• pp.1666-1673
• /
• 2017

Republic of Korea is divided into South Korea and North Korea, creating military conflicts and social conflicts. North Korea is conducting cyberattacks against South Korea and has hacked South Korea's defense network. In the world of cyberspace, the boundaries of the borders are becoming obscured, and cyberattacks and cyberterrorism for cyberwarfare operate with digital computing connected to points, time and space. Agenda and manual are needed for national cybersecurity. Also, it is necessary to study national cybersecurity laws and policies that can create and implement nationalcyber security policy. This paper investigates cyberterrorism situation in North and South Korean confrontation situation and damage to cyberwarfare in the world. We also study cybersecurity activities and cyberwarfare response agendas, manuals and new technologies at home and abroad. And propose national cybersecurity policy and propose policies so that '(tentative) The National Cybersecurity Law' is established. This study will be used as basic data of national cybersecurity law and policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1027-1037
• /
• 2019

Conventional cyber-attack detection solutions are generally based on signature-based or malicious behavior analysis so that have had difficulty in detecting unknown method-based attacks. Since the various information occurring all the time reflects the state of the system, by modeling it in a steady state and detecting an abnormal state, an unknown attack can be detected. Since a variety of system information occurs in a string form, word embedding, ie, techniques for converting strings into vectors preserving their order and semantics, can be used for modeling and detection. Novelty Detection, which is a technique for detecting a small number of abnormal data in a plurality of normal data, can be performed in order to detect an abnormal condition. This paper proposes a method to detect system anomaly by cyber attack using embedding and novelty detection.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.2
• /
• pp.179-187
• /
• 2023

APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. 'Cyberattack Tracing System' allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.99-111
• /
• 2022

With current battlefield environment relying heavily on Network Centric Warfare(NCW), existing weaponary systems are evolving into a new concept that converges IT technology. Majority of the weaponary systems are implemented with numerous embedded softwares which makes such softwares a key factor influencing the performance of such systems. Furthermore, due to the advancements in both IoT technoogies and embedded softwares cyber threats are targeting various embedded systems as their scope of application expands in the real world. Weaponary systems have been developed in various forms from single systems to interlocking networks. hence, system level cyber security is more favorable compared to application level cyber security. In this paper, a secure real-time operating system has been designed, implemented and measured to protect embedded softwares used in weaponary systems from unknown cyber threats at the operating system level.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.67-75
• /
• 2019

Recently, the Ministry of National Defense has included embedded software for weapon systems as targets for the Defense cyber security. The Concept has been extended and evolved from the cyber security area that was previously limited to the information domain. The software is becoming increasingly important in weapon systems, and it is clear that they are subject to cyber threats. Therefore, We would like to suggest a improvement direction by diagnosing problems in terms of cyber security of the weapon systems for the life cycle. In order to improve cyber security of weapon systems, comprehensive policy including the weapon embedded software management should be established and the involved stakeholder should be participated in the activities.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.131-139
• /
• 2023

In recent years, there have been frequent incidents of invasion of national defense networks by insiders. This trend can be said to disprove that the physical network separation policy currently applied by the Korea Ministry of National Defense can no longer guarantee military cyber security. Therefore, stronger cybersecurity measures are needed. In this regard, Zero Trust with a philosophy of never trusting and always verifying is emerging as a new alternative security paradigm. This paper analyzes the zero trust establishment trends currently being pursued by the US Department of Defense, and based on the implications derived from this, proposes a zero trust establishment plan tailored to the Korean military. The zero trust establishment plan tailored to the Korean military proposed in this paper includes a zero trust establishment strategy, a plan to organize a dedicated organization and secure budget, and a plan to secure zero trust establishment technology. Compared to cyber security based on the existing physical network separation policy, it has several advantages in terms of cyber security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.281-292
• /
• 2017

It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2018

Theorists of war have often used Clausewitz's trinity theory as a framework for analyzing war strategies and histories. Heretofore, studies on cyber warfare have focused primarily on laws, policies, structuring organizations, manpower, and training pertaining to preparing the cyberspace for war. Currently, studies highlighting the comparative characteristics of war in cyberspace, how it differs from conventional warfare, and analytical frameworks for understanding war in cyberspace are rare. Using Clausewitz's trinity theory, this paper interprets the essence of war from the perspectives of (1) Intellect, (2) Bravery, and (3) Passion, to propose an analytical model for understanding war in cyberspace, one that factors in the intrinsic qualities and characteristics of cyberspace under spatial and temporal constraints. Furthermore, this paper applies the aforementioned analytical model to the Iraq War and concludes with a theoretical illustration that cyber warfare played a significant role in winning the war.