• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.19-26
• /
• 2020

The purpose of this paper is to ccompare and analyze North Korean cyber attacks and our responses by government, from the Roh Moo-hyun administration to the Moon Jae-in administration. The current conflict of interests on the Korean peninsula, such as the United States, China, and Russia, is leading to a conflict for the leadership of a new world order in cyberspace. Cyber attacks are accelerating and threats are rising. Cyber threats exhibit several characteristics. Above all, it is difficult to identify or track the subject of the threat. Also, with the development of information and communication technology, attack technology has become more intelligent, and it is not easy to prepare a means to respond. Therefore, it is necessary to improve continuous and preemptive response capacity for national cybersecurity, and to establish governance among various actors, such as international cooperation between countries or private experts.

• Korean Security Journal
• /
• no.9
• /
• pp.237-260
• /
• 2005

Development of IT technology as well as arrival of information-oriented society raise the curtain of 'the era of Ubiquitous Computing', implying accessing computers beyond boundary of time and space. In this era, it is expected that IT paradigms and life-styles would be transformed immensely above the experiences of 20th century. However, improvement of technology summons a new risk of cyber terrorism which have not been in the past. Thus, it is urgent to prepare for the threats in the national level. This paper point out five major threats relating to 'the security in the era of Ubiquitous Computing'. : First, spread of threats in connection with BcN establishment, second, vulnerable information-security for wireless communication, third, leakage of private information, fourth, cyber terror and deterioration of security, fifth, security problems of Korea including the drain of military information and solutions in the views of organization, personnel, technology and budget, comparing with other countries.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.6
• /
• pp.807-816
• /
• 2018

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.

• Review of KIISC
• /
• v.24 no.5
• /
• pp.39-45
• /
• 2014

최근, 에너지, 정보통신, 방위산업, 정부, 금융 등 국가기반시설(national critical infrastructures)들에 대한 사이버 보안 위협이 급격히 증가하고 있으며 이에 대응하기 위해 미국을 비롯한 주요 국가에서는 감시제어 및 데이터 취득 시스템(SCADA: Supervisory Control and Data Acquisition)에 대한 사이버 보안에 많은 노력을 기울이고 있다. 특히, 주요 국가 기반시설은 다양한 실시간 분산 제어시스템 및 네트워크를 통해 사이버 세계(cyber world)와 물리적 세계(physical world)를 연계한다. 하지만 이 같은 역동성(dynamic), 확장성(scalability), 다양성(diversity)으로 특징지어질수 있는 실시간 분산 제어시스템간의 상호연결과 연동을 통해 구성되는 해당시설은 기존의 보안기술 적용을 통해 보안성향상을 기대할 수 없다. 따라서 본고에서는 실시간 분산 제어시스템과 다양한 네트워크로 구성되는 기반시설들을 대상으로 하는 여러 가지 보안 위협 및 특징을 소개하고 이에 대응하기 위한 전략 및 연구기술 동향을 간략히 서술한다.

• Electronics and Telecommunications Trends
• /
• v.30 no.5
• /
• pp.118-128
• /
• 2015

최근 인터넷을 기반으로 사이버상에서 개인정보 유출, 금융사기, Distributed Denial of Service(DDoS) 공격, Advanced Persistent Threat(APT) 공격 등 사이버 위협이 지속적으로 발생하고 있으며, 공격의 형태는 다양하지만 모든 공격에는 악성코드가 원인이 되고 있다. 또한 기하급수적으로 증가하는 강력한 사이버 공격에 대처하기 위해 사전에 이를 방어 할 수 있는 적극적인 방어 기술이 요구되고 있다. 본고에서는 사이버공격 대응을 위하여 새로운 악성코드 탐지기술로 최근 관심을 받고 있는 사이버게놈 기술에 대한 개념과 국내외 관련 기술 및 연구동향에 대하여 살펴본다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.264-266
• /
• 2015

Currently as cyber threats grow up targeting nuclear power plants(NPP), licensees must guarantee that computer and information systems of nuclear facilities can be adequately protected against cyber attack. Especially critical system that cause illegal transfer of nuclear material and adverse impact to public safety need protecting. In this paper, we surveying the cyber threat examples targeted at NPP, and taxonomy the method of cyber security for NPPs in korea through analyzing the methodology to identify critical system and address cyber security controls for nuclear facilities.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.39-45
• /
• 2020

Despite the increasing interest in cyber security in recent years, the emergence of new technologies has led to a shortage of professional personnel to efficiently perform the cyber security. Although various methods such as cyber rage are being used to cultivate cyber security experts, there are problems of limitation of virtual training system, scenario-based practice content development and operation, unit content-oriented development, and lack of consideration of learner level. In this paper, we develop a fuzzy rule-based user-customized training scenario automatic generation system for improving user's ability to respond to infringement. The proposed system creates and provides scenarios based on advanced persistent threats according to fuzzy rules. Thus, the proposed system can improve the trainee's ability to respond to the bed through the generated scenario.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.39-54
• /
• 2022

Recently, the importance of collecting, analyzing, and real-time sharing of various cybersecurity data has emerged in order to effectively respond to intelligent and advanced cyber threats. To cope with this situation, Korea is making efforts to expand its cybersecurity data sharing system, but many private companies are unable to participate in the cybersecurity data sharing system due to a lack of budget and professionals to collect cybersecurity data. In order to solve such problems, this paper analyzes the research and development trends of existing domestic and foreign cyber security data sharing systems, and based on that, propose a cybersecurity data sharing system model with a hierarchical structure that considers the size of the organization and a step-by-step security policy that can be applied to the model. In the case of applying the model proposed in this paper, it is expected that various private companies can expand their participation in cybersecurity data sharing systems and use them to prepare a response system to respond quickly to intelligent security threats.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.60-69
• /
• 2013

Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.