• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.191-199
• /
• 2020

Cyber warfare training is a key factor for boosting cyber warfare competence. In general, cyber warfare training is conducted by scenarios, and the effects of training can be enhanced by including various elements in the scenarios that can improve the quality of training. In this paper, we introduce the training information, network map, traffic generation policy, threat/defense behavior identified as elements to be included in training scenarios, and propose a method of authoring training scenarios by layering and combining them. We also propose a database design for integrated management of each scenario layer. The layered training scenario authoring method has the advantage of increasing convenience of authoring by reusing existing layers and extending training scenarios based on various combinations between the layers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.533-540
• /
• 2016

It is important to establish the environment for cyber warrior training, testing support and effectiveness analysis in order to cope with sharply increasing cyber threat. However, those practices cannot be easily performed in real world and are followed with many constraints. In this paper, we propose a live/virtual M&S-based system for training/testing and constructive M&S-based system for effectiveness analysis to provide an environment similar to real world. These can be utilized to strengthen the capability to carry out cyber war and analyze the impact of cyber threat under the large-scale networks.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.71-80
• /
• 2020

In order to provide realistic traffic to the cyber warfare training system, it is necessary to prepare a traffic distribution plan in advance and to create a training data set using normal/threat data sets. This paper presents the design and implementation results of a method for creating a traffic distribution plan and a training data set to provide background traffic like a real environment to a cyber warfare training system. We propose a method of a traffic distribution plan by using the network topology of the training environment to distribute traffic and the traffic attribute information collected in real and simulated environments. We propose a method of generating a training data set according to a traffic distribution plan using a unit traffic and a mixed traffic method using the ratio of the protocol. Using the implemented tool, a traffic distribution plan was created, and the training data set creation result according to the distribution plan was confirmed.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.23 no.3
• /
• pp.267-276
• /
• 2020

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a stateful traffic generator that provide network background traffic for cyber warfare training. The proposed architecture is designed for generating traffic similar to real system traffic, so the trainee can perform more realistic training.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.43-53
• /
• 2009

In the information society, information security is a critical issue for defense cyber network system. This paper provides a result of a study on the defense cyber exercise system for cyber warfare. So far, defense cyber exercise system has been uneffective and is not systematic even if several exercises has been implemented. In order to overcome these problems, a systematic and integrated cyber exercise process is suggested. Under the suggested system, we expect that cyber exercise for cyber warfare will be implemented with more effective manner.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.6
• /
• pp.797-805
• /
• 2019

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2018

Theorists of war have often used Clausewitz's trinity theory as a framework for analyzing war strategies and histories. Heretofore, studies on cyber warfare have focused primarily on laws, policies, structuring organizations, manpower, and training pertaining to preparing the cyberspace for war. Currently, studies highlighting the comparative characteristics of war in cyberspace, how it differs from conventional warfare, and analytical frameworks for understanding war in cyberspace are rare. Using Clausewitz's trinity theory, this paper interprets the essence of war from the perspectives of (1) Intellect, (2) Bravery, and (3) Passion, to propose an analytical model for understanding war in cyberspace, one that factors in the intrinsic qualities and characteristics of cyberspace under spatial and temporal constraints. Furthermore, this paper applies the aforementioned analytical model to the Iraq War and concludes with a theoretical illustration that cyber warfare played a significant role in winning the war.

• Convergence Security Journal
• /
• v.16 no.6_1
• /
• pp.43-50
• /
• 2016

As North Korea has a sufficient ability to attack our society's vulnerable computer network, various large-scale cyber attacks are expected to be tried. North Korea's cyber military strength is known a world-class level. The number of its cyber agents is increasing consistently. Recently North Korea's cyber attack has been made regardless of trick and target. But up to now North Korea's cyber attack is more of an exploration than a real attack. Its purpose was to check how fast Korea found a problem and recovered from it. In future, cyber attack that damages substantially is highly probable. In case of an attack against national infrastructure like traffic, financial and energy services, the extent of the damage will be great beyond imagination. In this paper, characteristics of recent North Korea's cyber attack is addressed in depth and countermeasures such as the enactment of cyber terror prevention law, simulation training enforcement, private and public cooperation system construction, cyber security infrastructure expansion, etc. are proposed.