• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2199-2205
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.306-309
• /
• 2017

The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.71-80
• /
• 2023

Cyberspace has emerged as the fifth domain of warfare, alongside land, sea, air, and space. It has become a crucial focus for offensive and defensive military operations. Governments worldwide have demonstrated their intent to engage in offensive cyber operations within this domain. This paper proposes an innovative offensive cyber kill chain model that integrates the existing defensive strategy, the cyber kill chain model, with the joint air tasking order (ATO) mission execution cycle and joint target processing procedure. By combining physical and cyber operations within a joint framework, this model aims to enhance national cyber operations capabilities at a strategic level. The integration of these elements seeks to address the evolving challenges in cyberspace and contribute to more effective jointness in conducting cyber operations.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.91-101
• /
• 2020

We analyzed APT attack cases that occurred overseas in the past using a cyber kill chain model and a TTP model. As a result of the analysis, we found that the cyber kill chain model is effective in figuring out the overall outline, but is not suitable for establishing a specific defense strategy, however, TTP model is suitable to have a practical defense system. Based on these analysis results, it is suggested that defense technology development which is based on TTP model to build defense-in-depth system for preparing cyber attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1247-1258
• /
• 2018

The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.41-50
• /
• 2021

Cyber Kill Chain is derived from Kill chain of traditional military terms. Kill chain means "a continuous and cyclical process from detection to destruction of military targets requiring destruction, or dividing it into several distinct actions." The kill chain has evolved the existing operational procedures to effectively deal with time-limited emergency targets that require immediate response due to changes in location and increased risk, such as nuclear weapons and missiles. It began with the military concept of incapacitating the attacker's intended purpose by preventing it from functioning at any one stage of the process of reaching it. Thus the basic concept of the cyber kill chain is that the attack performed by a cyber attacker consists of each stage, and the cyber attacker can achieve the attack goal only when each stage is successfully performed, and from a defense point of view, each stage is detailed. It is believed that if a response procedure is prepared and responded, the chain of attacks is broken, and the attack of the attacker can be neutralized or delayed. Also, from the point of view of an attack, if a specific response procedure is prepared at each stage, the chain of attacks can be successful and the target of the attack can be neutralized. The cyber command and control system is a system that is applied to both defense and attack, and should present defensive countermeasures and offensive countermeasures to neutralize the enemy's kill chain during defense, and each step-by-step procedure to neutralize the enemy when attacking. Therefore, thist paper proposed a cyber kill chain model from the perspective of defense and attack of the cyber command and control system, and also researched and presented the threat classification/analysis/prediction framework of the cyber command and control system from the defense aspect

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.314-317
• /
• 2017

최근 ICT 기술이 발달함에 따라 전쟁의 양상이 물리적에서 사이버전으로 이동되고 있으며 이미 사이버 공간을 제 5의 전장으로 불리운다. 또한 오랜 기간 동안 단계적으로 준비 과정을 거쳐 공격하는 APT 사례가 증가함에 따라 공격 징후를 사전에 탐지해 선제 대응하는 사이버 킬 체인이라는 방안이 각광받고 있다. 이러한 사이버 킬 체인 중 가장 기초가 되는 감시/정찰을 수행하기 위한 방안을 연구하면서 적의 영역에 침투했다는 가정하에서 정보를 수집하는 프로그램을 설계 및 제작해 보았다.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.31-37
• /
• 2020

In this paper, we propose a system architecture and methodology based on cyber kill chain and MITRE ATT&CK for experiment analysis on cyber warfare simulation. Threat analysis is possible by applying various attacks that have actually occurred with continuous updates to reflect newly emerging attacks. In terms of cyber attack and defense, the current system(AS-IS) and the new system(TO-BE) are analyzed for effectiveness and quantitative results are presented. It can be used to establish proactive cyber COA(Course of Action) strategy, and also for strategic decision making. Through a case study, we presented the usability of the system architecture and methodology proposed in this paper. The proposed method will contribute to strengthening cyber warfare capabilities by increasing the level of technology for cyber warfare experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.779-791
• /
• 2021

Common web services have been continuously targeted by hackers due to an access control policy that must be allowed to an unspecified number of people. In order to cope with this situation, companies regularly check web vulnerabilities and take measures according to the risk of discovered vulnerabilities. The risk of these web vulnerabilities is calculated through preliminary statistics and self-evaluation of domestic and foreign related organizations. However, unlike static diagnosis such as security setting and source code, web vulnerability check is performed through dynamic diagnosis. Even with the same vulnerability item, various attack results can be derived, and the degree of risk may vary depending on the subject of diagnosis and the environment. In this respect, the predefined risk level may be different from that of the actual vulnerability. In this paper, to improve this point, we present a web vulnerability risk assessment model based on the attack result centering on the cyber kill chain.

• Journal of Digital Convergence
• /
• v.16 no.9
• /
• pp.179-185
• /
• 2018

Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.