• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.793-799
• /
• 2021

Recently, there has been a growing interest in threat hunting presented to overcome the limitations of existing security solutions. Threat hunting is generally recognized as a technique for identifying and eliminating threats that exit inside the system. But, the definition is not clear, so there is confusion in terms with penetration testing, intrusion detection, and incident analysis. Therefore, in this paper, compare and analyze the definitions of threat hunting extracted from reports and papers to clarify their implications and compare with defense techniques.

• The Transactions of the Korea Information Processing Society
• /
• v.13 no.6
• /
• pp.278-283
• /
• 2024

When implementing software, there can be side effects that pose a threat to human life. Therefore, it is necessary to measure the impact of software on safety and create alternatives to mitigate and prevent threats. To conduct a software safety assessment to measure the impact of threat factors, the following components are necessary. This paper aims to classify the threat factors of software into internal and external factors and quantitatively demonstrate the impact of these threat factors.

• 치위협보
• /
• s.27
• /
• pp.1-12
• /
• 1999

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.69-86
• /
• 2003

A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.47-57
• /
• 2014

In order to publicly notify the information security (Internet or Cyber) threat level, the security companies have developed the Threat Meters. As the physical security devices are getting more intelligent and can be monitored and managed through networks, we propose a physical security threat meter (PSTM) to determine the current threat level of physical security; that is a very similar compared with the one of information security. For this purpose, we investigate and prioritize the physical security events, and consider the impact of temporal correlation among multiple security events. We also present how to determine the threshold values of threat levels, and then propose a practical PSTM using the threshold based decision. In particular, we show that the proposed scheme is fully implementable through showing the block diagram in detail and the whole implementation processes with the access controller and CCTV+video analyzer system. Finally the simulation results show that the proposed PSTM works perfectly under some test scenarios.

• Journal of Internet Computing and Services
• /
• v.13 no.5
• /
• pp.21-31
• /
• 2012

Threat Evaluation(TE) which has air intelligence attained by identifying friend or foe evaluates the target's threat degree, so it provides information to Weapon Assignment(WA) step. Most of TE data are passed by sensor measured values, but existing techniques(fuzzy, bayesian network, and so on) have many weaknesses that erroneous linkages and missing data may fall into confusion in decision making. Therefore we need to efficient Threat Evaluation system that can refine various sensor data's linkages and calculate reliable threat values under unpredictable war situations. In this paper, we suggest new threat evaluation system based on information fusion JDL model, and it is principle that combine fuzzy which is favorable to refine ambiguous relationships with bayesian network useful to inference battled situation having insufficient evidence and to use learning algorithm. Finally, the system's performance by getting threat evaluation on an air defense scenario is presented.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.115-123
• /
• 2020

Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.53-68
• /
• 2017

Today, information sharing is recognized as a means to effectively prevent cyber attacks, which are becoming more intelligent and advanced, so that many countries such as U.S., EU, UK, Japan, etc. are establishing cyber threat information sharing system at national level. In particular, the United States has enacted the "Cyber Threat Information Sharing Act (CISA)" in December 2015, and has been promoting the establishment of a legal and institutional basis for sharing threat information and the implementation of the system. Korea is sharing cyber threat information in public and private sectors mainly through the National Cyber Security Center(NCSC) and the Korea Internet & Security Agency(KISA). In addition, Korean government is attempting to strengthen and make legal basis for unified cyber threat information sharing system through establishing policies. However, there are also concerns about issues such as leakage of sensitive information of companies or individuals including personal identifiable information that may produced during the cyber threat information sharing process, reliability and efficiency issues of the main agents who gather and manage information. In this paper, we try to derive improvement plans and implications by comparing and analyzing cyber threat information sharing status between U.S. and Korea.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.351-362
• /
• 2010

In Korea, national information infrastructure has been grown well because of the rapid growth and supply of Internet, but threats of cyber terror and cyber war are also increasing. Cyber attacks on knowledge information society threaten industry, economy and security. Major countries realize that cyber attacks can cause national heavy loss. So, they are trying to adopt policy on their cyber safe. And natural environmental crisises are increasing around the world. Countries such as India and Philippine in which tsunami, typhoon and earthquake are often occurring have national systematic disaster management system that can prevent and recover. We need systematic management for prevention and recovery from cyber terror, and need to establish national cyber disaster management system. Therefore, in this paper, we analyze major countries's cyber security policy and suggest a method of establishing the national cyber disaster management system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.22 no.6
• /
• pp.715-721
• /
• 2012

A threat evaluation is the technique which decides order of priority about tracks engaging with enemy by recognizing battlefield situation and making it efficient decision making. That is, in battle situation of multiple target it makes expeditious decision making and then aims at minimizing asset's damage and maximizing attack to targets. Threat value computation used in threat evaluation is calculated by sensor data which generated in battle space. Because Battle situation is unpredictable and there are various possibilities generating potential events, the damage or loss of data can make confuse decision making. Therefore, in this paper we suggest that substantial threat value calculation using learning bayesian network which makes it adapt to the varying battle situation to gain reliable results under given incomplete data and then verify this system's performance.