• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.123-133
• /
• 2018

Cyber-Physical System (CPS) is a system in which a physical system and a cyber system are strongly integrated. In order to operate the target physical system stably, the CPS constantly monitors the physical system through the sensor and performs control using the actuator according to the current state. If a malicious attacker performs a forgery attack on the measured values of the sensors in order to conceal their attacks, the cyber system operated based on the collected data can not recognize the current operation status of the physical system. This causes the delay of the response of the automation system and the operator, and then more damage will occur. To protect the CPS from increasingly sophisticated and targeted attacks, countermeasures must be developed that can detect stealthy deception attacks. However, in the CPS environment composed of various heterogeneous devices, the process of analyzing and demonstrating the vulnerability to actual field devices requires a lot of time. Therefore, in this study, we propose a method of constructing the experiment environment of the PLCitM (PLC in the middle) which can verify the performance of the techniques to detect the CPS stealthy deception attack and present the experimental results.

• Nuclear Engineering and Technology
• /
• v.50 no.5
• /
• pp.780-787
• /
• 2018

This article presents a security module based on a field programmable gate array (FPGA) to mitigate man-in-the-middle cyber attacks. Nowadays, the FPGA is considered to be the state of the art in nuclear power plants I&C systems due to its flexibility, reconfigurability, and maintainability of the FPGA technology; it also provides acceptable solutions for embedded computing applications that require cybersecurity. The proposed FPGA-based security module is developed to mitigate information-gathering attacks, which can be made by gaining physical access to the network, e.g., a man-in-the-middle attack, using a cryptographic process to ensure data confidentiality and integrity and prevent injecting malware or malicious data into the critical digital assets of a nuclear power plant data communication system. A model-based system engineering approach is applied. System requirements analysis and enhanced function flow block diagrams are created and simulated using CORE9 to compare the performance of the current and developed systems. Hardware description language code for encryption and serial communication is developed using Vivado Design Suite 2017.2 as a programming tool to run the system synthesis and implementation for performance simulation and design verification. Simple windows are developed using Java for physical testing and communication between a personal computer and the FPGA.

• Journal of the Korea Society for Simulation
• /
• v.15 no.1
• /
• pp.87-95
• /
• 2006

We need to check into when a security system is newly developed, we against cyber attack which is expected in real network. However it is impossible to check it under the environment of a large-scale distributive network. So it is need to simulate it under the virtual network environment. SSFNet is a event-driven simulator which can be represent a large-scale network. Unfortunately, it doesn't have the module to simulate security functions. In this paper, we added the IDS module to SSFNet. We implement the IDS module by modeling a key functions of Snort. In addition, we developed some useful functions using Java language which can manipulate easily a packet for network simulation. Finally, we performed the simulation to verify the function if our developed IDS and Packets Manipulation. The simulation shows that our expanded SSFNet can be used to further large-scale security system simulator.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2002.11a
• /
• pp.29-37
• /
• 2002

본 논문은 가상 공격 시뮬레이션을 위한 공격자 및 리눅스 기반 호스트에 대한 모델링 방법의 제안을 주목적으로 한다. 최근, Amoroso는 보안 메커니즘 중심의 침입 모델을 제안하였으나, 시뮬레이션 접근이 분명치 않은 단점이 있다. 또한, Cohen은 원인-결과 모델을 이용하여 사이버 공격과 방어를 표현한 바 있으나, 개념적 단계의 추상화 모델링으로 인해 실제 적용이 어려운 실정이다. 이를 해결하고자 하는 시도로 항공대 지능시스템 연구실에서 SES/MB 프레임워크를 이용한 네트워크 보안 모델링 및 시뮬레이션 방법을 제안한 바 있으나, 공격에 따른 호스트의 복잡한 변화를 표현하기에는 부족하다. 이러한 문제점들을 해결하고자, 본 논문에서는 시스템의 구조를 표현하는 기존 SES에 합성용 규칙기반 전문가 시스템 방법론을 통합한 Rule-Based SES를 적용하여 공격자를 모델링하고, DEVS를 기반으로 하는 네트워크 구성원을 모델링한다. 제안된 모델링 방법의 타당성을 검증하기 위해 본 논문에서는 샘플 네트워크에 대한 사례연구를 수행한다.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2000.11a
• /
• pp.118-124
• /
• 2000

본 논문은 계층 구조적이고 모듈화 된 모델링 및 시뮬레이션 프레임워크를 이용한 네트워크 보안 모델링과 사이버 공격에 대한 시뮬레이션 기법의 연구를 주목적으로 한다. 단순한 네트워크 모델에서의 원인-결과 모델을 대상으로 시뮬레이션 하는 기존의 접근방법과는 달리, 복잡한 네트워크 보안 모델과 모델 기반의 사이버 공격에 대한 시뮬레이션 기법은 아직까지 시도된 바가 없는 실정이다. 따라서, 본 논문에서는 첫째, System Entity Structure/Model Base(SES/MB)을 통하여 계층 구조적, 모듈화, 객체지향적 설계를 하였고 둘째, 해킹 행위의 상세분석을 위해 취약성을 고려한 명령어 수준의 네트워크 보안 모델링 및 시뮬레이션 방법론을 제안하였다. 마지막으로, 사이버 공격 시나리오를 이용한 사례연구를 통하여 타당성을 검증하였다.

• Journal of Korea Game Society
• /
• v.5 no.1
• /
• pp.41-44
• /
• 2005

This paper is model can be useful and capable of automatically collecting and classifying the various information about a wide range of security incidents such as hackings, worms, spyware, cyber-terror, network espionage and information warfare from firewall, IDS, VPN and so on. According to them Internet game and an automated/integrated computer emergency response system can perform an attack assessment and an early warning for any incidents based on Enterprise Security Management environment.

• Journal of Internet of Things and Convergence
• /
• v.7 no.1
• /
• pp.9-19
• /
• 2021

The data mining design incorporated with big data based cloud computing system is investigated for the nuclear terrorism prevention where the conventional physical protection system (PPS) is modified. The networking of terror related bodies is modeled by simulation study for nuclear forensic incidents. It is needed for the government to detect the terrorism and any attempts to attack to innocent people without illegal tapping. Although the mathematical algorithm of the study can't give the exact result of the terror incident, the potential possibility could be obtained by the simulations. The result shows the shape oscillation by time. In addition, the integration of the frequency of each value can show the degree of the transitions of the results. The value increases to -2.61741 in 63.125th hour. So, the terror possibility is highest in later time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.

• Journal of Digital Contents Society
• /
• v.19 no.6
• /
• pp.1185-1195
• /
• 2018

Industrial Control System (ICS) is a system that carry out monitoring and controls of industrial control process and is applied in infrastructure such as water, power, and gas. Recently, cyber attacks such as Brutal Kangaroo, Emotional Simian, and Stuxnet 3.0 have been continuously increasing in ICS, and these security risks cause damage of human life and massive financial losses. Attacks on the control layer among the attack methods for ICS can malfunction devices of the field device layer by manipulating control commands. Therefore, in this paper, we propose a mechanism that apply the SDN between the control layer and the field device layer in the industrial control system and to determine whether the control command is legitimate or not and we show simulation results on a simply composed control system.