• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.29-36
• /
• 2015

The hacking threats made against the Korea Hydro & Nuclear Power(KNDP) and the leakage of critical information on nuclear power safety raised the public awareness on the importance of protecting and managing national infrastructure necessary for sustaining the state and society. Cyber security activities and relevant institutions in the ROK, however, are still insufficient, because of which there is a possibility that similar incidents would reoccur and cause serious damages. Hence, a grave and direct threat is posed to the national security of the ROK. In this thesis, I would like to give my analysis and assessment on the recent cyber intrusions against infrastructure at home and abroad, measures established in response and their implementation, and the deficiency of the existing infrastructure protection system ; and lastly propose measures to reinforce infrastructure protection of the ROK.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.101-106
• /
• 2004

Recently, a network defense simulator becomes essential in studying cyber incidents because the cyber terror become more and more interesting. The network defense simulator is a tool to estimate damages and an effectiveness of a defense mechanism by modeling network intrusions and defense mechanisms. Using this tool, users can find efficient ways of preventing a cyber terror and recovering from the damage. Previous simulators start the simulation after entire scenario has made and been loaded to simulation engine. However, in this way it can't model human judgement and behavior, and it can't simulate the real cyber terror very well. In this paper, we have added a dynamic simulation component to our previous network security simulator. This component improved accurate modeling of network intrusions and defense behaviors. We have also proposed new modified architecture of the simulation system. Finally we have verified correct simulation results from stammer worn simulation.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.121-128
• /
• 2019

Computing systems have various vulnerabilities to cyber attacks. In particular, various cyber attacks that are intelligent in the information society have caused serious social problems and economic losses. Traditional security systems are based on misuse-based technology, which requires the continuous updating of new attack patterns and the real-time analysis of vast amounts of data generated by numerous security devices in order to accurately detect. However, traditional security systems are unable to respond through detection and analysis in real time, which can delay the recognition of intrusions and cause a lot of damage. Therefore, there is a need for a new security system that can quickly detect, analyze, and predict the ever-increasing cyber security threats based on machine learning and big data analysis models. In this paper, we present a IDS model that combines machine learning and big data technology.

• Korean Chemical Engineering Research
• /
• v.60 no.4
• /
• pp.492-498
• /
• 2022

Process control systems used in most domestic petrochemical corporates today are based on the Windows platforms. As technology leans toward opened environment, the exposure risk of control systems is increasing. However, not many companies are preparing for various cyberattacks due to lack of awareness and misunderstanding of cyber intrusion. This study investigated the extent of how much exposed the petrochemical process control system is to security threats and suggested practical measures to reduce OT cybersecurity vulnerabilities. To identify the cyber threat status of process control systems, vulnerabilities of the Windows platform, a principal cyber threat factor, have been analyzed. For research, three major DCS providers in Korea and the discontinuation of Windows platform of 635 control systems were investigated. It was confirmed that 78% of the survey subjects were still operating in the discontinued windows platforms, and those process control systems were operated in a state vulnerable to cyber intrusions. In order to actively cope with these cyber threats, legal regulations such as designation of critical infrastructure for major petrochemical facilities which is implemented in advanced countries such as the United States are needed. Additionally, it is necessary to take the initiative in eradicating security threats to the process control systems by aggressively introducing security solutions provided from existing DCS suppliers. This paper was submitted to Professor Ko JaeWook's retirement anniversary issue.

• Journal of Advanced Navigation Technology
• /
• v.16 no.6
• /
• pp.1014-1023
• /
• 2012

Recently with improvement of SMART Grid, AMI network security has been affecting the environment for Electric information and communication. The system and communication protection consists of steps taken to protect the AMI components and the communication links between system components from cyber intrusions. The addition of two way communications between SUN and HAN introduces additional risk for unauthorized access to the AMI system. In this paper, we propose new AMI device authentication infrastructure, key establishment and security algorithm based on public key encryption to solve AMI network security problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5132-5148
• /
• 2017

Cyber attacks are evolving commensurate with recent developments in information security technology. Intrusion detection systems collect various types of data from computers and networks to detect security threats and analyze the attack information. The large amount of data examined make the large number of computations and low detection rates problematic. Feature selection is expected to improve the classification performance and provide faster and more cost-effective results. Despite the various feature selection studies conducted for intrusion detection systems, it is difficult to automate feature selection because it is based on the knowledge of security experts. This paper proposes a feature selection technique to overcome the performance problems of intrusion detection systems. Focusing on feature selection, the first phase of the proposed system aims at constructing a feature subset using a sequential forward floating search (SFFS) to downsize the dimension of the variables. The second phase constructs a classification model with the selected feature subset using a random forest classifier (RFC) and evaluates the classification accuracy. Experiments were conducted with the NSL-KDD dataset using SFFS-RF, and the results indicated that feature selection techniques are a necessary preprocessing step to improve the overall system performance in systems that handle large datasets. They also verified that SFFS-RF could be used for data classification. In conclusion, SFFS-RF could be the key to improving the classification model performance in machine learning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.537-552
• /
• 2024

Domestic nuclear power plants operate under the establishment of the "Information System Security Regulations" in accordance with the Nuclear Safety Act, introducing and implementing a cybersecurity system that encompasses organizational structure as well as technical, operational, and managerial security measures for assets. Despite attempts such as phased approaches and alternative measures for physical protection systems, the reduction in managed items has not been achieved, leading to an increased burden on security capabilities due to limited manpower at the site. In the main text, an analysis is conducted on Type A1 assets performing nuclear safety functions using Maintenance Rules (MR) and EPRI Technical Assessment Methodology (TAM) from both a maintenance perspective and considering device characteristics. Through this analysis, approaches to re-evaluate the impact of cyber intrusions on asset functionality are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.