• 한국인터넷방송통신학회논문지
• /
• 제14권2호
• /
• pp.1-10
• /
• 2014

본 연구에서는 위협이 증가되고 있는 사이버전의 위협과 사이버전에 전장 환경의 위협이 무엇인가에 대해 현재 일어나고 있는 실상을 중심으로 분석하였다. 그리고 주요 선진 국가들이 사이버전에 어떻게 대응하고 있는가에 대한 현 실상을 제시하였다. 그리고 세계 3위권의 사이버전 수행능력을 구비하고 있는 북한의 사이버전 위협과 북한의 사이버전 전략이 한국의 국가안보에 미치는 영향을 제시하였으며, 현존하는 북한의 사이버전 위협과 미래에 예상되는 북한의 사이버전 위협에 한국이 어떻게 대비하고 대응할 것인가에 대해서 연구하였다.

• 한국중재학회지:중재연구
• /
• 제15권3호
• /
• pp.3-25
• /
• 2005

The companies' management strategies of the electronic commerce market are different from those of the traditional market. The main difference between the electronic commerce market and the traditional market is an IT network system which is a companies' management strategies in the electronic commerce market. This study focuses on the examination and analysis of the companies' management strategies which are constituted through influence on the effectiveness of the IT network system in the electronic commerce market and Promoting Arbitration System in The Era of Digital Economy this study is to introduce several alternative policies of the Government and companies to such formated IT network system of the electronic commerce market in the future. It's also suggested that the Korean Commercial Arbitration Board (KCAB) fully cover consideration and arbitration, while KCAB for Electronic Commerce activates its proper role of consulting and ad hoc arbitration by using electronic information. E-commerce sets up the probability that its merchants and customers will not exist in the same legal jurisdictions. The confusing application of laws and wide geographical dispersion of these parties will necessitate a faster and cheaper dispute resolution methodology. Therefore, online ADR may be effective for e-commerce dispute resolution. The examples of online ADR operation are the cyber mediation of Electronic Transaction Dispute Resolution Committee, the cyber mediation of Korean Commercial Arbitration Board, the cyber mediation of Click N Settle, the online ADR of BBB online, and the cyber arbitration of virtual Magistrate. The paper points out the last one as the most desired practice. This study results are how to minimize the disputes and the method of dispute settlement. Therefore, a role of arbitration proposed and emphasized. To protect the dispute in advance, it's suggested to revise rules timely following on technical changes, and emphasized that the dispute has to lead to arbitration settlement not for consuming unnecessary time and finance for enterprises and consumers.

• 한국시뮬레이션학회:학술대회논문집
• /
• 한국시뮬레이션학회 2003년도 춘계학술대회논문집
• /
• pp.191-198
• /
• 2003

The major objective of this paper is to perform modeling of cyber attack and defense using vulnerability metrics. To do this, we have attempted command level modeling for realizing an approach of functional level proposed by Nong Ye, and we have defined vulnerability metrics that are able to apply to DEVS(Discrete Event System Specification) and performed modeling of cyber attack and defense using this. Our approach is to show the difference from others in that (ⅰ) it is able to analyze behaviors of system emerged by interaction with functional elements of components composing network and each other, (ⅱ) it is able to analyze vulnerability in quantitative manner, and (ⅲ) it is able to establish defense suitably by using the analyzed vulnerability. We examine an example of vulnerability analysis on the cyber attack and defense through case study.

• 융합보안논문지
• /
• 제5권4호
• /
• pp.67-72
• /
• 2005

최근 사회적인 이슈인 악성 트래픽 인한 네트워크 마비, 전자거래 방해 등과 같이 단시간내에 엄청난 국가적인 손실이 될수 있는 악성 웜, 바이러스에 대한 대처 능력은 보안관리에 매우 중요한 요소임은 자명하다. 이와 관련, 사이버위협에 대한 신속한 대처능력을 확보하기 위해 조기 예 경보시스템에 대한 많은 연구가 이루어지고 있으나, 기술적인 문제와 함께 시스템의 효용성에 대한 한계 때문에 실용적인 연구가 가시화되지 못하고 있는 실정이다. 본 논문에서는 위와 같은 문제를 해결하기 위하여 대형네트워크에서 기존 보안장비에 의한 검출과는 별도로 사이버 위협 조기예경보만을 위한 조기탐지기법에 대해서 연구하였다. 실제 대형네트워크에서 허니넷 (Honeynet)기반의 모듈을 적용한 사이버예경보시스템을 설계하여 대형 네트워크에서 본 모듈이 약성 트래픽에 대해 얼마나 효과적으로 대처 할수 있는지에 대해 연구하였다.

• 국제학술발표논문집
• /
• The 8th International Conference on Construction Engineering and Project Management
• /
• pp.510-519
• /
• 2020

Within an intelligent automated cyber-physical system, the realization of the autonomous mechanism for data collection, data integration, and data analysis plays a critical role in the design, development, operation, and maintenance of such a system. This construct is particularly vital for fault-tolerant route-finding systems that rely on the imprecise GPS location of the vehicles to properly operate, timely plan, and continuously produce informative feedback to the user. More essentially, the integration of digital twins with cyber-physical route-finding systems has been overlooked in intelligent transportation services with the capacity to construct the network routes solely from the locations of the operating vehicles. To address this limitation, the present study proposes a conceptual architecture that employs digital twin to autonomously maintain, update, and manage intelligent transportation systems. This virtual management simulation can improve the accuracy of time-of-arrival prediction based on auto-generated routes on which the vehicle's real-time location is mapped. To that end, first, an intelligent transportation system was developed based on two primary mechanisms: 1) an automated route finding process in which predictive data-driven models (i.e., regularized least-squares regression) can elicit the geometry and direction of the routes of the transportation network from the cloud of geotagged data points of the operating vehicles and 2) an intelligent mapping process capable of accurately locating the vehicles on the map whereby their arrival times to any point on the route can be estimated. Afterward, the digital representations of the physical entities (i.e., vehicles and routes) were simulated based on the auto-generated routes and the vehicles' locations in near-real-time. Finally, the feasibility and usability of the presented conceptual framework were evaluated through the comparison between the primary characteristics of the physical entities with their digital representations. The proposed architecture can be used by the vehicle-tracking applications dependent on geotagged data for digital mapping and location tracking of vehicles under a systematic comparison and simulation cyber-physical system.

• Nuclear Engineering and Technology
• /
• 제44권8호
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2021년도 춘계학술대회
• /
• pp.632-634
• /
• 2021

인터넷의 발전과 이용자의 증가에 비례하여 이를 이용한 사이버 침해사고 발생 비율이 높아지고 있다. 이에 대한 대책으로 사용자들이 접근할 수 있는 시스템과 주요정보가 담긴 시스템을 분리하여 서로 접근하지 못하도록 하는 망분리 방식이 등장하고 있다. 그러나 인터넷망을 사용해야 하는 업무의 경우는 사이버 공격에 그대로 노출되며 망간 자료전송 방식/시스템과 관리·운영적인 부분에서 많은 허점이 발생하여 폐쇄망의 감염이 발생하고 있다. 본 연구에서는 이러한 망분리 환경에서 침해사고 발생유형과 사례에 대한 조사를 통해, 망 연계시스템의 안전성을 높이고자 한다

• 한국IT서비스학회지
• /
• 제19권1호
• /
• pp.37-53
• /
• 2020

Today, our society is exposed to cyber threats, such as the leakage of personal information, as various systems are connected and operated organically with the development of information and communication technology. With the impact of these cyber risks, we are experiencing damage from the virtual world to the physical world. As the number of cases of damage caused by cyber attacks has continued to rise, social voices have risen that the government needs to manage cyber risks. Thus, information and telecommunication service providers are now mandatory to have insurance against personal information protection due to amendment of "the Act on Promotion of Information and Communication Network Utilization and Information Protection". However, the insurance management system has not been properly prepared, with information and communication service providers selecting the service operators based on sales volume rather than selecting them based on the type and amount of personal information they store and manage. In order for the personal information protection liability insurance system to be used more effectively in line with the legislative purpose, effective countermeasures such as cooperation with the government and related organizations and provision of benefits for insured companies should be prepared. Thus, the author of this study discuss the current status of personal information protection liability insurance system and the issues raised in the operation of the system. Based on the results of this analysis, the authors propsoe tasks and plans to establish an effective personal information protection liability insurance system.

• 정보보호학회논문지
• /
• 제11권2호
• /
• pp.13-26
• /
• 2001

본 논문은 계층 구조적이고 모듈화 된 모델링 및 시뮬레이션 프레임워크를 이용한 네트워크 보안 모델링과 시뮬레이션 기법의 연구를 주목적으로 한다. 최근, Howard와 Amroso는 사이버 공격, 방어 및 결과에 대한 원인-결과 모델을 개발하였다. 또한, Cohen은 원인-결과 모델을 이용하여 단순한 네트워크 보안 시뮬레이션 방법론을 제안한 바 있으나, 복잡한 네트워크 보안과 모델과 모델 기반의 사이버 공격에 대한 시뮬레이션은 불가능한 실정이다. 따라서, 본 논문에서 는 인공지능의 기호적 형식론과 시뮬레이션의 동역학적 형식론을 체계적이고 통합한 System Entity Structure/Model Base(SES/MB)을 통하여 계층 구조적이고 모듈화 된 네트워크 보안 모델링 및 시뮬레이션 방법론을 제안하고 사이버 공격 시나리오를 이용한 사례연구를 통하여 타당성을 검증하였다.

• 정보보호학회논문지
• /
• 제14권3호
• /
• pp.101-106
• /
• 2004

최근 사이버 테러에 대한 관심이 고조되면서 네트워크 보안 시뮬레이터가 필요하게 되었다. 네트워크 보안 시뮬레이터는 침입 행위 및 방어 행위를 모델링하여 침입에 대한 피해 정도, 방어 대책의 효과성 등을 파악하기 위한 도구이다. 이 도구를 통해서 사이버 테러에 대한 예방과 복구가 가능하기 때문이다. 이를 위해 기존의 시뮬레이터들은 시뮬레이션 수행 전에 모든 시나리오를 작성해 놓고 시뮬레이션을 수행하였다. 그러나 사람의 판단 및 행위를 모델링하지 못한 시뮬레이션은 정확한 결과를 나타내지 못하였다 따라서 본 논문에서는 기존 네트워크 보안 시뮬레이터에 동적 시뮬레이션 요소를 첨가함으로써 정확히 네트워크 침입 및 방어 행위를 표현하고자 하였다. 또한 이를 위한 시뮬레이터 구조 변경 방법을 제안하였다. 시뮬레이터를 구현한 후에는 슬래머 웜의 시뮬레이션을 수행하여 기능이 올바로 구현되었음을 확인하였다.