• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.173-179
• /
• 2023

The 4th Industrial Revolution technology has emerged as a solution to build a hyper-connected, super-intelligent network-oriented operational environment, overcoming the obstacles of reducing troops and defense budgets facing the current military. However, the overall risk management, including the increase in complexity of the latest inform ation technology and the verification of the impact with the existing information system, is insufficient, leading to serious threats to system integrity and availability, or negatively affecting interoperability between systems. It can be inhibited. In this paper, we suggest cyber threat response strategies for our military to prepare for cyber threats by examining information security risk management in the United States in order to protect military information assets from cyber threats that may arise due to the advancement of information technology.

• Journal of Advanced Navigation Technology
• /
• v.28 no.4
• /
• pp.442-449
• /
• 2024

In this paper, we aim to propose a comprehensive framework for cyber threat analysis of urban air mobility (UAM) or advanced air mobility (AAM) communications, navigation, surveillance, and information system infrastructure. By examining potential vulnerabilities and threat vectors, we seek to enhance the security and resilience of UAM infrastructure. We conduct a detailed cyber threat analysis to identify and categorize various types of cyber threats, assess their impact on the CNSi systems, and evaluate the vulnerabilities within these systems that may be exploited by such threats. This analysis will provide valuable insights for stakeholders involved in the deployment and operation of UAM systems, ultimately contributing to the safe and efficient integration of urban air transportation.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.19-24
• /
• 2018

In this study, for evaluating the cyber threat, we presented a quantitative assessment measures of the threat-level with multiple factors. The model presented in the study is a compound model with the 4 factors; the attack method, the actor, the strength according to the type of the threat, and the proximity to the target. And the threat-level can be quantitatively evaluated with the Fuzzy Inference. The model will take the information in natural language and present the threat-level with quantified data. Therefore an organization can accurately evaluate the cyber threat-level and take it into account for judging threat.

• The Journal of the Korea Contents Association
• /
• v.17 no.3
• /
• pp.231-237
• /
• 2017

Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1722-1737
• /
• 2019

We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.249-252
• /
• 2013

The recent cyber attacks paralyzed several major banking services, broadcasters, and affected the services of a telecommunications provider. Media outlets classified the attack as cyber terror and named it an Advanced Persistant Threat. Although the attack significantly disrupted these services for at least one day, various components used in the attack were not new. Previous major cyber attacks towards targets in South Korea employed more advanced techniques thus causing greater damage. This paper studies the anatomy of the recent 2013.3.20 attack, studies the technical sophistication of the malware and attack vectors used compared with previous attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.264-266
• /
• 2015

Currently as cyber threats grow up targeting nuclear power plants(NPP), licensees must guarantee that computer and information systems of nuclear facilities can be adequately protected against cyber attack. Especially critical system that cause illegal transfer of nuclear material and adverse impact to public safety need protecting. In this paper, we surveying the cyber threat examples targeted at NPP, and taxonomy the method of cyber security for NPPs in korea through analyzing the methodology to identify critical system and address cyber security controls for nuclear facilities.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.197-208
• /
• 2020

Based on the network infrastructure advanced in the information knowledge society, the structure of computer net work is operated by establishing the composition of network in various forms that have secured the security. In case of computer network of national/public organizations, it is necessary to establish the technical and managerial securit y environment even considering the characteristics of each organization and connected organizations. For this, the im portance of basic researches for cyber training by analyzing the technical/managerial vulnerability and cyber threats based on the classification and map of cyber threats according to the characteristics of each organization is rising. T hus, this study aims to analyze each type of external/internal cyber threats to computer network of national/public o rganizations established based on the dualistic infrastructure network of internet and national information network, a nd also to present the cyber threat framework for drawing the elements of cyber security training, by drawing and analyzing the actual elements of cyber threats through the case-based scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.417-430
• /
• 2024

As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.