• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.1-12
• /
• 2021

An operation of an organization is currently using a digital environment which opens to potential cyber-attacks. These phenomena become worst as the cyberattack landscape is changing rapidly. The impact of cyber-attacks varies depending on the scope of the organization and the value of assets that need to be protected. It is difficult to assess the damage to an organization from cyberattacks due to a lack of understanding of tools, metrics, and knowledge on the type of attacks and their impacts. Hence, this paper aims to identify domains and sub-domains of cyber-attack taxonomy to facilitate the understanding of cyber-attacks. Four phases are carried in this research: identify existing cyber-attack taxonomy, determine and classify domains and sub-domains of cyber-attack, and construct the enhanced cyber-attack taxonomy. The existing cyber-attack taxonomies are analyzed, domains and sub-domains are selected based on the focus and objectives of the research, and the proposed taxonomy named AVOIDITALS Cyber-attack Taxonomy is constructed. AVOIDITALS consists of 8 domains, 105 sub-domains, 142 sub-sub-domains, and 90 other sub-sub-domains that act as a guideline to assist administrators in determining cyber-attacks through cyber-attacks pattern identification that commonly occurred on digital infrastructure and provide the best prevention method to minimize impact. This research can be further developed in line with the emergence of new types and categories of current cyberattacks and the future.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.17-29
• /
• 2017

Various cyber attacks against our society and the government are continuing, and cases and damages are reported from time to time. And the area of cyber attack is not limited to cyberspace, but it is expanding into physical domain and affecting it. In the military arena, we have established and implemented the principle of responding proportionally to enemy physical attacks. This proportionality principle is also required in the version where the region is expanding. In order to apply it, it is necessary to have a quantitative and qualitative countermeasure against cyber attack. However, due to the nature of cyber attacks, it is not easy to assess the damage accurately and it is difficult to respond to the proportionality principle and the proportional nature. In this study, we calculated the damage scale by quantitatively and qualitatively evaluating the cyber attack damage using the Gorden-Lobe model and the security scoring technique based on the scenario. It is expected that the calculated results will be provided as appropriate level and criterion to counteract cyber attack.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.71-80
• /
• 2023

Cyberspace has emerged as the fifth domain of warfare, alongside land, sea, air, and space. It has become a crucial focus for offensive and defensive military operations. Governments worldwide have demonstrated their intent to engage in offensive cyber operations within this domain. This paper proposes an innovative offensive cyber kill chain model that integrates the existing defensive strategy, the cyber kill chain model, with the joint air tasking order (ATO) mission execution cycle and joint target processing procedure. By combining physical and cyber operations within a joint framework, this model aims to enhance national cyber operations capabilities at a strategic level. The integration of these elements seeks to address the evolving challenges in cyberspace and contribute to more effective jointness in conducting cyber operations.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.117-128
• /
• 2018

The purpose of this paper is to analyze the behavior of North Korea's cyber attack against South Korea since 2009 based on major international security theories and suggest South Korea's policy option. For this purpose, this paper applied the behavioral domain and characteristics of 'cyber power' and 'coercion dynamics' model, which are attracting attention in international security studies. The types of cyber attacks from North Korea are classified into the following categories: power-based incarceration, leadership attacks and intrusions, military operations interference, and social anxiety and confusion. In terms of types and means of cyber power, North Korean GPS disturbance, the Ministry of Defense server hacking and EMP are hard power with high retaliation and threat and cyber money cashing and ransomware are analyzed by force in the act of persuasion and incentive in the point of robbing or asking for a large amount of money with software pawns. North Korea 's cyber attack has the character of escape from realistic sanctions based on the second nuclear test. It is important for South Korea to clearly recognize that the aggressive cyberpower of North Korea is changing in its methods and capabilities, and to ensure that North Korea's actions result in far greater losses than can be achieved. To do this, it is necessary to strengthen the cyber security and competence to simultaneously attack and defend through institutional supplement and new establishment such as cyber psychological warfare, EMP attack preparation, and enhancement of security expertise against hacking.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.27-42
• /
• 2022

In the era of the Fourth Industrial Revolution, digital transformation to increase the effectiveness of industry is becoming more important to achieving the goal of industrial innovation. The digital new deal and smart defense are required for digital transformation and utilize artificial intelligence, big data analysis technology, and the Internet of Things. These changes can innovate the industrial fields of national defense, society, and health with new intelligent services by continuously expanding cyberspace. As a result, work productivity, efficiency, convenience, and industrial safety will be strengthened. However, the threat of cyber-attack will also continue to increase due to expansion of the new domain of digital transformation. This paper presents the risk scenarios of cyber-attack threats in the Fourth Industrial Revolution. Further, we propose a preemptive intrusion response model to bolster the complex security environment of the future, which is one of the fundamental alternatives to solving problems relating to cyber-attack. The proposed model can be used as prior research on cyber security strategy and technology development for preemptive response to cyber threats in the future society.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.9
• /
• pp.92-99
• /
• 2013

As a recent cyber attack has a characteristic that is intellectual, advanced, and complicated attack against precise purpose and specified object, it becomes extremely hard to recognize or respond when accidents happen. Since a scale of damage is very large, a corresponding system about this situation is urgent in national aspect. Existing data center or integration security framework of computer lab is evaluated to be a behind system when it corresponds to cyber attack. Therefore, this study suggests a better sophisticated next generation convergence security framework in order to prevent from attacks based on advanced persistent threat. Suggested next generation convergence security framework is designed to have preemptive responses possibly against APT attack consisting of five hierarchical steps in domain security layer, domain connection layer, action visibility layer, action control layer and convergence correspondence layer. In domain connection layer suggests security instruction and direction in domain of administration, physical and technical security. Domain security layer have consistency of status information among security domain. A visibility layer of Intellectual attack action consists of data gathering, comparison, decision, lifespan cycle. Action visibility layer is a layer to control visibility action. Lastly, convergence correspond layer suggests a corresponding system of before and after APT attack. An introduction of suggested next generation convergence security framework will execute a better improved security control about continuous, intellectual security threat.

• Korean Security Journal
• /
• no.39
• /
• pp.319-353
• /
• 2014

Cyber-based technologies are now ubiquitous around the glob and are emerging as an "instrument of power" in societies, and are becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. The globe-spanning range of cyberspace and no national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies. Through cyberspace, competitive powers will target industry, academia, government, as well as the military in the air, land, maritime, and space domains of our nations. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Cyberthreats to the infrastructure and other assets are a growing concern to policymakers. In 2013 Cyberwarfare was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. The new United States military strategy makes explicit that a cyberattack is casus belli just as a traditional act of war. The Economist describes cyberspace as "the fifth domain of warfare and writes that China, Russia, Israel and North Korea. Iran are boasting of having the world's second-largest cyber-army. Entities posing a significant threat to the cybersecurity of critical infrastructure assets include cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists. These malefactors may access cyber-based technologies in order to deny service, steal or manipulate data, or use a device to launch an attack against itself or another piece of equipment. However because the Internet offers near-total anonymity, it is difficult to discern the identity, the motives, and the location of an intruder. The scope and enormity of the threats are not just focused to private industry but also to the country's heavily networked critical infrastructure. There are many ongoing efforts in government and industry that focus on making computers, the Internet, and related technologies more secure. As the national intelligence institution's effort, cyber counter-intelligence is measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. However one of the hardest issues in cyber counterintelligence is the problem of "Attribution". Unlike conventional warfare, figuring out who is behind an attack can be very difficult, even though the Defense Secretary Leon Panetta has claimed that the United States has the capability to trace attacks back to their sources and hold the attackers "accountable". Considering all these cyber security problems, this paper examines closely cyber security issues through the lessons from that of U.S experience. For that purpose I review the arising cyber security issues considering changing global security environments in the 21st century and their implications to the reshaping the government system. For that purpose this study mainly deals with and emphasis the cyber security issues as one of the growing national security threats. This article also reviews what our intelligence and security Agencies should do among the transforming cyber space. At any rate, despite of all hot debates about the various legality and human rights issues derived from the cyber space and intelligence service activity, the national security should be secured. Therefore, this paper suggests that one of the most important and immediate step is to understanding the legal ideology of national security and national intelligence.

• ETRI Journal
• /
• v.44 no.2
• /
• pp.346-354
• /
• 2022

The SYN flooding attack is widely used in cyber attacks because it paralyzes the network by causing the system and bandwidth resources to be exhausted. This paper proposed a self-information approach for detecting the SYN flooding attack and provided a detection algorithm with a hierarchical policy on a detection time domain. Compared with other detection methods of entropy measurement, the proposed approach is more efficient in detecting the SYN flooding attack, providing low misjudgment, hierarchical detection policy, and low time complexity. Furthermore, we proposed a detection algorithm with limiting system resources. Thus, the time complexity of our approach is only (log n) with lower time complexity and misjudgment rate than other approaches. Therefore, the approach can detect the denial-of-service/distributed denial-of-service attacks and prevent SYN flooding attacks.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.12
• /
• pp.125-134
• /
• 2019

As the limitations of the passive recognition domain, which is not guaranteed transparency of the operation process, AI technology has a vulnerability that depends on the data. Human error is inherent because raw data for artificial intelligence learning must be processed and inspected manually to secure data quality for the advancement of AI learning. In this study, we examine the necessity of learning data management before machine learning by analyzing inaccurate cases of AI learning data and cyber security attack method through the approach from cyber security perspective. In order to verify the learning data integrity, this paper presents the direction of data-preserving artificial intelligence system, a blockchain-based learning data environment model. The proposed method is expected to prevent the threats such as cyber attack and data corruption in providing and using data in the open network for data processing and raw data collection.