• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.69-81
• /
• 2008

It has become more difficult to correspond a cyber attack quickly as patterns of attack become various and complex. However, current security mechanism just have passive defense functionalities. In this paper, we propose new network security mechanism to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed mechanism makes it possible to deal effectively with cyber attacks such as IP spoofing, by using active packet technology including a mobile code on active network. Also, it is designed to hove more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• Journal of National Security and Military Science
• /
• s.2
• /
• pp.121-163
• /
• 2004

Science technique development expanded into, not only land, sea, and air operations but also those of airspace, and cyber battle spaces. It is generally accepted at this time that space centric operations currently cannot be effectively divided from air operations. However, science and technology advancements make it possible to integrate Army, Navy, Airforce, and Marine forces into effective operations as never before. The Republic of Korea Armed Forces needs to establish a more effective joint concept. The US military, considered by many experts as the most effective in the world, understands the necessity of joint operations and accordingly has highly developed its own concept of joint operations. The US joint operational concepts demonstrated their effectiveness during the Iraqi War by dominating the battlefield through effective use of all combat and non-combat power. Following the US Iraqi War experience, the US Department of Defense continued to enhance Joint Capability through the acceleration of US Military Transformation involving all components. The future national security of the Republic of Korea, faced with the peculiarity of communist threat in the form of North Korea, and the conflicting interest of four strong powers; the United States, China, Japan, and Russia, depends on small but strong armed forces employing all available combat power through effective National and Military Strategy, and considering domestic and international constraints. In order to succeed in future wars, military operations following joint operational concepts must effectively employ all available combat power in a timely manner. The Republic of Korea Armed Forces must establish a joint forces concept in order to integrate all available combat power during employment. Therefore we must establish military operations that develop the military structure and organization, doctrine, weapon systems, training and education of our armed forces based on the key concept of joint operations.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Strategy21
• /
• s.44
• /
• pp.5-27
• /
• 2018

The purpose of this paper is to look at USN's efforts to rebuild its combat power in the face of a reemergence of great powers competition, and to propose some recommendations for the ROKN. In addition to the plan to augment its fleet towards a 355-ships capacity, the USN is pursuing to improve exponentially combat lethality(quality) of its existing fleet by means of innovative science and technology. In other words, the USN is putting its utmost efforts to improve readiness of current forces, to modernize maintenance facilities such as naval shipyards, and simultaneously to invest in innovative weapons system R&D for the future. After all, the USN seems to pursue innovations in advanced military Science & Technology as the best way to ensure continued supremacy in the coming strategic competition between great powers. However, it is to be seen whether the USN can smoothly continue these efforts to rebuild combat strength vis-a-vis its new competition peers, namely China and Russian navy, due to the stringent fiscal constraints, originating, among others, from the 2011 Budget Control Act effective yet. Then, it seems to be China's unilateral and assertive behaviors to expand its maritime jurisdiction in the South China Sea that drives the USN's rebuild-up efforts of the future. Now, some changes began to be perceived in the basic framework of the hitherto regional maritime security, in the name of declining sea control of the USN as well as withering maritime order based on international law and norms. However, the ROK-US alliance system is the most excellent security mechanism upon which the ROK, as a trading power, depends for its survival and prosperity. In addition, as denuclearization of North Korea seems to take significant time and efforts to accomplish in the years to come, nuclear umbrella and extended deterrence by the US is still noting but indispensible for the security of the ROK. In this connection, the naval cooperation between ROKN and USN should be seen and strengthened as the most important deterrents to North Korean nuclear and missile threats, as well as to potential maritime provocation by neighboring countries. Based on these observations, this paper argues that the ROK Navy should try to expand its own deterrent capability by pursuing selective technological innovation in order to prevent this country's destiny from being dictated by other powers. In doing so, however, it may be too risky for the ROK to pursue the emerging, disruptive innovative technologies such as rail gun, hypersonic weapon... etc., due to enormous budget, time, and very thin chance of success. This paper recommends, therefore, to carefully select and extensively invest on the most cost-effective technological innovations, suitable in the operational environments of the ROK. In particular, this paper stresses the following six areas as most potential naval innovations for the ROK Navy: long range precision strike; air and missile defense at sea; ASW with various unmanned maritime system (UMS) such as USV, UUV based on advanced hydraulic acoustic sensor (Sonar) technology; network; digitalization for the use of AI and big data; and nuclear-powered attack submarines as a strategic deterrent.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.6
• /
• pp.469-476
• /
• 2021

An electronic attack (EA) system is an essential weapon system for performing electronic warfare missions that contain signal tracking and jamming against multiple threats using electromagnetic waves, such as air defense radars, wireless command and communication networks, and guided missiles. The combat effectiveness can be maximized, and the survivability of militarily protecting combat power can be enhanced through EA mission operations, such as disabling the functions of multiple threats. The EA system can be used as a radio frequency jamming system to respond to drone attacks on the core infrastructure, such as airports, power plants, and communication broadcasting systems, in the civilian field. This study examined the criteria for classification according to the electronic attack missions of foreign EA systems based on an aviation platform. The foreign R&D trends by those criteria were investigated. Moreover, by analyzing the R&D trends of domestic EA systems and future battlefields in the domestic security environments, this paper proposes technological development plans of EA systems suitable for the future battlefield environments compared to the foreign R&D trends.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.61-70
• /
• 2020

The unmanned aerial vehicle that emerged with the 4th Industrial Revolution attracts attention not only from Korea but also from around the world, and its utilization and market size are gradually expanding. For the first time, it was used for military purposes, but it is currently used for transportation, investigation, surveillance, and agriculture. China, along with the US and Europe, is emerging as a leader in the commercial unmanned aerial vehicle market, and Korea, which has the world's seventh-largest technology in related fields, is striving to promote various technology development policies and system improvement related to unmanned aerial vehicles. Military drones will revolutionize the means of war by using a means of war called an unmanned system based on theories such as network-oriented warfare and effect-oriented warfare. Mobile equipment, including drones, is greatly affected by environmental factors such as terrain and weather, as well as technological developments and interests in the field. Now, drones are being used actively in many fields, and especially in the military field, the use of advanced drones is expected to create a new defense environment and provide a new paradigm for war.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.25-32
• /
• 2022

Recently, the image processing industry has been activated as deep learning-based technology is introduced in the image recognition and detection field. With the development of deep learning technology, learning model vulnerabilities for adversarial attacks continue to be reported. However, studies on countermeasures against poisoning attacks that inject malicious data during learning are insufficient. The conventional countermeasure against poisoning attacks has a limitation in that it is necessary to perform a separate detection and removal operation by examining the training data each time. Therefore, in this paper, we propose a technique for reducing the attack success rate by applying modifications to the training data and inference data without a separate detection and removal process for the poison data. The One-shot kill poison attack, a clean label poison attack proposed in previous studies, was used as an attack model. The attack performance was confirmed by dividing it into a general attacker and an intelligent attacker according to the attacker's attack strategy. According to the experimental results, when the proposed defense mechanism is applied, the attack success rate can be reduced by up to 65% compared to the conventional method.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.17 no.3
• /
• pp.358-363
• /
• 2014

In this paper, we present two constructions of the attribute-based broadcast encryption(ABBE) algorithm. Attribute-based encryption(ABE) algorithm enables an access control mechanism over encrypted data by specifying access policies among private keys and ciphertexts. ABBE algorithm can be used to construct ABE algorithm with revocation mechanism. Revocation has a useful property that revocation can be done without affecting any non-revoked uers. The main difference between our algorithm and the classical ones derived from the complete subtree paradigm which is apt for military hierarchy. Our algorithm improve the efficiency from the previously best ABBE algorithm, in particular, our algorithm allows one to select or revoke users by sending ciphertext of constant size with respect to the number of attributes and by storing logarithm secret key size of the number of users. Therefore, our algorithm can be an option to applications where computation cost is a top priority and can be applied to military technologies in the near future.