• Journal of the Korea Institute of Military Science and Technology
• /
• v.19 no.1
• /
• pp.57-65
• /
• 2016

Threat evaluation is a process to estimate the threat score which enemy aerial threat poses to defended assets. The objective of threat evaluation is concerned with making an engagement priority list for optimal weapon allocation. Traditionally, the threat evaluation of massive air threats has been carried out by air defence experts, but the human decision making is less effective in real aerial attack situations with massive enemy fighters. Therefore, automation to enhance the speed and efficiency of the human operation is required. The automatic threat evaluation by air defense experts who will perform multi-variable judgment needs formal models to accurately quantify their linguistic evaluation of threat level. In this paper we propose a threat evaluation model by using a fuzzy rule-based inference method. Fuzzy inference is an appropriate method for quantifying threat level and integrating various threat attribute information. The performance of the model has been tested with a simulation that reflected real air threat situation and it has been verified that the proposed model was better than two conventional threat evaluation models.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.11 no.1
• /
• pp.93-101
• /
• 2008

It is difficult for a MWR(Missile Warning Radar) to perform a threat decision accurately since there is no tracking part which gives more accurate threat information to the MWR. In this paper, the threat decision algorithm is proposed using an azimuth angular rate to improve the accuracy. The azimuth angular rate is dependent upon the direction of an approaching target. The target is classified into a threat or non-threat using a boundary condition of the azimuth angular rate. The boundary condition is determined using the Monte-Carlo simulation. The performance of the proposed algorithm is evaluated using this condition at field tests of MWR. The efficiency of the proposed method for the threat decision is proved by comparing the results of field tests with the simulation results.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.3
• /
• pp.474-481
• /
• 2011

The Electronic Warfare Computer for the Aircraft Survivability Equipment will improve the ability for countermeasures by analysis about threat information. This paper suggests method that threat data integration of multiple sensors(Radar Warning Receiver, Laser Warning Receiver, Missile Warning Receiver). The algorithm of threat data integration is based on detected threat sequence and azimuth information. The threat sequence information is analyzed in advance and the azimuth data is received from sensors. The suggested method is evaluated through simulation under the environment like real helicopter.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.6
• /
• pp.797-805
• /
• 2019

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.20 no.12
• /
• pp.1333-1339
• /
• 2009

A MWR(Missile Warning Radar) of GVES(Ground Vehicle Equipment System) has to effectively decide the threat for a detected target. Linear Approximation Fitting(LAF) and Weighted Linear Approximation Fitting(WLAF) algorithm is proposed as algorithm for a threat decision method. The target is classified into a threat or non-threat using a boundary condition of the angular rate, and the boundary condition is determined using probability model simulation. This paper confirms the performance of proposed threat decision algorithm using measurement.

• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.53-58
• /
• 2021

There is little research on actual business activities in the field of security control. Therefore, in this paper, we intend to present a practical research methodology that can contribute to the calculation of the size of the appropriate input personnel through the modeling of the threat information detection response time of the security control and to analyze the effectiveness of the latest security solutions. The total threat information detection response time performed by the security control center is defined as TIDRT (Total Intelligence Detection & Response Time). The total threat information detection response time (TIDRT) is composed of the sum of the internal intelligence detection & response time (IIDRT) and the external intelligence detection & response time (EIDRT). The internal threat information detection response time (IIDRT) can be calculated as the sum of the five steps required. The ultimate goal of this study is to model the major business activities of the security control center with an equation to calculate the cyber threat information detection response time calculation formula of the security control center. In Chapter 2, previous studies are examined, and in Chapter 3, the calculation formula of the total threat information detection response time is modeled. Chapter 4 concludes with a conclusion.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.6
• /
• pp.807-816
• /
• 2018

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.19-24
• /
• 2018

In this study, for evaluating the cyber threat, we presented a quantitative assessment measures of the threat-level with multiple factors. The model presented in the study is a compound model with the 4 factors; the attack method, the actor, the strength according to the type of the threat, and the proximity to the target. And the threat-level can be quantitatively evaluated with the Fuzzy Inference. The model will take the information in natural language and present the threat-level with quantified data. Therefore an organization can accurately evaluate the cyber threat-level and take it into account for judging threat.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.19-27
• /
• 2022

With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.