• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1887-1898
• /
• 2018

In this paper, a method to classify insider threat activity is introduced. The internal threats help detecting anomalous activity in the procedure performed by the user in an organization. When an anomalous value deviating from the overall behavior is displayed, we consider it as an inside threat for classification as an inside intimidator. To solve the situation, Markov Chain Model is employed. The Markov Chain Model shows the next state value through an arbitrary variable affected by the previous event. Similarly, the current activity can also be predicted based on the previous activity for the insider threat activity. A method was studied where the change items for such state are defined by a transition probability, and classified as detection of anomaly of the inside threat through values for a probability variable. We use the properties of the Markov chains to list the behavior of the user over time and to classify which state they belong to. Sequential data sets were generated according to the influence of n occurrences of Markov attribute and classified by machine learning algorithm. In the experiment, only 15% of the Cert: insider threat dataset was applied, and the result was 97% accuracy except for NaiveBayes. As a result of our research, it was confirmed that the Markov Chain Model can classify insider threats and can be fully utilized for user behavior classification.

• International Journal of Contents
• /
• v.15 no.1
• /
• pp.32-38
• /
• 2019

In an environment where a large number of weapons are operated compared to a large number of ground targets, it is important to monitor and manage the targets to set up a fire plan, and through their multilateral analysis, to equip them with a priority order process for targets having a high threat level through the quantitative calculation of the threat level. Existing studies consider the anti-aircraft and anti-ship targets only, hence, it is impossible to apply the existing algorithm to ground weapon system development. Therefore, we proposed an effective threat evaluation algorithm for multiple ground targets in multi-target and multi-weapon environments. Our algorithm optimizes to multiple ground targets by use of unique ground target features such as proximity degree, sorts of weapons and protected assets, target types, relative importance of the weapons and protected assets, etc. Therefore, it is possible to maximize an engagement effect by deducing an effective threat evaluation model by considering the characteristics of ground targets comprehensively. We carried out performance evaluation and verification through simulations and visualizations, and confirmed high utility and effect of our algorithm.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.1-11
• /
• 2006

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modem information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. As a result, there has been vigorous effort and search to develop a functional state-level cyber-threat early-warning system however, the efforts have not yielded satisfying results or created plausible alternatives to date, due to the insufficiency of the existing system and technical difficulties. The existing cyber-threat forecasting and early-warning depend on the individual experience and ability of security manager whose decision is based on the limited security data collected from ESM (Enterprise Security Management) and TMS (Threat Management System). Consequently, this could result in a disastrous warning failure against a variety of unknown and unpredictable attacks. It is, therefore, the aim of this research to offer a conceptual design for "Knowledge-based Real-Time Cyber-Threat Early-Warning System" in order to counter increasinf threat of malicious and criminal activities in cyber suace, and promote further academic researches into developing a comprehensive real-time cyber-threat early-warning system to counter a variety of potential present and future cyber-attacks.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.21 no.9
• /
• pp.947-954
• /
• 2010

The decision of threat target in the MWR(Missile Warning Radar) of GVES(Ground Vehicle Equipment System) such as MBT(Main Battle Tank) is very important. Threat decision is judged by angular rate and the accurate azimuth calculation for good threat decision is very important. The angular rate is dependent upon the direction of an approaching target. The target is classified into a threat or non-threat using a boundary condition of the angular rate. This paper presents the eighth azimuth calculation methods and compares the results.

• Journal of the Korea Convergence Society
• /
• v.6 no.3
• /
• pp.65-71
• /
• 2015

Based on Technology Threat Avoidance Theory, this study explains the process that the users cope with IT Threat and accomplish IS outcome. To empirically test the proposed model, data were collected through a survey of respondents who have the experience of using IS, and analyzed by using structural equations modelling. The result shows IT Threat had negative effects on Problem-Focused Coping and IS Appropriation. Also Problem-Focused Coping had significant effects on IS Appropriation and IS Appropriation had positive relation on IS Performance. In conclusion the study proposed that IT users improve Convergence Information System Performance by Problem-Focused Coping when they perceive IT Threat.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.2
• /
• pp.1-10
• /
• 2014

In this study, I analyzed the increased threat of cyber warfare and the threat of reality about what is happening around the currently. And to prepare for it, I proposed the fact how main developed countries deal with cyber warfare. Also, I presented North Korea's cyber warfare threat which is equipped with world's top 3 cyber warfare performance and the way how their strategy influence to South Korea's national security. Moreever, I studied the existing North Korea's cyber warfare threat and the way how, how South Korea deal with it and prepare to against expected threat of cyber warfare in future.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.2
• /
• pp.15-25
• /
• 2017

A System can be more Dependable from some types of Threats if the Dependability Level Against the Threat on the System is Increased. However, The Dependability-performance Tradeoff should be Considered because the Increased Dependability may Degrade the Performance of the System. Therefore, it is Efficient to Temporally Increase the Dependability Level to High only when an Threat is Predicted on the System in a Short time while Maintaining the Level in Low or mid in Normal Situations. In this Paper, we Present a Threat Prevention Strategy for a Networked Node by Dynamically Changing the Dependability Level According to the Threat Situation on its Logically/physically Neighboring Nodes. As case Studies, we Employ our Strategy to an Internet Server Against TCP SYN Flood Attacks and to a Checkpoint and Rollback System Against Transient Faults. Our Performance Analysis Shows that our Strategy can Effectively Relieve the Damage of the Failure without Serious Performance Degradation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.793-799
• /
• 2021

Recently, there has been a growing interest in threat hunting presented to overcome the limitations of existing security solutions. Threat hunting is generally recognized as a technique for identifying and eliminating threats that exit inside the system. But, the definition is not clear, so there is confusion in terms with penetration testing, intrusion detection, and incident analysis. Therefore, in this paper, compare and analyze the definitions of threat hunting extracted from reports and papers to clarify their implications and compare with defense techniques.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.47-57
• /
• 2014

In order to publicly notify the information security (Internet or Cyber) threat level, the security companies have developed the Threat Meters. As the physical security devices are getting more intelligent and can be monitored and managed through networks, we propose a physical security threat meter (PSTM) to determine the current threat level of physical security; that is a very similar compared with the one of information security. For this purpose, we investigate and prioritize the physical security events, and consider the impact of temporal correlation among multiple security events. We also present how to determine the threshold values of threat levels, and then propose a practical PSTM using the threshold based decision. In particular, we show that the proposed scheme is fully implementable through showing the block diagram in detail and the whole implementation processes with the access controller and CCTV+video analyzer system. Finally the simulation results show that the proposed PSTM works perfectly under some test scenarios.

• Journal of Information Science Theory and Practice
• /
• v.7 no.1
• /
• pp.52-71
• /
• 2019

An insider threat is a threat that comes from people within the organization being attacked. It can be described as a function of the motivation, opportunity, and capability of the insider. Compared to managing the dimensions of opportunity and capability, assessing one's motivation in committing malicious acts poses more challenges to organizations because it usually involves a more obtrusive process of psychological examination. The existing body of research in psycholinguistics suggests that automated text analysis of electronic communications can be an alternative for predicting and detecting insider threat through unobtrusive behavior monitoring. However, a major challenge in employing this approach is that it is difficult to minimize the risk of missing any potential threat while maintaining an acceptable false alarm rate. To deal with the trade-off between the risk of missed catches and the false alarm rate, we propose a unified psycholinguistic framework that consolidates multiple text analyzers to carry out sentiment analysis, emotion analysis, and topic modeling on electronic communications for unobtrusive psychological assessment. The user scenarios presented in this paper demonstrated how the trade-off issue can be attenuated with different text analyzers working collaboratively to provide more comprehensive summaries of users' psychological states.