• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.1-11
• /
• 2006

The exponential increase of malicious and criminal activities in cyber space is posing serious threat which could destabilize the foundation of modem information society. In particular, unexpected network paralysis or break-down created by the spread of malicious traffic could cause confusion and disorder in a nationwide scale, and unless effective countermeasures against such unexpected attacks are formulated in time, this could develop into a catastrophic condition. As a result, there has been vigorous effort and search to develop a functional state-level cyber-threat early-warning system however, the efforts have not yielded satisfying results or created plausible alternatives to date, due to the insufficiency of the existing system and technical difficulties. The existing cyber-threat forecasting and early-warning depend on the individual experience and ability of security manager whose decision is based on the limited security data collected from ESM (Enterprise Security Management) and TMS (Threat Management System). Consequently, this could result in a disastrous warning failure against a variety of unknown and unpredictable attacks. It is, therefore, the aim of this research to offer a conceptual design for "Knowledge-based Real-Time Cyber-Threat Early-Warning System" in order to counter increasinf threat of malicious and criminal activities in cyber suace, and promote further academic researches into developing a comprehensive real-time cyber-threat early-warning system to counter a variety of potential present and future cyber-attacks.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.21 no.6
• /
• pp.807-816
• /
• 2018

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.55-62
• /
• 2018

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.77-85
• /
• 2021

Cyber protection is an activity that protects the information systems we operate from cyber attacks and threats. To know the level of protection of the currently operating cyber protection system, it is necessary to update the current state of attack technology by reflecting the constantly evolving cyber threats and to analyze whether it is possible to respond with the protection function. Therefore, in this paper, we analyze the relationship between the attack procedures and defense types of the cyber kill chain with the defense technology(Mitigation ID) of MITRE and present the cyber protection level for each military unit type with a focus on defensive cyber activities. In the future, it is expected that the level of cyber protection will be improved through real-time analysis of the response capabilities of cyber protection systems operating in the defense sector to visualize the level of protection for each unit, investigate unknown cyber threats, and actively complement vulnerabilities.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.2
• /
• pp.495-501
• /
• 2017

The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. In other words, The Energy Management System (EMS) and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. In this study, the optimal power flow (OPF) and Power Flow Tracing are used to assess the interaction between the EMS and the power system. Through OPF and Power Flow Tracing based analysis, the physical and economic impacts from potential cyber threats are assessed, and thereby the quantitative risks are measured in a monetary unit.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.147-155
• /
• 2024

Currently, the 4th Industrial Revolution, like other revolutions, is bringing great change and new life to humanity, and in particular, the demand for and use of drones, which can be applied by combining various technologies such as big data, artificial intelligence, and information and communications technology, is increasing. Recently, it has been widely used to carry out dangerous military operations and missions, such as the Russia-Ukraine war and North Korea's reconnaissance against South Korea, and as the demand for and use of drones increases, concerns about the safety and security of drones are growing. Currently, a variety of research is being conducted, such as detection of wireless communication abnormalities and sensor data abnormalities related to drones, but research on real-time detection of threats using radio frequency characteristic data is insufficient. Therefore, in this paper, we conduct a study to determine whether the characteristic data is normal or abnormal signal data by collecting radio frequency signal characteristic data generated while the drone communicates with the ground control system while performing a mission in a HITL(Hardware In The Loop) simulation environment similar to the real environment. proceeded. In addition, we propose an unsupervised learning-based threat detection system and optimal threshold that can detect threat signals in real time while a drone is performing a mission.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.3
• /
• pp.605-612
• /
• 2011

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. In this paper, we discuss the technologies and standard trends about actual cyber threat and response methods, design the collaborative response framework based on the security information sharing in the inter-domain environments. The computation method of network threat level based on the collaborative response framework is proposed. The network threats are be quickly detected and real-time response can be executed using the proposed computation method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

• Journal of Electrical Engineering and Technology
• /
• v.10 no.3
• /
• pp.888-894
• /
• 2015

This paper presents a unified model based assessment framework to quantify threats and vulnerabilities associated with control systems, especially in the SCADA (Supervisory Control and Data Acquisition) system. In the past, this system was primarily utilized as an isolated facility on a local basis, and then it started to be integrated with wide-area networks as the communication technology would make rapid progress. The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. However, an up-to-date power system often requires the real-time operations, which clearly implies that the cyber security would turn out to be a complicated but also crucial issue for the power system. In short, the purpose of this paper is to streamline a comprehensive approach to prioritizing cyber security risks which are expressed by the combination of threats, vulnerabilities, and values in the SCADA components.