• Journal of the Korea Society for Simulation
• /
• v.12 no.2
• /
• pp.63-73
• /
• 2003

The major objective of this paper is to propose the method of attacker and host modeling for cyber-attack simulation. In the security modeling and simulation for information assurance, it is essential the modeling of attacker that is able to generate various cyber-attack scenarios as well as the modeling of host, which is able to represent behavior on attack concretely The security modeling and simulation, which was announced by Cohen, Nong Ye and etc., is too simple to concretely analyze attack behavior on the host. And, the attacker modeling, which was announced by CERT, Laura and etc., is impossible to represent complex attack excepting fixed forms. To deal with this problem, we have accomplished attacker modeling by adopted the rule-based SES which integrates the existing SES with rule-based expert system for synthesis and performed host modeling by using the DEVS formalism. Our approach is to show the difference from others in that (ⅰ) it is able to represent complex and repetitive attack, (ⅱ) it automatically generates the cyber-attack scenario suitable on the target system, (ⅲ) it is able to analyze host's behavior of cyber attack concretely. Simulation tests performed on the sample network verify the soundness of proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• Proceedings of the Korea Society for Simulation Conference
• /
• 1998.10a
• /
• pp.51-56
• /
• 1998

본 연구는 산림, 기상, 지형, 소방 정보 등을 토대로 최적의 산불 진화 전략 수립을 위한 산불 진화 전문가 시스템의 설계 방법론 제시를 주목적으로 한다. 기존의 산불 정보 시스템들은 GIS 데이터와 기상 관련 데이터, 산불 발생 지점에 대한 지형 데이터를 이용하여, 산불 확산에 따른 피해 정도 및 확산 범위에 예측을 목표로 접근하고 있다. 그러나, 이를 활용하여 최적의 진화 전략을 생성시킬 수 있는 연구는 아직까지 제시된 바가 없다. 따라서 본 연구에서는 기존의 산불 정보 시스템을 기반으로 이산 사건 모델링 및 시뮬레이션 기법, 규칙기반 SES (RUSES: Rule-based System Entity Structure), 그리고 유전 알고리즘 등을 이용하여 최적의 산분 진화 전략을 생성할 수 있는 산불 진화 전문가 시스템의 설계 방법론을 제안한다.

• Proceedings of the KOSOMBE Conference
• /
• v.1995 no.05
• /
• pp.155-159
• /
• 1995

A design method that can easily construct intelligent patient monitoring systems is proposed. To achieve the design method, the SES/MB concept and a discrete event-based logic control formalism based on a set theory is introduced. In this control paradigm the controller expects to receive confirming sensor responses to its control commands within definite time windows determined by DEVS model of the system under control. Because data to be used for rule-based symbolic reasoning are to be abstracted, several AI methods are applied the processes. These methods are applied to intelligent patient monitoring systems so that they facilitate transformation from low level raw data to high level linguistic data. Model-based system representations have advantages of reusability, extensibility, flexsibility, independent testability and encapsulation.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2002.11a
• /
• pp.29-37
• /
• 2002

본 논문은 가상 공격 시뮬레이션을 위한 공격자 및 리눅스 기반 호스트에 대한 모델링 방법의 제안을 주목적으로 한다. 최근, Amoroso는 보안 메커니즘 중심의 침입 모델을 제안하였으나, 시뮬레이션 접근이 분명치 않은 단점이 있다. 또한, Cohen은 원인-결과 모델을 이용하여 사이버 공격과 방어를 표현한 바 있으나, 개념적 단계의 추상화 모델링으로 인해 실제 적용이 어려운 실정이다. 이를 해결하고자 하는 시도로 항공대 지능시스템 연구실에서 SES/MB 프레임워크를 이용한 네트워크 보안 모델링 및 시뮬레이션 방법을 제안한 바 있으나, 공격에 따른 호스트의 복잡한 변화를 표현하기에는 부족하다. 이러한 문제점들을 해결하고자, 본 논문에서는 시스템의 구조를 표현하는 기존 SES에 합성용 규칙기반 전문가 시스템 방법론을 통합한 Rule-Based SES를 적용하여 공격자를 모델링하고, DEVS를 기반으로 하는 네트워크 구성원을 모델링한다. 제안된 모델링 방법의 타당성을 검증하기 위해 본 논문에서는 샘플 네트워크에 대한 사례연구를 수행한다.

• Journal of the Korea Society for Simulation
• /
• v.7 no.2
• /
• pp.1-16
• /
• 1998

This paper presents an automated methodology for campus network design and performance analysis using the rule-based SES and DEVS modeling & simulation techniques. Proposed methodology for structural design and performance analysis can be utilized not only in the early stage of network design for selecting configurable candidate from all possible design alternatives, but also in simulation verification for generating performance data. Our approach supercedes conventional methodologies in that, first, it can support the configuration automation by utilizing the knowledge of design expert ; second, it can provide the simulation-based performance evaluation ; third, it is established on the basis of the well-formalized framework so that it can support a hierarchical and modular system design. Several simulation tests performed on a campus network example will illustrate our technique.

• Journal of Digital Contents Society
• /
• v.3 no.2
• /
• pp.255-264
• /
• 2002

Multimedia is now applied to various real worlds. In particular, the focus of CSCW(Computer Supported Cooperated Work) for multimedia education system has increased. DOORAE is a framework for supporting development of applications running on distributed multimedia environment and multimedia distance education system. EDA is a system is able to detect automatically a software error based on distributed multimedia. It has been designed and implemented for construction and experiment of effective DOORAE environment. It detects an error by polling periodically the process with relation to session. Conventional method detects an error by polling periodically all the process. This papaer explains a performance analysis of an error detection system running on distributed multimedia environment using the rule-based SES and DEVS modeling and simulation techniques. In DEVS, a system has a time base, inputs, states, outputs, and functions.