• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.107-113
• /
• 2021

Recently, large-scale research and efforts aimed at the smart world such as smart city, smart home, smart transportation, and smart care are continuing. As these smart worlds become more common, the expansion of connectivity with the Internet and the threat of cyber terrorism will be inevitable. Increasing the threat of cyber terrorism is increasing the likelihood of a massive disaster and safety accident. Therefore, in this paper, we examine smart worlds that are expanded in various forms and derive the security threat factors that smart worlds have. In addition, it is proposed to block the threat of terrorism from abroad if access from abroad is not required when constructing a smart world. Through this, we intend to present a method to eliminate cyber terror threats for the establishment and operation of a safe smart world.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.657-673
• /
• 2019

As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and shipbuilding ICT equipment industries is still lacking, and there is a lack of systematic methodologies through threat modeling. In this paper, the Data Flow Diagram was established in consideration of stakeholders approaching the ship system. Based on the Attack Library, which collects the security vulnerabilities and cases of ship systems, STRIDE methodologies and threat modeling using the Attack Tree are designed to identify possible threats from ships and to present ship cyber security measures.

• Journal of Digital Convergence
• /
• v.19 no.11
• /
• pp.327-339
• /
• 2021

The ultimate aim of this study is to examine the effect of security policy characteristics (policy threat, policy effectiveness, policy compliance cost, policy compliance self-efficacy, social influence) on organizational information security policy compliance motivation based on TTAT (Technology Threat Avoidance Theory). We found the following results. First, the security policy threat has a significant positive effect on policy compliance motivation. Second, it was found that the policy effectiveness has a statistically significant effect on the compliance motivation. Third, the policy compliance cost has an influence on the policy compliance motivation. Fourth, the policy compliance self-efficacy does not have an effect on compliance motivation. Finally, social influence has a significant effect on compliance motivation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.587-596
• /
• 2024

Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.7
• /
• pp.4482-4488
• /
• 2014

This paper proposes the creation scheme of a threat map for robot global path planning. The threat map was generated using neural network theory by analyzing the robot's armament state and the menace information of an enemy or obstacle. In addition, the performance of the suggested method was verified using the compared result of the damage amount and existing robot path data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.260-280
• /
• 2020

Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

• The Transactions of the Korean Institute of Electrical Engineers P
• /
• v.66 no.2
• /
• pp.76-81
• /
• 2017

In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.20 no.2
• /
• pp.47-57
• /
• 2012

The strengthened aviation security measurements caused by increased terror threat all around the world have air passengers annoyed by uneasy treatment and some delayed process. The service level of air travel and competitiveness of airlines industry has been weakened also. The aviation security process is mainly conducted at an airport. The threat level of airport is not usually same airport to airport, and the quality of aviation security activity is neither same. However, ICAO requires every international airport to conduct similar process to ensure aviation security without considering situational difference of each airport. The paper has objectives to develop reasonable security measurements based on risk management concept. It studied the ways of achieving target level of security of an airport, considering the threat situation of the airport and its ability to conduct security procedures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.2
• /
• pp.39-48
• /
• 2022

The application of digital technology to instrumentation and control systems in nuclear power plants has overcome many shortcomings of analog technology, but the threat of cybersecurity has increased. Along with other systems, the reactor protection system also uses digital-based equipment, so responding to cybersecurity threats is essential. We generally determine cybersecurity threats according to the role and function of the system. However, since the instrumentation and control system has various systems linked to each other, it is essential to analyze cybersecurity threats together between the connected systems. In this paper, we analyze the cybersecurity threat of the reactor protection system with the associated facilities. To this end, we quantitatively identified the risk of the reactor protection system by considering safety functions, a communication type, the use of analog or digital-based equipment of the associated systems, and the software vulnerability of the configuration module of the reactor protection system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.10
• /
• pp.2180-2186
• /
• 2010

As the substantial increase in battlefield density, multiple and complex weapon systems, Ensuring the Survivability of the platform has been emphasized. Most of platforms have equipped with ASE (Aircraft Survivability Equipment) system in order to protect the platform and operator against at modernized hostile weapon. ASE system enhance the survivability of the platform through providing accurate situation awareness information by detecting and countermeasuring hostile threats. One of Key factor of the AE system performance is handling multiple and complex threats. In this study, it describes the fact that the performance of ASE system with proposed threat integration algorithm is verified in the developed threat emulation system and also, suggests system verification method before deployment by dealing with complex threat situation.