• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.673-689
• /
• 2022

We propose an APT attack scoring method as a part of the process for detecting and responding to APT attacks. First, unlike previous work that considered inconsistent and subjective factors determined by cyber security experts in the process of scoring cyber attacks, we identify quantifiable factors from components of MITRE ATT&CK^Ⓡ techniques and propose a method of quantifying each identified factor. Then, we propose a method of calculating the score of the unit attack technique from the quantified factors, and the score of the entire APT attack composed of one or more multiple attack techniques. We present the possibility of quantification to determine the threat level and urgency of cyber attacks by applying the proposed scoring method to the APT attack reports, which contains the hundreds of APT attack cases occurred worldwide. Using our work, it will be possible to determine whether actual cyber attacks have occurred in the process of detecting APT attacks, and respond to more urgent and important cyber attacks by estimating the priority of APT attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• Journal of The Geomorphological Association of Korea
• /
• v.28 no.4
• /
• pp.15-30
• /
• 2021

This study analyzed the changes in land-cover and sedimentary environment before and after flooding through drone images and sediment analysis for the Seomjin River Chimsil Wetland. The results showed that the area of some land-covers such as sand bar, grass, and trees were continuously changed. The acidity level of the sediments in the Seomjin River Chimsil Wetland was weakened gradually by flooding and EC was also decreased. The levels of organic matter, effective phosphoric acid, and CEC, however, were fluctuating depending on branches, which seems to be the result of landization as new sedimentary environment was developed and vegetation was settled after the flood. Average mean size of river sediments was found to be fine sand, and it exhibited various particle size characteristics from granule to medium silt depending on the location. As the sedimentary environment changed due to the effects of floods and typhoons, the particles were granulated or grain refined depending on the position. In the Seomjin River Chimsil Wetland, there were factors that could interfere with geomorphic development and sedimentary environment, contamination sources in and around the wetland, and natural threat factors. Therefore, in this study, a conservation and management plan was proposed to remove these threat factors and to preserve the scarcity, naturalness, and dynamics of Seomjin River Chimsil Wetland.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• Strategy21
• /
• s.37
• /
• pp.5-31
• /
• 2015

The Republic of Korean Navy (ROKN) started from scratch. However, ROKN demonstrated its Blue Navy capabilities successfully to the entire world by conducting "Operation Early Dawn" at the Aden Bay, Yemen in Jan 2011. On the event of the 70th anniversary of the ROKN, I would like to retrospect past gleaning from voyages and challenges we had in the past. At the very inception of the ROKN, Korean government as well as senior military leaders recognized that it had no time to spare to clean up military those were insinuated deeply by communist agents. It was the top priority of the government. The Mongumpo Operation which was not well known, conducted by ROKN was one of the clean-up drive. The Korean War sometimes called as "a fire from land put-off at the sea". The world famous "Incheon Landing" which reversed war situation from the Nakdong Perimeter also done by Sea Power. ROKN conducted various maritime operations including not only Incheon Landing, but amphibious operation at Hungnam, mine sweeping, sea convoy, Wonsan Withdrawal. On the same day of the Korean War started, 25th June 1950, unless the victory of the ROKNS Baekdusan (PC 701) at the Korean Strait, the waning lamp light of Korea could not be rekindled by the participation of the U.N. The ROKN rescued the 17th regiment of Korean Army from the isolation at the Ongjin Peninsular and transported gold and silver bars stored at the Bank of Korea to the Navy supply deposit in Jinhae safely. ROKN special intelligence unit conducted critical HUMINT which led Incheon Landing success. One of important mission ROKN conducted successfully was not only transporting war fighting materials but also U.S. provided grains to starving Koreans. ROKN participated Vietnam campaign from 1960s and conducted numerous maritime transportation operations supplying materials to Vietnam military forces along the long coastal lines. Experienced Naval Officers and enlisted men who discharged and acquired as merchant marine certificate supported most of the U.S. sea lift operations throughout the Vietnam campaign. ROK-US Combined Forces which had been honed and improved its war fighting capabilities through the Korean War and out of Vietnam jungle playing key deterrent against threat from north Korea. However, those threat level will be completely different when north Korea finish its nuclear weapon ambition. In order to stand firm against north Korean nuclear threat, I would like to expect strong political leadership supporting nuclear submarine for ROKN.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Journal of the Korea Society for Simulation
• /
• v.32 no.3
• /
• pp.9-21
• /
• 2023

The recent conflict between Russia and Ukraine underscores the significant of military logistics support in modern warfare. Military logistics support is intricate and specialized, and traditionally centered on the mission-level operational analysis and functional models. Nevertheless, there is currently increasing demand for military logistics support even at the engagement level, especially for resupply using unmanned transport assets. In response to the demand, this study proposes a task model of the military logistics support for engagement-level analysis that relies on the logic of ammunition resupply below the battalion level. The model employs a decisions tree to establish the priority of resupply based on variables such as the enemy's level of threat and the remaining ammunition of the supported unit. The model's feasibility is demonstrated through a combat simulation using OneSAF.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.23 no.4
• /
• pp.381-388
• /
• 2020

Weapon target assignment problem is an essential technology for automating the operator's rapid decision-making support in a battlefield situation. Weapon target assignment problem is a kind of the optimization problem that can build up an objective function by maximizing the number of threat target destructed or maximizing the survival rate of the protected assets. Weapon target assignment problem is known as the NP-Complete, and various studies have been conducted on it. Among them, a greedy heuristic algorithm which guarantees (1-1/e) approximation has been considered a very practical method in order to enhance the applicability of the real weapon system. In this paper, we formulated the weapon target assignment problem for supporting decision-making at the level of artillery. The lazy strategy based on hierarchical structure is proposed to accelerate the greedy algorithm. By experimental results, we show that our algorithm is more efficient in processing time and support the same level of the objective function value with the basic greedy algorithm.

• 한국방재학회:학술대회논문집
• /
• 2008.02a
• /
• pp.405-408
• /
• 2008

Up to now, a lot of houses, roads and other urban facilities have been damaged by natural disasters such as flash floods and landslides. It is reported that the size and frequency of disasters are growing greatly due to global warming. In order to mitigate such disaster, flood forecasting and alerting systems have been developed for the Han river, Geum river, Nak-dong river and Young-san river. These systems, however, do not help small municipal departments cope with the threat of flood. In this study, a real-time urban flood forecasting service (U-FFS) is developed for ubiquitous computing city which includes small river basins. A test bed is deployed at Tan-cheon in Gyeonggido to verify U-FFS. It is found that U-FFS can forecast the water level of outlet of river basin and provide real-time data through internet during heavy rain. Furthermore, it is expected that U-FFS presented in this study can be applied to ubiquitous computing city (u-City) and/or other cities which have suffered from flood damage for a long time.

• Health Policy and Management
• /
• v.32 no.4
• /
• pp.380-388
• /
• 2022

Background: Emerging infectious diseases, such as Middle East respiratory syndrome or coronavirus disease 2019, pose a continuous threat to public health, making a risk assessment necessary for infectious disease control and prevention. Therefore, we aimed to investigate the risk assessment methods for infectious diseases used by major foreign countries and organizations. Methods: We conducted an investigation and comparative analysis of risk assessment and risk determination methods for infectious diseases. The risk assessment tools included the strategic toolkit for assessing risks, influenza risk assessment tool, pandemic severity assessment framework, and rapid risk assessment methodology. Results: The most frequently reported risk elements were disease severity, antiviral treatment, attack rate, population immunity, and basic productive ratio. The risk evaluation method was evaluated quantitatively and qualitatively by the stakeholders at each institution. Additionally, the final risk level was visualized in a matrix, framework, and x and y-axis. Conclusion: Considering the risk assessment tools, the risk element was classified based on the duplicate of each indicator, and risk evaluation and level of risk assessment were analyzed.