• Journal of the Korea Institute of Military Science and Technology
• /
• v.23 no.3
• /
• pp.267-276
• /
• 2020

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a stateful traffic generator that provide network background traffic for cyber warfare training. The proposed architecture is designed for generating traffic similar to real system traffic, so the trainee can perform more realistic training.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.191-199
• /
• 2020

Cyber warfare training is a key factor for boosting cyber warfare competence. In general, cyber warfare training is conducted by scenarios, and the effects of training can be enhanced by including various elements in the scenarios that can improve the quality of training. In this paper, we introduce the training information, network map, traffic generation policy, threat/defense behavior identified as elements to be included in training scenarios, and propose a method of authoring training scenarios by layering and combining them. We also propose a database design for integrated management of each scenario layer. The layered training scenario authoring method has the advantage of increasing convenience of authoring by reusing existing layers and extending training scenarios based on various combinations between the layers.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.6
• /
• pp.857-860
• /
• 2021

The 21st century society has entered the fourth industrial society of machine to machine from the information society of human to machine. Accordingly, countries around the world are always operating efficient crisis management systems that can quickly respond to disasters or crises. As cyber attacks such as cyber warfare are actually progressing, countries around the world are conducting defense training in response to cyber attacks, and reflecting the results of simulation attacks in improving or building security systems. In this paper, we would like to consider the future cyber training development guide by comparing and analyzing the trends of cyber training in domestic and foreign countries.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.71-80
• /
• 2020

In order to provide realistic traffic to the cyber warfare training system, it is necessary to prepare a traffic distribution plan in advance and to create a training data set using normal/threat data sets. This paper presents the design and implementation results of a method for creating a traffic distribution plan and a training data set to provide background traffic like a real environment to a cyber warfare training system. We propose a method of a traffic distribution plan by using the network topology of the training environment to distribute traffic and the traffic attribute information collected in real and simulated environments. We propose a method of generating a training data set according to a traffic distribution plan using a unit traffic and a mixed traffic method using the ratio of the protocol. Using the implemented tool, a traffic distribution plan was created, and the training data set creation result according to the distribution plan was confirmed.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2018

Theorists of war have often used Clausewitz's trinity theory as a framework for analyzing war strategies and histories. Heretofore, studies on cyber warfare have focused primarily on laws, policies, structuring organizations, manpower, and training pertaining to preparing the cyberspace for war. Currently, studies highlighting the comparative characteristics of war in cyberspace, how it differs from conventional warfare, and analytical frameworks for understanding war in cyberspace are rare. Using Clausewitz's trinity theory, this paper interprets the essence of war from the perspectives of (1) Intellect, (2) Bravery, and (3) Passion, to propose an analytical model for understanding war in cyberspace, one that factors in the intrinsic qualities and characteristics of cyberspace under spatial and temporal constraints. Furthermore, this paper applies the aforementioned analytical model to the Iraq War and concludes with a theoretical illustration that cyber warfare played a significant role in winning the war.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.22 no.6
• /
• pp.797-805
• /
• 2019

Threats targeting cyberspace are becoming more intelligent and increasing day by day. To cope with such cyber threats, it is essential to improve the coping ability of system security officers. In this paper, we propose a simulated threat generator that automatically generates cyber threats for cyber defense training. The proposed Simulated Threat Generator is designed with MITRE ATT & CK(Adversarial Tactics, Techniques and Common Knowledge) framework to easily add an evolving cyber threat and select the next threat based on the threat execution result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.533-540
• /
• 2016

It is important to establish the environment for cyber warrior training, testing support and effectiveness analysis in order to cope with sharply increasing cyber threat. However, those practices cannot be easily performed in real world and are followed with many constraints. In this paper, we propose a live/virtual M&S-based system for training/testing and constructive M&S-based system for effectiveness analysis to provide an environment similar to real world. These can be utilized to strengthen the capability to carry out cyber war and analyze the impact of cyber threat under the large-scale networks.

• Convergence Security Journal
• /
• v.1 no.1
• /
• pp.69-81
• /
• 2001

As soon as possible, our military have to trainning the information security manpower for Cyber Warfare, it should be block the foreign infowarrior to go by way of other country from our system. An emergency, we can protect our military information system and this thesis provide checkpoint about how we consider about trainning the infowarrior for future war.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.15-24
• /
• 2020

Cyber terror and cyberwarfare are no longer virtual, but real, and as an actual security situation, it is necessary to have new understanding through expanding the concept of war to neutralize not only the other country's military command system, but also the country's main functions such as telecommunications, energy, finance, and transport systems, and it also needs to establish the future development strategy of cyber terror response at the national level. Through analysis of cyberwarfare trends in each country and current status of cyberwarfare in Korea, it will systematically explore the demand of new policy based on laws and systems, including the strategies of cyber security technology development, industry promotion, and manpower training and existing information protection policies. through this, it effectively manages a sustainable national crisis, and it suggests to establish a future strategy for the medium and long term cyber security that can effectively and actively respond to cyberwarfare.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.87-93
• /
• 2022

Since 99% of PCs operating in the defense domain use the Windows operating system, detection and response of Window-based malware is very important to keep the defense cyberspace safe. This paper proposes a model capable of detecting malware in a Windows PE (Portable Executable) format. The detection model was designed with an emphasis on rapid update of the training model to efficiently cope with rapidly increasing malware rather than the detection accuracy. Therefore, in order to improve the training speed, the detection model was designed based on a Bidirectional LSTM (Long Short Term Memory) network that can detect malware with minimal sequence data without complicated pre-processing. The experiment was conducted using the EMBER2018 dataset, As a result of training the model with feature sets consisting of three type of sequence data(Byte-Entropy Histogram, Byte Histogram, and String Distribution), accuracy of 90.79% was achieved. Meanwhile, it was confirmed that the training time was shortened to 1/4 compared to the existing detection model, enabling rapid update of the detection model to respond to new types of malware on the surge.