Huy-Kang Kim

Quantitative Methodology to Assess Cyber Security Risks of SCADA system in Electric Power Industry

This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.

Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks*

ABSTRACT Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels’ ‘Network Security Situational A wareness(NSSA) is effectively determining the security situation of overall computer network on the basis of the relation between t he security events that occur in the several views. The process of situational awareness is divided into three stages of the ‘identification,’ ‘understanding’ and ‘prediction’. And ‘identifi cation’ and ‘understanding’ are prerequisites for ‘predicting’ and the following appropriate responses. But ‘identification and ‘understanding in the vast amount of information became more d ifficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the ‘identification and ’underst anding’ stages. And we identified the empirical effects of this system on the basis of the ‘VAST Challenge 2012’ data.Keywords: situational awareness, security visualization, honeycomb struc ture

A Study on Game Bot Detection Using Self-Similarity in MMORPGs

ABSTRACT Game bot playing is one of the main risks in Massively Multi-On line Role Playing Games(MMORPG) because it damages overall game playing environment, especially the balance of the in-game economy. There have been many studies to detect game bot. However, the previous detection models require continuous maintenance efforts to train and learn the game bots patterns whenever the game contents change. In this work, we have propos ed a machine learning technique using the self-similarity property that is an intrinsic attribute in game bots and automa ted maintenance system. We have tested our method and implemented a system to major three commercial games in South K orea. As a result, our proposed system can detect and classify game bots with high accuracy. Keywords: game bot detection, self-similarity, online game security I.Introduction * 다중 접속 역할 게임(이하 MMORPG)에는 자동 사냥 프로그램을 사용하여 부정한 방법으로 게임을 플레이하는 유저(이하 게임 봇)가 존재한다. 자동 사냥 프로그램이란 게임 클라이언트 및 서버 로직을 역 Received(06. 17. 2015), Modified(09. 14. 2015), Accepted(10. 05. 2015)†주저자, gimmesilver@ncsoft.com‡교신저자, cendar@korea.ac.kr(Corresponding author)

A study on vulnerability analysis and incident response methodology based on the penetration test of the power plant's main control systems

ABSTRACT DCS (Distributed Control System), the main control system of po wer plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS i s becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet desig ned for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usual ly have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and lo w failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendors pol icy. If DCS is exposed a potential vulnerability, serious concerns a re to be expected. In this paper, we conduct the penetration te st by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to dete ct the security infringement and react the incident effectively.Keyword : DCS security, log analysis, vulnerability analysis, penetrat ion test, incident response접수일(2013년 6월 12일), 수정일(2013년 12월 9일) 게재 확정일(2013년 12월 17일) * 본 연구는 고려대학교 정보보호대학원 석사학위 논문임.†주저자, sunyujin@koreatech.ac.kr‡교신저자, sangjin@koreatech.ac.kr (Corresponding author)