KR102036707B1 - Method for analyzing mission impact factor based on dependency of assets to tasks - Google Patents

Method for analyzing mission impact factor based on dependency of assets to tasks Download PDF

Info

Publication number
KR102036707B1
KR102036707B1 KR1020170144081A KR20170144081A KR102036707B1 KR 102036707 B1 KR102036707 B1 KR 102036707B1 KR 1020170144081 A KR1020170144081 A KR 1020170144081A KR 20170144081 A KR20170144081 A KR 20170144081A KR 102036707 B1 KR102036707 B1 KR 102036707B1
Authority
KR
South Korea
Prior art keywords
layer
impact
node
mission
influence
Prior art date
Application number
KR1020170144081A
Other languages
Korean (ko)
Other versions
KR20190048841A (en
Inventor
정현숙
박무성
윤지원
전영배
Original Assignee
국방과학연구소
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 국방과학연구소 filed Critical 국방과학연구소
Priority to KR1020170144081A priority Critical patent/KR102036707B1/en
Publication of KR20190048841A publication Critical patent/KR20190048841A/en
Application granted granted Critical
Publication of KR102036707B1 publication Critical patent/KR102036707B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/50Computer-aided design
    • G06F17/5009Computer-aided design using simulation

Abstract

The present invention relates to a task impact analysis method based on dependency between an asset and a mission, and extracting a node requiring an impact factor calculation based on dependency information between network layers. ; Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And transferring a result of calculating the influence degree of the extracted node to a node of a next network layer.

Description

METHODS FOR ANALYZING MISSION IMPACT FACTOR BASED ON DEPENDENCY OF ASSETS TO TASKS}

The present invention relates to a task impact analysis method based on dependency between assets and tasks.

The Mission Impact Analysis System delivers the impact between each layer through the dependencies between the Asset and Function layers, and the dependencies between the Function and Mission layers. It is a system that analyzes and quantifies the extent to which network assets affect a mission.

Conventional task impact assessment system has no dependence between asset class and task class, so it is impossible to transmit the influence between layers. Therefore, there is an inefficient aspect in which the dependency of each asset class and task class must be individually identified and managed.

In addition, as the number of assets and application services increases, the amount of data required to calculate mission impact increases exponentially. In particular, external network attacks, such as military organizations, occur in seconds. In the environment, it is necessary to carry out and monitor impact assessments for the final mission as quickly as possible while accommodating a large impact calculation load.

Korea Patent Registration 10-1229851 (2013.01.30 registration)

In the embodiment of the present invention, by managing the asset layer and the mission layer on the network based on the interdependence, it is possible to practically grasp the impact on the asset layer, for example, the degree of cyber attack on the mission layer. We propose a task impact analysis technique based on dependency between assets and tasks.

In addition, in the embodiment of the present invention, the dependency impact between the asset and the task that can quickly and accurately grasp the asset-mission impact by performing optimization and parallelization operations for the interdependence analysis between the asset layer and the task layer on the network We also propose a technique for analyzing degrees.

The problem to be solved by the present invention is not limited to the above-mentioned, another problem to be solved is not mentioned can be clearly understood by those skilled in the art from the following description. will be.

According to an embodiment of the present invention, there is provided a method comprising: extracting a node requiring an impact factor calculation based on dependency information between network layers; Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And it may provide a dependency impact analysis method based on the dependency between the asset (Asset) and the mission (Mission) comprising the step of delivering the result of the impact calculation of the extracted node to the node of the next network layer.

Here, the network layer may include an asset layer, an application layer, a service layer, and a task layer.

In addition, the calculating may include vectorizing dependency information of the asset hierarchy.

In addition, the delivering may include transferring the impact calculation result from the asset layer to the mission layer.

In addition, the extracting step may include: examining affected nodes from nodes of a lower layer from the asset layer to the task layer; And examining the affected node from a node of a higher layer from the task layer to the asset layer.

According to an embodiment of the present invention, there is provided a method including extracting a node requiring an impact calculation based on dependency information between network layers; Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And transmitting a result of the influence calculation of the extracted node to a node of a next network layer.

According to an embodiment of the present invention, there is provided a method including extracting a node requiring an impact calculation based on dependency information between network layers; Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And delivering a result of the influence calculation of the extracted node to a node of a next network layer.

According to an embodiment of the present invention, by managing the asset layer and the mission layer on the network based on the interdependence, it is possible to substantially grasp the impact on the asset layer, for example, the degree of cyber attack on the mission layer, Asset and mission impacts can be quickly and accurately identified by performing optimization and parallelization operations for interdependence analysis between asset and task layers. As a result, it is possible to implement a system having a linear calculation speed even though the number of assets increases by reducing the process of calling data from a database and vectorizing the data for parallel processing. In particular, according to the embodiment of the present invention, it is most suited to the demand of a military or a company having a lot of assets and missions to undergo cyber war. In the case of the military, the mission of the military exists, and in the case of a company, the organization is operated based on business processes. When you have a problem with the whole process, you can suggest the next best way to bypass it in a good way.

1 is a network hierarchy diagram for task impact analysis based on dependency between assets and tasks according to an embodiment of the present invention.
2 is a diagram illustrating a system configuration for analyzing a task impact based on dependency between assets and a task according to an exemplary embodiment of the present invention.
3 and 4 are conceptual views illustrating an example of a method for analyzing a task impact based on dependency between assets and a task, for example, a node extraction process, according to an exemplary embodiment of the present invention.
5A to 5D are conceptual diagrams illustrating an example of a method for analyzing a task impact based on a dependency between an asset and a task according to an embodiment of the present invention, for example, an impact calculation process.

Advantages and features of the present invention and methods for achieving them will be apparent with reference to the embodiments described below in detail with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but can be implemented in various forms, only the embodiments are to make the disclosure of the present invention complete, and those skilled in the art to which the present invention pertains. It is provided to fully inform the scope of the invention, and the scope of the invention is defined only by the claims.

In describing the embodiments of the present invention, detailed descriptions of well-known functions or configurations will be omitted unless they are actually necessary in describing the embodiments of the present invention. The terms to be described below are terms defined in consideration of functions in the embodiments of the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the specification.

According to an embodiment of the present invention, the impact of an asset layer, for example, a cyber attack, on a network by managing an asset layer and a mission layer on a dependency basis based on interdependency, This paper proposes a technology for task impact analysis of network assets that can grasp the extent of the impact on the network and perform the optimization and parallelization operation for analyzing the dependency between the asset layer and the task layer.

Terms mentioned in the embodiment of the present invention may be defined as follows.

Asset: Can be defined as nodes (eg, sensors, cameras, terminals, servers, etc.) located at the network end.

Function: It may be defined as an application service implemented using a plurality of assets, for example, a process, an application, a program, and the like.

Task: Can be defined as a final task implemented using multiple functions, eg anomaly detection, weapon system analysis, etc.

Impact: A measure of the damage to an asset or mission from a cyber attack on an asset.

Hereinafter, with reference to the accompanying drawings will be described in detail an embodiment of the present invention.

1 is a network hierarchy diagram for task impact analysis based on dependency between assets and tasks according to an embodiment of the present invention.

As shown in FIG. 1, the network layer for mission impact analysis according to an embodiment of the present invention includes an asset layer 10, a function layer 20, a mission layer 30, and a service layer 100. can do.

The embodiment of the present invention further includes a service layer 100 between the functional layer 20 and the mission layer 30, and these layers 10, 20, 30, and 100 are interdependently connected.

In the past, since the user identified and managed both the dependence of the asset and the task, the user who was in charge of the task could not grasp the application service of the asset owned by the organization.

In the embodiment of the present invention, by adding the service layer 100 between the asset layer 20 and the mission layer 30 in the cyber network layer, the user can be divided into two groups to manage the service system and the application service, respectively.

In the cyber warfare of seconds, mission impact assessment should be done at any time in order to compare the capacity of existing missions with the capacity reduced by damage, and to select the most efficient mission among the proposed workarounds in the shortest time.

In the embodiment of the present invention, as the service layer 100 is added, the number of nodes and the number of dependencies increase greatly, which may require more time for calculation. In order to improve this, in an embodiment of the present invention, an optimization technique and a parallel processing technique may be applied.

The information needed in the process of transferring the impact from one layer to the next, for example asset layer 10 to functional layer 20, is the dependencies and operators between each layer.

E.g,

Figure 112017108091001-pat00001
Let be a vector of columns of values from the previous layer,
Figure 112017108091001-pat00002
If the assumed that the i-th row in the dependency matrix between the two layers, the b i i-th element of the next layer can be expressed by the following equation (1).

Figure 112017108091001-pat00003

2 is a system configuration diagram for analyzing a task impact based on a dependency between an asset and a task according to an embodiment of the present invention. The system for dependency based task impact analysis includes a node extracting unit 102 and an impact calculating unit. 104 may be included.

The node extractor 102 may extract a node for which an impact calculation is required based on the dependency information between the layers 10, 20, 30, and 100. In this case, the node extraction may mean, for example, extracting a node damaged by receiving a cyber attack or the like from the database in the asset layer 10.

The influence calculator 104 may calculate the influence of the node having dependency information in the layer by using the influence of the upper layer nodes of the layers 10, 20, 30, and 100. At this time, in the embodiment of the present invention, for example, only for one node among the nodes having dependency information in each layer using the degree of influence of the upper layer node of each layer 10, 20, 30, 100. Influence can be calculated.

3 and 4 are conceptual diagrams illustrating an example of a method for analyzing a task impact based on dependency between assets and a task, for example, a node extraction process according to an embodiment of the present invention.

The node extraction process according to an embodiment of the present invention may include a process of extracting a node requiring an impact calculation based on dependency information between the layers 10, 20, 30, and 100.

As shown in Fig. 3, the computed nodes of the next layer are examined based on the dependency information from the damaged asset to the next application service layer, and the same procedure is applied to each next layer to be affected by the next target nodes. Nodes can be searched in turn to pinpoint tasks containing damage to assets in the final tier, the mission tier.

In FIG. 4, the affected nodes are examined as the work repeated in FIG. 3 proceeds in the opposite direction of the hierarchy. Finally, the hatched nodes of FIG. 4 are calculated as the target nodes of the quantization algorithm.

5A to 5D are conceptual diagrams illustrating an example of a task impact analysis method based on dependency between assets and tasks according to an embodiment of the present invention, for example, an impact calculation process.

In an embodiment of the present invention, an optimization technique may mean an operation of preventing duplicate calculation of a process process using a buffer. When the influence degree i is the accumulated influence degree calculated through the previous influence degree of the i- th node, the procedure for calculating the influence value i is shown in steps 5a to 5d.

In FIG. 5A to FIG. 5D, an arrow means a node currently being calculated and a hatched node means nodes that have already obtained an influence degree.

First, FIG. 5A assumes nodes 3, 5, and 8 that are currently being computed, with node 1 and node 2 being computed, and node 3 and node 4 depend on each other within a hierarchy. It is referred to as a node.

FIG. 5B illustrates an example of calculating the influence of node 3 using the influence of node 2 and then calculating the influence of node 5 using the influence of node 3. FIG. Conventionally, after calculating the influence of node 3, the influence of node 3 and node 4 having dependencies are calculated together. However, in the embodiment of the present invention, since the influence of node 3 is already calculated, the influence on node 4 is calculated. May be omitted. Conversely, if the influence of node 4 is calculated in advance, calculation of the influence of node 3 having a dependency with node 4 can be omitted.

In FIG. 5C, the influence of node 5 may be calculated using the influence of node 3 or node 4. Finally, in FIG. 5D, the influence of node 8 may be calculated using the influence of node 5.

As described above, according to the embodiment of the present invention, the asset layer and the mission layer on the network are managed based on the interdependency, so that the impact on the asset layer, for example, the degree to which the cyber attack affects the mission layer can be practically understood. In addition, optimization and parallelization operations for the analysis of interdependencies between asset and mission layers on the network can be performed to quickly and accurately identify asset-mission impacts.

On the other hand, the combination of each block in the accompanying block diagram and each step in the flowchart may be performed by computer program instructions. These computer program instructions may be mounted on a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment, such that the instructions executed by the processor of the computer or other programmable data processing equipment are described in each block of the block diagram. It creates a means to perform the functions.

These computer program instructions may be stored on a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block of the block diagram.

In addition, computer program instructions may be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to generate a computer or other program. Instructions that perform possible data processing equipment may also provide steps for performing the functions described in each block of the block diagram.

In addition, each block may represent a portion of a module, segment, or code that includes at least one or more executable instructions for executing a specified logical function (s). It should also be noted that in some alternative embodiments, the functions noted in the blocks may occur out of order. For example, the two blocks shown in succession may in fact be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending on the corresponding function.

10: Asset hierarchy
20: functional layer
30: Mission Tier
100: service layer
102: node extraction unit
104: impact calculation unit

Claims (7)

  1. Extracting a node requiring an impact factor calculation based on dependency information between network layers;
    Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And
    Delivering the result of the impact calculation of the extracted node to a node of a next network layer.
    How to analyze mission impact based on dependencies between Assets and Missions.
  2. The method of claim 1,
    The network layer,
    Including asset layer, application layer, service layer and mission layer
    How to analyze the impact of a mission based on dependencies between assets and tasks.
  3. The method of claim 2,
    The calculating step,
    Vectorizing the dependency information of the asset hierarchy;
    How to analyze the impact of a mission based on dependencies between assets and tasks.
  4. The method of claim 2,
    The delivering step,
    Delivering the impact calculation result from the asset hierarchy to the mission hierarchy;
    How to analyze the impact of a mission based on dependencies between assets and tasks.
  5. The method of claim 2,
    The extracting step,
    Examining affected nodes from nodes in lower layers from the asset layer to the task layer; And
    Investigating affected nodes from nodes of a higher layer from the mission layer to the asset layer;
    How to analyze the impact of a mission based on dependencies between assets and tasks.
  6. A computer readable recording medium having a computer program stored thereon that allows a processor to perform a method for analyzing a task impact based on asset-to-task dependencies.
    The mission impact analysis method,
    Extracting a node requiring an impact calculation based on dependency information between network layers;
    Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And
    A program is recorded that includes a command to perform a step of transferring the result of the impact calculation of the extracted node to a node of a next network layer.
    Computer-readable recording media.
  7. A computer program stored on a computer-readable recording medium for the processor to perform a method of analyzing the impact of an asset-based task based on its dependencies.
    The mission impact analysis method,
    Extracting a node requiring an impact calculation based on dependency information between network layers;
    Calculating the influence of the extracted node using the influence of the nodes of the lower network layer; And
    Delivering the result of calculating the influence of the extracted node to a node of a next network layer;
    Computer program stored on a computer readable recording medium.
KR1020170144081A 2017-10-31 2017-10-31 Method for analyzing mission impact factor based on dependency of assets to tasks KR102036707B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020170144081A KR102036707B1 (en) 2017-10-31 2017-10-31 Method for analyzing mission impact factor based on dependency of assets to tasks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020170144081A KR102036707B1 (en) 2017-10-31 2017-10-31 Method for analyzing mission impact factor based on dependency of assets to tasks

Publications (2)

Publication Number Publication Date
KR20190048841A KR20190048841A (en) 2019-05-09
KR102036707B1 true KR102036707B1 (en) 2019-10-25

Family

ID=66545732

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020170144081A KR102036707B1 (en) 2017-10-31 2017-10-31 Method for analyzing mission impact factor based on dependency of assets to tasks

Country Status (1)

Country Link
KR (1) KR102036707B1 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9262632B2 (en) * 2010-11-03 2016-02-16 Virginia Tech Intellectual Properties, Inc. Using power fingerprinting (PFP) to monitor the integrity and enhance security of computer based systems
KR101229851B1 (en) 2011-12-27 2013-02-05 한국과학기술원 Data parallel deduplication system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"A11-IP 전술네트워크 기반 무기체계 정보유통 보장방안 연구", 아주대학교 장위국방연구소, 2014.12.22.
박길성 외 5인, "사이버 공간의 동학적 원리와 통신정책", 정보통신정책연구원, 2009.10.

Also Published As

Publication number Publication date
KR20190048841A (en) 2019-05-09

Similar Documents

Publication Publication Date Title
Smith et al. treePL: divergence time estimation using penalized likelihood for large phylogenies
Stützle Iterated local search for the quadratic assignment problem
US9715675B2 (en) Event-driven customizable automated workflows for incident remediation
US7530105B2 (en) Tactical and strategic attack detection and prediction
US8539586B2 (en) Method for evaluating system risk
Nam et al. Heterogeneous defect prediction
US8756171B2 (en) Generating predictions from a probabilistic process model
Nguyen et al. Studying the impact of dependency network measures on software quality
WO2011142988A1 (en) Risk element consolidation
Zhou et al. Maintenance optimisation of a multi-state series–parallel system considering economic dependence and state-dependent inspection intervals
US20130227695A1 (en) Systems and methods for fixing application vulnerabilities through a correlated remediation approach
Lakshmanan et al. A markov prediction model for data-driven semi-structured business processes
US20130304439A1 (en) Tolerances on simulated behavior
JP4795417B2 (en) Entity relationship mining apparatus and method
US20120101974A1 (en) Predicting Outcomes of a Content Driven Process Instance Execution
Franke et al. Enterprise architecture dependency analysis using fault trees and bayesian networks
Adenso-Díaz et al. An efficient GRASP algorithm for disassembly sequence planning
US8655805B2 (en) Method for classification of objects in a graph data stream
Saxena et al. Requirements specification for prognostics performance-an overview
Brummitt et al. The Sampled Red List Index for Plants, phase II: ground-truthing specimen-based conservation assessments
Rafique et al. Evolutionary algorithms for classification of malware families through different network behaviors
US20130346467A1 (en) Efficient egonet computation in a weighted directed graph
US8224681B2 (en) Optimizing a security patrolling strategy using decomposed optimal Bayesian Stackelberg solver
Seol et al. Design process modularization: concept and algorithm
Guariniello et al. Communications, information, and cyber security in systems-of-systems: Assessing the impact of attacks through interdependency analysis

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant