Search

KR-102964029-B1 - CYBER RESILIENCE ANALYSIS SYSTEM AND METHOD USING INTELLIGENT RED TEAM AGENT

KR102964029B1KR 102964029 B1KR102964029 B1KR 102964029B1KR-102964029-B1

Abstract

The cyber resilience analysis system includes a digital twin processing unit that generates a digital twin implementing a digital object at the same level as the actual system of the mission-critical system, a cyber twin processing unit that generates a cyber twin implementing a cyber twin environment of the mission-critical system by analyzing the physical characteristics and behavior of the digital object, and a database that stores the attack objectives and methods of cyber attacks against the mission-critical system, and stores the correlations between resilience techniques, attack countermeasures, and K-RMF security control items corresponding to the attack objectives and methods.

Inventors

  • 안명길
  • 김동화
  • 김용현
  • 권미영
  • 이동환
  • 김주엽
  • 최원우

Assignees

  • 국방과학연구소

Dates

Publication Date
20260511
Application Date
20250909

Claims (17)

  1. A digital twin processing unit that generates a digital twin implementing a digital object at the same level as the actual system of a mission-critical system; A cyber twin processing unit that generates a cyber twin that implements a cyber twin environment of the mission-critical system by analyzing the physical characteristics and operation of the digital object; and It includes a database that stores the attack objectives and methods of cyber attacks on the aforementioned mission-critical system, and stores the correlations between resilience techniques, attack response measures, and K-RMF security control items corresponding to the attack objectives and methods. The above digital twin is a physics-based real-time system, and the above cyber twin is a simulation system for analysis and prediction, and A cyber resilience analysis system in which the digital twin and the cyber twin form a hybrid twin environment in which they exchange feedback and operate complementarily, and in the hybrid twin environment, the cyber twin analyzes and predicts cyber attack scenarios, and the digital twin verifies the cyber attack scenarios of the cyber twin through a cyber attack simulated penetration software module.
  2. delete
  3. In Article 1, The above cyber twin is a cyber resilience analysis system that implements an intelligent red team agent performing cyber attacks on the cyber twin environment of the above mission-critical system.
  4. In Paragraph 3, The above cyber twin environment defines a state representing the current state of the mission-critical system and provides it to the intelligent red team agent, and The above intelligent red team agent is a cyber resilience analysis system that determines cyber attack behavior against the cyber twin environment based on the state of the cyber twin environment.
  5. In Paragraph 4, The above cyber twin environment calculates a reward based on the cyber attack actions of the intelligent red team agent and feeds it back to the intelligent red team agent, and The above intelligent red team agent is a cyber resilience analysis system that learns to derive the optimal cyber attack against the above mission-critical system using feedback rewards.
  6. In Paragraph 3, The above intelligent red team agent is a cyber resilience analysis system that obtains cyber attack scenarios by utilizing the attack objectives and attack methods of the mission-critical system targets stored in the above database.
  7. In Article 6, The above intelligent red team agent performs a cyber attack on a mission-critical system in the cyber twin environment using an attack objective and attack method selected according to the above cyber attack scenario, and The above cyber twin environment is a cyber resilience analysis system that analyzes resilience in response to the above cyber attack.
  8. In Article 7, A cyber resilience analysis system that analyzes that cyber resilience against the cyber attack is secured when the operation of the cyber attack is stopped by the defensive action of the mission-critical system in the above-mentioned cyber twin environment, and analyzes that additional cyber resilience functions against the cyber attack are required when the cyber attack is successful.
  9. In Article 8, A cyber resilience analysis system that, when the above cyber twin environment is analyzed to require additional cyber resilience functions, presents resilience techniques, attack response measures, and K-RMF security control items corresponding to attack objectives and attack methods based on the above database.
  10. A method for analyzing cyber resilience in a hybrid twin environment formed by a digital twin that implements a digital object at the same level as the actual system of a mission-critical system and a cyber twin that implements the cyber twin environment of said mission-critical system, The step of the above cyber twin implementing an intelligent red team agent; A step in which the intelligent red team agent obtains a cyber attack scenario by utilizing the attack objectives and attack methods of the mission-critical system target stored in the database; The above intelligent red team agent performs a cyber attack on a mission-critical system in the cyber twin environment using an attack objective and attack method selected according to the cyber attack scenario; and The above cyber twin environment includes a step of analyzing resilience in response to the cyber attack, and The above digital twin is a physics-based real-time system, and the above cyber twin is a simulation system for analysis and prediction, and A method for analyzing cyber resilience in which the digital twin and the cyber twin form a hybrid twin environment in which they exchange feedback and operate complementarily, and in the hybrid twin environment, the cyber twin analyzes and predicts cyber attack scenarios, and the digital twin verifies the cyber attack scenarios of the cyber twin through a cyber attack simulated penetration software module.
  11. In Article 10, A cyber resilience analysis method in which the above cyber twin environment is analyzed as having secured cyber resilience in response to the cyber attack when the operation of the cyber attack is stopped by the defensive action of the mission-critical system.
  12. In Article 10, A cyber resilience analysis method that analyzes that if the cyber attack succeeds, the cyber twin environment requires additional cyber resilience functions to respond to the cyber attack, and presents resilience techniques, attack response measures, and K-RMF security control items corresponding to the attack purpose and attack method based on the database.
  13. In Article 10, The above cyber twin environment defines a state representing the current state of the mission-critical system and provides it to the intelligent red team agent, and The above intelligent red team agent is a cyber resilience analysis method that determines cyber attack behavior against the cyber twin environment based on the state of the cyber twin environment.
  14. In Article 13, The above cyber twin environment calculates a reward based on the cyber attack actions of the intelligent red team agent and feeds it back to the intelligent red team agent, and A cyber resilience analysis method in which the above intelligent red team agent learns to derive the optimal cyber attack against the above mission-critical system using feedback rewards.
  15. A digital twin processing unit that generates a digital twin implementing a digital object at the same level as the actual system of a mission-critical system; A cyber twin processing unit that analyzes the physical characteristics and operation of the mission-critical system and generates a cyber twin that implements a cyber twin environment of the mission-critical system; and It includes an intelligent red team agent that performs cyber attacks on the above-mentioned cyber twin environment, and The above intelligent red team agent performs the cyber attack on the mission-critical system of the cyber twin environment using an attack objective and attack method selected according to the cyber attack scenario, and The above cyber twin environment analyzes resilience against cyber attacks, and The above digital twin is a physics-based real-time system, and the above cyber twin is a simulation system for analysis and prediction, and A cyber resilience analysis system in which the digital twin and the cyber twin form a hybrid twin environment in which they exchange feedback and operate complementarily, and in the hybrid twin environment, the cyber twin analyzes and predicts cyber attack scenarios, and the digital twin verifies the cyber attack scenarios of the cyber twin through a cyber attack simulated penetration software module.
  16. In Article 15, A cyber resilience analysis system that analyzes that cyber resilience against the cyber attack is secured when the operation of the cyber attack is stopped by the defensive action of the mission-critical system of the cyber twin environment, and analyzes that additional cyber resilience functions against the cyber attack are required when the cyber attack is successful.
  17. In Article 16, A cyber resilience analysis system that presents resilience techniques, attack response measures, and K-RMF security control items corresponding to the attack objectives and attack methods when the above cyber twin environment is analyzed to require additional cyber resilience functions.

Description

Cyber Resilience Analysis System and Method Using Intelligent Red Team Agent The present invention relates to a system and method for analyzing cyber resilience using an intelligent red team agent, and more specifically, to a system and method for verifying and analyzing the cyber resilience of a mission-critical system using an intelligent red team agent that simulates a cyber attacker targeting a mission-critical system. As cyber attacks become increasingly sophisticated, fully defending against them presents challenges both technically and practically. Therefore, securing cyber resilience—the capability to prevent, defend against, and respond to cyber threats while maintaining essential mission functions—is a critical issue. While cyber attacks primarily result in financial losses in the private sector, mission-critical systems performing specific tasks are operated in the defense and public sectors, and damage to these systems can have a serious impact on public safety and national security. Therefore, major mission-critical systems must include cyber resilience capabilities, and the introduction of analysis systems and methodologies for this is urgent. FIG. 1 is a block diagram showing a cyber resilience analysis system using an intelligent red team agent according to an embodiment of the present invention. FIG. 2 is a block diagram showing a hybrid twin environment according to one embodiment of the present invention. FIG. 3 is a flowchart illustrating the learning process of an intelligent red team agent according to one embodiment of the present invention. FIG. 4 is a flowchart illustrating a method for analyzing cyber resilience using an intelligent red team agent according to an embodiment of the present invention. Figure 5 shows an example of cyber resilience analysis according to a cyber resilience analysis method using an intelligent red team agent according to an embodiment of the present invention. Hereinafter, embodiments of the present invention will be described in detail with reference to the attached drawings so that those skilled in the art can easily implement the present invention. The present invention may be embodied in various different forms and is not limited to the embodiments described herein. To clearly explain the present invention, parts unrelated to the explanation have been omitted, and the same reference numerals are used for identical or similar components throughout the specification. Furthermore, throughout the specification, when a part is described as "including" a certain component, this means that, unless specifically stated otherwise, it does not exclude other components but may include additional components. Hereinafter, a cyber resilience analysis system using an intelligent red team agent according to an embodiment of the present invention will be described with reference to FIGS. 1 and 2. The cyber resilience analysis system may be implemented by a computer device, a computer program executable on the computer device, a storage medium storing a computer program executable on the computer device, etc. FIG. 1 is a block diagram showing a cyber resilience analysis system using an intelligent red team agent according to an embodiment of the present invention. FIG. 2 is a block diagram showing a hybrid twin environment according to an embodiment of the present invention. Referring to FIGS. 1 and 2, a cyber resilience analysis system (10) according to one embodiment of the present invention can verify and analyze the cyber resilience of a mission-critical system by using an intelligent red team agent that simulates a cyber attacker targeting the mission-critical system. The mission-critical system may be an unmanned ground vehicle (UGV). Additionally, the mission-critical system may include unmanned autonomous systems such as an unmanned aerial vehicle (UAV) or an unmanned underwater vehicle (UUV). Hereinafter, an unmanned ground vehicle (UGV) is described as an example of a mission-critical system, but the embodiments of the present invention are not limited thereto. A cyber resilience analysis system (10) may include a digital twin processing unit (11) that generates a digital twin (110) for cyber resilience analysis of a mission-critical system, a cyber twin processing unit (12) that generates a cyber twin (120), and a database (13). The digital twin processing unit (11) generates a digital twin (110), and the cyber twin processing unit (12) generates a cyber twin (120), thereby forming a hybrid twin environment consisting of a digital twin (110) and a cyber twin (120). A digital twin (110) can implement a digital object (111) at the same level as the actual system, including core parts, components, etc. of a mission-critical system. That is, the digital twin (110) can implement a digital object (111) at the same level as the actual unmanned combat vehicle (UGV). Although the digital twin (110) has the advantage of being able to implement a digital object (111) w