Advanced SearchSearch Tips
The Analysis of the APT Prelude by Big Data Analytics
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
The Analysis of the APT Prelude by Big Data Analytics
Choi, Chan-young; Park, Dea-woo;
  PDF(new window)
The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.
Big Data Analysis;APT attack;Prelude;Cyber terror;
 Cited by
Design of Multi-Level Abnormal Detection System Suitable for Time-Series Data, The Journal of the Institute of Internet Broadcasting and Communication, 2016, 16, 6, 1  crossref(new windwow)
S. B. Han and S. K. Hong, "Financial Services Industry's Reaction Plan to Defend APT Attack," J. Korea Inst. Info. Security & Cryptology, vol. 2, no. 1, pp. 44-53, 2013.

Ministry of Science, ICT and Future Planning in Rep. of Korea. 3.20 Cyberterror Investigation Interim Report[Internet]. Available:

Privacy Info. Crime Gov. Joint Investigation Dept. in Rep. of Korea. KHNP Cyberterror Incident Investigation Interim Report[Internet]. Available:

Peter Zadrozny and Ragha Kodali, Big Data Analytics Using Splunk,,1st ed, New York, NY: Apress,, 2013.

John D. Kelleher, Brian Mac Namee and Aoife D'Arcy, Fundamentals of Machine Learning for Predictive Analytics, 1st ed, Cambridge, MA: The MIT Press, 2015.

W. P. Kim, "Analysis of Global Research Trend on Information Security," J. Korea Inst. Inf. Commun. Eng, vol. 19, no. 5, pp. 1110-1116, May 2015. crossref(new window)

D. H. Choi et al., "Tha Application Method of Machine Learning for Analyzing User Transaction Tendency in Big Data environment," J. Korea Inst. Inf. Commun. Eng, vol. 19, no. 10, pp. 2232-2240, Oct. 2015. crossref(new window)

Sumeet Dua and Xian Du, Data Mining and Machine Learning in Cybersecurity, New York, NY: CRC Press, 2011.

Elshoush. H. Tagelsir. and I. M. Osmank, "Alert correlation in collaborative intelligent intrusion detection systems - A survey." Applied Soft Computing In Press, vol. 11, no. 7, pp. 4349-4365, Oct. 2011. crossref(new window)

K. Julish, "Mining alarm clusters to improve alarm handling efficiency.," Proceedings of the 17th Annual Conference on Computer Security Applications, vol. 10, no. 14, pp. 12-21, Dec. 2001.

S. Cheung, U. Lindqvist, "Modeling multistep cyber attacks for scenario recognition," DARPA Information Survivability Conference and Exposition, vol. 1, pp.284-292, Apr. 2003.

H. Debar. and A. Wespi, "Aggregation and correlation of intrusion detection alerts," Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pp. 85-103, 2001.

B. Morin, L. Me, H. Debar, and M. Ducasse, "M2D2: A formal data model for IDS alert correlation," Proc. Recent Advances in Intrusion Detection, pp. 115-137, 2002.

X. Qin and W. Lee, "Statistical causality analysis of infosec alert data." in Proceedings of The 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, Sep. 2003.

X. Qin and W. Le, "Statistical causality analysis of infosec alert data", Lecture Notes in Computer Science, vol. 2820, pp. 73-93, Sep. 2003. crossref(new window)

A. Valdes and K. Skinner, Probabilistic alert correlation, Berlin, HDB: Springer, 2001.

O. Dain and R. Cunninghan, "Building scenarios from a heterogeneous alert stream," in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp. 231-235, Jun. 2001.

K. H. Son, T. J. Lee and D. Won, "Design for Zombie PCs and APT Attack Detection based on traffic analysis," J. Korea Inst. Info. Security & Cryptology, vol. 24, no. 3, pp. 491-498, Jun. 2014. crossref(new window)

C. Y. Choi and D. W. Woo, "The Analysis of the APT Prelude by Big Data Analytics", in Proceedings of The 39th Conference of KIICE, vol. 20, no. 1, pp. 317-320, May 2016.