The Composition and Analytical Classification of Cyber Incident based Hierarchical Cyber Observables

계층적 침해자원 기반의 침해사고 구성 및 유형분석

  • 김영수 (충남재활IT융합기술원) ;
  • 문형진 (백석대학교 정보통신학부) ;
  • 조혜선 (한국인터넷진흥원) ;
  • 김병익 (한국인터넷진흥원) ;
  • 이진해 (배재대학교 사이버보안학과) ;
  • 이진우 (배재대학교 사이버보안학과) ;
  • 이병엽 (배재대학교 사이버보안학과)
  • Received : 2016.09.07
  • Accepted : 2016.10.20
  • Published : 2016.11.28


Cyber incident collected from cyber-threat-intelligence sharing Center is growing rapidly due to expanding malicious code. It is difficult for Incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems the existing Similarity Analysis Method is based on single or multiple cyber observable of similar incidents from Cyber Attacks data mining. This method reduce the workload for the analysis but still has a problem with enhancing the unreality caused by the provision of improper and ambiguous information. We propose a incident analysis model performed similarity analysis on the hierarchically classified cyber observable based on cyber incident that can enhance both availability by the provision of proper information. Appling specific cyber incident analysis model, we will develop a system which will actually perform and verify our suggested model.


Cyber Observable;Cyber Incident;Composition of Cyber Incident;Simiarity Analysis


Grant : 사이버 공격의 사전 사후 대응을 위한 사이버 블랙박스 및 통합 사이버보안 상황분석 기술 개발

Supported by : 정보통신기술진흥센터


  1. Kyle R. Maxwell, "Introduction to the Collective Intelligence Framework," Threat ThoughtsiLogs or it didn't happen, May 7, 2012.
  2. 이슬기, 조혜선, 김병익, 이태진, "침해사고 데이터 웨어하우스 구축을 위한 단일 침해자원 관리 방안 연구," 한국통신학회 동계종합학술발표회, 제59권, pp.957-958, 2016.
  3. Joseph C. Magee, Alison M. Andrews, Mark W. Nicholson, Jonathon Lance James, Henry C. Li, Christopher L. Stevenson, and Joel Lathrop, COLLECTIVE THREAT INTELLIGENCE GATHERING SYSTEM. US Patent 8,813,228B2, Aug. 19, 2014.
  4. B. Obama, "Taking the Cyberattack Threat Seriously," Wall Street Journal, July 19, 2012.
  5. N. Kamini and B. B. Mehsram, "Evaluation of K-Means Clustering for Effective Intrusion Detection and Prevention in Massive Network Traffic Data," International Journal of Computer Applications, Vol.96, No.7, pp.9-14, June. 2014.
  6. P. C. Paul, Automated Defense Using Threat Intelligence to Augment Security, SANS Institute InfoSec Reading Room, January 15 2015.
  7. S. Barnum, "Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIXTM)," 20 February 2014.
  8. 김민준, 김귀남, "데이터 마이닝 기반 보안관제 시스템," 융합보안논문지, 제11권, 제6호, pp.3-8, 2011.
  9. 최종욱, 김인기, 유지연, 조주원, "APT 공격에 대한 E-DRM 기반의 효율적 대응방안," 한국지역정보화학회지, 제15권, 제3호, pp.29-54, 2012.
  10. Y. Tarun and Arvind M. Rao, "Technical Aspects of Cyber Kill Chain," Defence Research and Development Organisation, INDIA, June 2016.
  11. 천성택, 김희석, 임광혁, 김규일, 서창호, "악성코드 유사도 측정 기법의 성능 평가 모델 개발," 한국콘텐츠학회논문지, 제14권, 제10호, pp.32-40, 2014.