DOI QR코드

DOI QR Code

A Study on the Real-time Cyber Attack Intrusion Detection Method

실시간 사이버 공격 침해사고 탐지방법에 관한 연구

  • Choi, Jae-Hyun (Department of Smart Convergency Consulting, Hansung University) ;
  • Lee, Hoo-Jin (Department of Smart Convergency Consulting, Hansung University)
  • 최재현 (한성대학교 스마트융합컨설팅학과) ;
  • 이후진 (한성대학교 스마트융합컨설팅학과)
  • Received : 2018.05.29
  • Accepted : 2018.07.20
  • Published : 2018.07.28

Abstract

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

Keywords

Security Control Center;ESM;SIEM;Correlation Analysis;Cyber Crime

References

  1. J. G. Um & H. Y. Kwon, (2016). Model proposal of detection method of cyber attack using SIEM, Journal of IIBC, 16(6), 43-54.
  2. J. H. Sim, S. H. Kim & T. M. Chung, (2014). A Survey of Solutions using Security Information Event Management. Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 390-391.
  3. S. B. Kang, (2011). (A) study on the effective countermeasures for preventing computer security incident. Doctoral dissertation Korea University, Seoul.
  4. S. M. Park, (2011). An Empirical Study of Cyber Security Center Model in Public Sector. Doctoral dissertation Soongsil University, Seoul
  5. H. H. Kang, (2014). (A) study on the improvement of alert function in ESM for effective attack detection, Master dissertation, Sungkyunkwan University, Seoul.
  6. Y. Lee, (2017). A study on effective attack detection using threat scoring function through ESM. Master dissertation, Sungkyunkwan University, Seoul.
  7. H. Kim, (2010). A study on malicious code detecting by ESM correlation. M.S. dissertation, Korea University, Seoul.
  8. G. W. Lee, (2017). Design of integrated security system for intelligent continuous threat detection and active response. Master dissertation Korea University, Seoul.
  9. D. J. Jeon & D. G. Park, (2014). Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology, Journal of the Korea Information Science Society, 81-100.
  10. B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Improved Integrated Monitoring System Design and Construction, Journal of Convergence for Information Technology, 25-33.
  11. S. S. Nam & C. H. Seo, (2015), Context cognition technology through integrated cyber security context analysis, Journal of digital convergence, 313-319.
  12. B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Integrated Monitoring System using Log Data, Journal of Convergence for Information Technology, 35-42.
  13. Y. H. Kim & H. H. Nam, (2014). Log Analysis Supporting System based on Log Data for Efficient Big Data Analysis, Journal of Korea Information Science Society, 936-938.
  14. NIS, MSIP, KCC, MOSPA, KISA, NSRI, (2013). 2013 National Information Security White Paper.
  15. I. S. Jeon, K. H. Han, D. W. Kim & J. Y. Choi, (2015). Using the SIEM Software vulnerability detection model proposed, Journal of the Korea Institute of Information Security and Cryptology, 25(4), 961-974. https://doi.org/10.13089/JKIISC.2015.25.4.961
  16. C. J. Park, (2014), Present Status and Analysis of Domestic Security Control System, Korea Electronics and Telecommunications Society, 9(2), 261-266.