A Study on Building a Cyber Attack Database using Open Source Intelligence (OSINT)

공개출처정보를 활용한 사이버공격 데이터베이스 구축방안 연구

  • 신규용 (육군사관학교 컴퓨터과학과) ;
  • 유진철 (육군사관학교 컴퓨터과학과) ;
  • 한창희 (육군사관학교 컴퓨터과학과) ;
  • 김경민 (육군사관학교 컴퓨터과학과) ;
  • 강성록 (육군사관학교 심리경영학과) ;
  • 문미남 (육군사관학교 수학과) ;
  • 이종관 (육군사관학교 컴퓨터과학과)
  • Received : 2019.04.04
  • Accepted : 2019.06.30
  • Published : 2019.06.30


With the development of the Internet and Information Communication Technology, there has been an increase in the amount of Open Source Intelligence(OSINT). OSINT can be highly effective, if well refined and utilized. Recently, it has been assumed that almost 95% of all information comes from public sources and the utilization of open sources has sharply increased. The ISVG and START programs, for example, collect information about open sources related to terrorism or crime, effectively used to detect terrorists and prevent crime. The open source information related to the cyber attacks is, however, quite different from that in terrorism (or crime) in that it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage. In addition, the data itself of cyber attacks is relatively unstructured. So, a totally new approach is required to establish and utilize an OSINT database for cyber attacks, which is proposed in this paper.


Supported by : 국군사이버사령부


  1. Jin Gui Min, "National Intelligence Studies, 9th edition", Baeum, Jan. 2019.
  2. Wanhee Lee, Minwoo Yun, and Jung Seok Park, "Intelligence in the Internet Era: Understanding OSINT and Case Analysis", Korean Security Science Review, No. 34, pp. 259-278, 2013.
  3. Byungchul Cho, "A System for National Intelligence Activity Based on All Kinds of OSINT(Open Source INTelligence) on the Internet", Journal of Information and Security, Vol. 3, No. 2, pp. 41-55, June 2003.
  4. Woong Chun, "Open Source Intelligence in the Information Age", Journal of National Intelligence Studies, Vol. 1, No. 1, pp. 151-172, July 2008.
  5. Minwoo Yun, "Construction of Database for Terrorism and Crime through OSINT", The Korean Association of Criminal Psychology, Vol. 13, No. 2, June 2017.
  6. Mabrey Daniel, "Analyzing Terrorist Activities through Operational & Associational Coding of Events: Introducing the Institute for the Study of Violent Groups' Relational Database", ISVG center, 2010.
  7. START, "Global Terrorism Database Codebook : Inclusion Criteria and Variables", START Center. University of Maryland, 2017.
  8. FBI Office of the Program Management Executive, "Security Concept of Operations (S-CONOPS), Investigative Data Warehouse (IDW) Program", Electronic Frontier Foundation, Nov. 2004.
  9. Wanju Kim, Changwook Park, Soojin Lee, and Jaesung Lim, "Methods for Classification and Attack Prediction of Attack Groups based on Framework of Cyber Defense Operations", Journal of KIISE, Vol. 20, No. 6, pp. 317-328, June 2014.
  10. Kyuyong Shin, Jincheol Yoo, Changhee Han, Sungrok Kang, Jongkwan Lee, Minam Moon, Kyoung Min Kim, "A Study on Cyber Threat Analysis based on Open Source Intelligence", Technical Report, ROK Cyber Command, Dec. 2018.
  11. ISVG(Institute for the Study of Violent Groups), ISVG Relational Database Codebook, Sam Houston University, Huntswille, TX. 2005.
  12. Yeongdo Jung and Jeonggi Seog, "A Study on Countermeasures against North Korea's Cyber Attack", Journal of Information and Security, Vol. 16, No. 6, pp 43-50, Oct. 2016.