The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

Hacking Detection Mechanism of Cyber Attacks Modeling

외부 해킹 탐지를 위한 사이버 공격 모델링

  • Received : 2013.07.23
  • Accepted : 2013.09.23
  • Published : 2013.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

In order to actively respond to cyber attacks, not only the security systems such as IDS, IPS, and Firewalls, but also ESM, a system that detects cyber attacks by analyzing various log data, are preferably deployed. However, as the attacks be come more elaborate and advanced, existing signature-based detection methods start to face their limitations. In response to that, researches upon symptom detection technology based on attack modeling by employing big-data analysis technology are actively on-going. This symptom detection technology is effective when it can accurately extract features of attacks and manipulate them to successfully execute the attack modeling. We propose the ways to extract attack features which can play a role as the basis of the modeling and detect intelligent threats by carrying out scenario-based modeling.

사이버 침해에 실시간적이고 능동적으로 대응하기 위해 침해탐지시스템(IDS), 침입방지시스템(IPS), 방화벽(Firewall) 등 단위 정보보호시스템 뿐만 아니라 보안장비의 로그, 시스템 로그, 애플리케이션 로그 등 기종이벤트를 연관, 분석하여 해킹시도를 탐지하는 통합보안관제시스템(ESM)을 사용하고 있다. 하지만 공격이 정교화되고 고도화됨에 따라 기존의 시그너처 기반 탐지 방식의 한계점이 도출되고 있으며, 이를 극복하기 위해 빅데이터 처리 기술을 이용한 공격 모델링에 기반으로 한 징후탐지 기술이 연구되고 있다. 징후탐지 기술의 효과는 공경을 대표하는 특징 점을 정확하게 추출하고, 추출된 특징 정보를 조합하여 실효성 있는 공격 모델링을 수행하는 것이 핵심이다. 본 논문에서는 이와 같은 모델링의 기반이 되는 공격 특징을 추출하고, 시나리오 기반 모델링을 수행하여 지능적 위협을 탐지할 수 있는 방법을 제안한다.

Keywords

References

  1. Dae-kwon Kang, Ieck-chae Euom, Chun-suk Kim, "A Development of Novel Attack Detection Methods using Virtual Honeynet", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 8, No. 6, pp. 863-872, 2013.
  2. Cha-in hwan, "A study on the Development of Personnel Security Management for Protection against Insider threat", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 3, No. 4 pp. 210-219, 2008.
  3. Woo-Seok Seo, Jae-Pyo Park, Moon-Seog Jun, "A Study on Methodology for Standardized Platform Design to Build Network Security Infrastructure", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 7, No. 1, pp. 203-211, 2011.
  4. Yoo-Seok Lim, "Review on the Cyber Attack by Advanced Persistent Threat", Korea Institute of Terrorism, Vol. 6, No. 2, pp. 158-178, 2013.
  5. McKinsey global Institute, "Big data:The next frontier for innovayion, competition, and productivity", 2011.
  6. Sang-Yong Choi, Yong-Min Kim, Dea-Jun Joo, Seung-Do Jeong, Bong-Nam Noh, "A Technique of Symptoms Analysis over Time for Detection of APT Attack" SCTA2012, 2012.
  7. TADAO MURATA, "Petri Nets:Properties, Analysis and Applications" Proceedings of the IEEE, Vol. 77, pp. 541-580, 1989. https://doi.org/10.1109/5.24143
  8. 11"http://terms.naver.com/entry.nhn?docId=832559&cid=209&categoryId=209", ComputerDictionary Compilation Committee, 2011.
  9. Koral Ilgun, Rechard A. Kemmerer, "State transition analysis: a rule-based instrusion detection approach" Software Engineering, IEEE Transactions on Vol. 21, No. 3, pp. 181-199, 1995. https://doi.org/10.1109/32.372146
  10. Giovanni Vigna, Richard A. Kemmerer, "Net- STAT: A Network-based Intrusion Detection System", Journal of Computer Security, Vol. 7, No. 1, pp. 37-71, 1999. https://doi.org/10.3233/JCS-1999-7103