한국융합학회논문지 (Journal of the Korea Convergence Society)

  • 제9권7호
  • /
  • Pages.55-62
  • /
  • 2018
  • /
  • 2233-4890(pISSN)
  • /
  • 2713-6353(eISSN)
한국융합학회 (Korea Convergence Society)
권호 표지
DOI QR코드

DOI QR Code

실시간 사이버 공격 침해사고 탐지방법에 관한 연구

A Study on the Real-time Cyber Attack Intrusion Detection Method

  • 최재현 (한성대학교 스마트융합컨설팅학과) ;
  • 이후진 (한성대학교 스마트융합컨설팅학과)
  • Choi, Jae-Hyun (Department of Smart Convergency Consulting, Hansung University) ;
  • Lee, Hoo-Jin (Department of Smart Convergency Consulting, Hansung University)
  • 투고 : 2018.05.29
  • 심사 : 2018.07.20
  • 발행 : 2018.07.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 다양한 사이버 범죄 위협이 증가하는 추세로 정보시스템을 대상으로 공격하는 사이버 공격에 대해 실시간 탐지 등 최전선에서 초동 대응을 해야 하는 보안관제의 중요성이 높아지고 있다. 보안관제센터, 사이버테러 대응센터, 침해 대응센터 등의 이름으로 기관의 관제인원들은 사이버 공격 예방을 위해 많은 노력을 하고 있다. 특히 침해사고 탐지를 위한 방법으로 네트워크 보안장비를 이용하거나 관제시스템을 활용하여 탐지를 하고 있지만 장비 위주의 단순한 패턴기반으로 관제를 하는 방법으로는 침해사고의 예방을 위한 방법으로는 부족하다. 그러므로 보안관제시스템은 지속적으로 고도화 되고 있으며 침해위협에 대한 예방활동으로 탐지방법에 대한 개발과 연구가 활발히 진행되고 있다. 이에 본 논문에서는 기존 침해사고 탐지 방법에 대한 문제점 개선을 위해 주요 구성 모듈의 침해사고 탐지 방법을 정의하고, 성능테스트를 통해 효율적인 보안 관제를 위한 방안을 제시하고 SIEM(Security Information Event Management)을 활용한 관제시스템 고도화를 통하여 효과적인 침해위협 탐지 방법을 연구하고자 한다.

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

키워드

참고문헌

  1. J. G. Um & H. Y. Kwon, (2016). Model proposal of detection method of cyber attack using SIEM, Journal of IIBC, 16(6), 43-54.
  2. J. H. Sim, S. H. Kim & T. M. Chung, (2014). A Survey of Solutions using Security Information Event Management. Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 390-391.
  3. S. B. Kang, (2011). (A) study on the effective countermeasures for preventing computer security incident. Doctoral dissertation Korea University, Seoul.
  4. S. M. Park, (2011). An Empirical Study of Cyber Security Center Model in Public Sector. Doctoral dissertation Soongsil University, Seoul
  5. H. H. Kang, (2014). (A) study on the improvement of alert function in ESM for effective attack detection, Master dissertation, Sungkyunkwan University, Seoul.
  6. Y. Lee, (2017). A study on effective attack detection using threat scoring function through ESM. Master dissertation, Sungkyunkwan University, Seoul.
  7. H. Kim, (2010). A study on malicious code detecting by ESM correlation. M.S. dissertation, Korea University, Seoul.
  8. G. W. Lee, (2017). Design of integrated security system for intelligent continuous threat detection and active response. Master dissertation Korea University, Seoul.
  9. D. J. Jeon & D. G. Park, (2014). Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology, Journal of the Korea Information Science Society, 81-100.
  10. B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Improved Integrated Monitoring System Design and Construction, Journal of Convergence for Information Technology, 25-33.
  11. S. S. Nam & C. H. Seo, (2015), Context cognition technology through integrated cyber security context analysis, Journal of digital convergence, 313-319.
  12. B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Integrated Monitoring System using Log Data, Journal of Convergence for Information Technology, 35-42.
  13. Y. H. Kim & H. H. Nam, (2014). Log Analysis Supporting System based on Log Data for Efficient Big Data Analysis, Journal of Korea Information Science Society, 936-938.
  14. NIS, MSIP, KCC, MOSPA, KISA, NSRI, (2013). 2013 National Information Security White Paper.
  15. I. S. Jeon, K. H. Han, D. W. Kim & J. Y. Choi, (2015). Using the SIEM Software vulnerability detection model proposed, Journal of the Korea Institute of Information Security and Cryptology, 25(4), 961-974. https://doi.org/10.13089/JKIISC.2015.25.4.961
  16. C. J. Park, (2014), Present Status and Analysis of Domestic Security Control System, Korea Electronics and Telecommunications Society, 9(2), 261-266.