융합정보논문지 (Journal of Convergence for Information Technology)

중소기업융합학회 (Convergence Society for SMB)
권호 표지
DOI QR코드

DOI QR Code

능동적 탐지 대응을 위한 지능적 침입 상황 인식 추론 시스템 설계

Design of Intelligent Intrusion Context-aware Inference System for Active Detection and Response

  • 황윤철 (한남대학교 탈메이지 교양교육대학) ;
  • 문형진 (성결대학교 정보통신공학과)
  • Hwang, Yoon-Cheol (Department of Talmage Liberal Arts College, Hannam University) ;
  • Mun, Hyung-Jin (Department of Information & Communication Engineering, Sungkyul University)
  • 투고 : 2022.02.24
  • 심사 : 2022.04.20
  • 발행 : 2022.04.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

현재 스마트폰의 급격한 보급과 IoT을 대상으로 활성화로 인해 소셜네트워크 서비스를 이용하여 악성코드를 유포하거나 지능화된 APT와 랜섬웨어 등과 같은 지능적인 침입이 진행되고 있고 이로 인한 피해도 이전의 침입보다는 많이 심각해지고 커지고 있는 실정이다. 따라서 본 논문에서는 이런 지능적인 악성 코드로 이루어지는 침입행위를 탐지하기 위하여 지능적인 침입 상황 인식 추론 시스템을 제안하고, 제안한 시스템을 이용하여 지능적으로 진행되는 다양한 침입 행위를 조기에 탐지하고 대응하게 하였다. 제안 시스템은 이벤트 모니터와 이벤트 관리기, 상황 관리기, 대응 관리기, 데이터베이스로 구성되어 있으며 각 구성 요소들 사이에 긴밀한 상호 작용을 통해 기존에 인식하고 있는 침입 행위를 탐지하게 하고 새로운 침입 행위에 대해서는 학습을 통해 추론 엔진의 성능을 개선하는 기능을 통하여 탐지하게 하였다. 또한, 지능적인 침입 유형인 랜섬웨어를 탐지하는 시나리오 통하여 제안 시스템이 지능적인 침입을 탐지하고 대응함을 알 수 있었다.

At present, due to the rapid spread of smartphones and activation of IoT, malicious codes are disseminated using SNS, or intelligent intrusions such as intelligent APT and ransomware are in progress. The damage caused by the intelligent intrusion is also becoming more consequential, threatening, and emergent than the previous intrusion. Therefore, in this paper, we propose an intelligent intrusion situation-aware reasoning system to detect transgression behavior made by such intelligent malicious code. The proposed system was used to detect and respond to various intelligent intrusions at an early stage. The anticipated system is composed of an event monitor, event manager, situation manager, response manager, and database, and through close interaction between each component, it identifies the previously recognized intrusive behavior and learns about the new invasive activities. It was detected through the function to improve the performance of the inference device. In addition, it was found that the proposed system detects and responds to intelligent intrusions through the state of detecting ransomware, which is an intelligent intrusion type.

키워드

참고문헌

  1. D. H. Lakshminarayana, J. Philips & N. Tabrizi. (2019). A survey of intrusion detection techniques. In 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA) (pp. 1122-1129). IEEE. DOI : 10.1109/ICMLA.2019.00187.
  2. E. J. Khaleefa & D. A. Abdulah. (2022). Concept and difficulties of advanced persistent threats (APT): Survey. International Journal of Nonlinear Analysis and Applications, 13(1), 4037-4052. DOI : 10.22075/IJNAA.2022.6230
  3. H. J. Mun, S. H. Choi & Y. C. Hwang. (2016). Effective Countermeasure to APT Attacks using Big Data. Journal of Convergence for Information Technology, 6(1), 7-23. DOI : 10.221 56/CS4SMB.2016.6.1.017 https://doi.org/10.22156/CS4SMB.2016.6.1.017
  4. Y. C. Hwang. & H. J. Mun (2019). Intrusion Situation Classification Model for Intelligent Intrusion Awareness. Journal of Convergence for Information Technology, 9(3), 134-139. DOI : 10.22156/CS4SMB.2019.9.3.134
  5. Charith Perera, et al. (2014). Context Aware Computing for the Internet of Things: A Survey. Communications Surveys & Tutorials, IEEE. 16(1). 414-454. DOI : 10.1109 /SURV.2013.042313.00197. https://doi.org/10.1109/SURV.2013.042313.00197
  6. Y. Wang, W. Ji & J. Wang. (2012). Design and Implementation of Inference Engine for Conflict Resolution. In 2012 Second International Conference on Intelligent System Design and Engineering Application (pp. 220-223). IEEE. DOI : 10.1109/ISdea .2012.677.
  7. S. Park. (2014). Current Status and Analysis of Domestic Security Monitoring Systems. Journal of the Korea Institute of Electronic Communication Sciences, 9(2), 261-266. DOI : 10.13067/JKIECS.2014.9.2.261
  8. J. Y. Moon. & Y. H. Jang. (2016). Ransomware Analysis and Method for Minimize the Damage. The Journal of the Convergence on Culture Technology (JCCT), 2(1), 79-85. DOI : 10.17703/JCCT.2016.2.1.79
  9. AhnLab. (2017). Latest Ransomware Trend Analysis Report. Seongnam : AhnLab.
  10. KISA. (2021). Ransomware Special Report. KISA(Online). https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=36211
  11. KISA. (2017). Cyber Threat Trend Report for the first quarter of 2017. KISA(online). https://www.krcert.or.kr/data/reportView.do?bulletin_writing_sequence=25623&queryString=cGFnZT03JnNvcnRfY29kZT0mc29ydF9jb2RlX25hbWU9JnNlYXJjaF9zb3J0PXRpdGxlX25hbWUmc2VhcmNoX3dvcmQ9.
  12. CERT-EU. (2017). WannaCry Ransomware Analysis Propagated to Windows SMB Vulnerabilities. RedAlert.
  13. Kenet. (2017). Petya Ransomware v0.3 National KE-CIRT-CC Report. ThaiCERT(Online). https://cert.kenet.or.ke/node/2.
  14. HAURI. (2017). SECURITY MAGAZINE ViRobot. HAURI(Online). http://www.hauri.co.kr/EBook/zoom.html?intSeq=99.
  15. TACHYON & ISARC. (2017). Analysis of sage ransomware that appeared in version 2.0. (Online). https://isarc.tachyonlab.com/1085.
  16. Korea Ransomware Infringement Response Center. (2017). CryptoShield. rancert(Online). https://www.rancert.com/bbs/bbs.php?bbs_id=case&mode=view&id=64.
  17. M. C. Lim. (2017). Ransomware Infected Linux Servers, What Happens?. ZDNet Korea(Online). https://zdnet.co.kr/view/?no=20170613100723.