• Title/Summary/Keyword: ATT%26CK

Search Result 2, Processing Time 0.019 seconds

Cyberattack Goal Classification Based on MITRE ATT&CK: CIA Labeling (MITRE ATT&CK 기반 사이버 공격 목표 분류 : CIA 라벨링)

  • Shin, Chan Ho;Choi, Chang-hee
    • Journal of Internet Computing and Services
    • /
    • v.23 no.6
    • /
    • pp.15-26
    • /
    • 2022

  • Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.

  • https://doi.org/10.7472/jksii.2022.23.6.15 인용 PDF KSCI HTML

A Study on Log Collection to Analyze Causes of Malware Infection in IoT Devices in Smart city Environments

  • Donghyun Kim;Jiho Shin;Jung Taek Seo
    • Journal of Internet Computing and Services
    • /
    • v.24 no.1
    • /
    • pp.17-26
    • /
    • 2023

  • A smart city is a massive internet of things (IoT) environment, where all terminal devices are connected to a network to create and share information. In accordance with massive IoT environments, millions of IoT devices are connected, and countless data are generated in real time. However, since heterogeneous IoT devices are used, collecting the logs for each IoT device is difficult. Due to these issues, when an IoT device is invaded or is engaged in malicious behavior, such as infection with malware, it is difficult to respond quickly, and additional damage may occur due to information leakage or stopping the IoT device. To solve this problem, in this paper, we propose identifying the attack technique used for initial access to IoT devices through MITRE ATT&CK, collect the logs that can be generated from the identified attack technique, and use them to identify the cause of malware infection.

  • https://doi.org/10.7472/jksii.2023.24.1.17 인용 PDF HTML