The Journal of Korean Institute of Information Technology (한국정보기술학회논문지)

Korean Institute of Information Technology (한국정보기술학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology

빅데이터 기술을 활용한 사이버 위협 예측 분석 모델

  • Received : 2014.03.07
  • Accepted : 2014.04.07
  • Published : 2014.05.31
⟨ Previous Next ⟩

Abstract

Due to the expansion of Internet connectivity and the activation of smart devices such as PADs and smart phones, cyber threats has evolved and also has characteristics of APT (Advanced Persistent Threat). As a few APTs including 3.20 and 6.25 cyber terrors paralyzed some electronic government service and private companies, traditional security can not prevent highly sophisticated cyber threats. Especially, weak protected companies are used as basis attacking government agencies and other companies. Therefore national prevention and response system for weak secure companies is needed to analyze cyber attacks based on big data technology. In this paper, we propose a model to effectively detect, predict and analyze advanced persistent threats by utilizing big data analytic technologies and provide an application method of proposed model.

인터넷의 발달과 스마트 디바이스의 활성화로 인하여 사이버 위협은 조직적인 방법으로 진화하고 있으며 지능형지속가능위협(APT)의 성격을 나타내고 있다. 3.20 및 6.25 사이버 대란 당시 민간 기업은 물론, 각종 전자정부서비스가 부분적으로 마비되는 심각한 상황이 발생함에 따라 기존의 보안체계로는 지능형 외부 위협에 대응하기 어렵다는 문제가 야기되었으며, 특히 보안이 취약한 기업들이 지능형 위협의 희생양이 되어 정부기관 및 기업을 공격하는 발판이 되고 있다. 따라서 보안이 취약한 기업들을 위한 빅데이터 기반 사이버 위협을 분석할 수 있는 범국가적인 방어 및 대응체계 마련의 필요성이 강하게 대두되고 있다. 본 논문에서는 빅데이터 기반 사이버 위협 예측 분석 서비스 모델을 개발하여 효과적으로 APT 공격을 탐지하는 방안을 제시하고 실제적인 활용방안을 제시하고자 한다.

Keywords

References

  1. http://www.gfi.com/blog/advanced-persistent-threat-apta-hyped-up-marketing-term-or-a-security-concern/
  2. http://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor-slideswnote.pdf.
  3. Hacking Exposed 7: Network Security Secrets & Solutions, Chapter 6.
  4. 3.20 Cyber Terror Incident Analysis Report, Red Alert, 2013.
  5. 6.25 Cyber Terror Incident Analysis Report, Red Alert, 2013.
  6. M-Trends$^{(R)}$ 2013: Attack the Security Gap
  7. M-Trends$^{(R)}$ 2012: An Evolving Threat
  8. M-Trends$^{(R)}$ 2011: When Prevention Fails
  9. M-Trends$^{(R)}$ 2010: The Advanced Persistent Threat
  10. Trustwave 2012 Global Security Report
  11. http://digital-forensics.sans.org/blog/2010/06/21/security-intelligence-knowing-enemy
  12. http://www.fireeye.com, Datasheet
  13. http://www.damballa.com, FailSafe Datasheet
  14. http://www.emergingthreats.net
  15. http://www.metaflows.com, Datasheet
  16. MetaFlows MSS User Guide
  17. http://www.packetloop.com
  18. http://www.scmagazine.com.au/News/329058,sydney-startup-packetloop-to-challenge-siem.aspx
  19. Bingo FastBig-Real-time Big Data System Introduction
  20. LogPresso-Real-time Big Data System Introduction
  21. http://www.splunk.com/view/advanced-persistent-threats/SP-CAAAGG4.
  22. https://www.virustotal.com/
  23. http://www.reversinglabs.com/
  24. http://www.joesecurity.org
  25. http://www.cuckoosandbox.org/
  26. Yamada et el., "Anomaly Detection for DNS Servers Using Frequent Host Selection", IEEE
  27. Hyunsang Choi et el., "Botnet Detection by Monitoring Group Activities in DNS Traffic", IEEE, 2007,
  28. Kazumichi Sato et el., "Extending black domain name list by using co- occurrence relation between DNS queries", leet10, Usenix
  29. Thorsten Holz et el., "Measuring and Detecting Fast-Flux Service Networks".
  30. Emanuele Passerini et el., "FluXOR: Detecting and Monitoring Fast-Flux Service Networks".
  31. Vagishwari Nagaonkar et el., "Revisiting the Threshold Random Walk Scan Detector", FLOCON 2008.
  32. Jaeyeon Jung, et el., "Fast Portscan Detection Using Sequential Hypothesis Testing", MIT Computer Science and Artificial Intelligence Laboratory.
  33. Robert Perdisci, "DGA-based Botnets: Discovery", Classification, and Tracking Seminar, Feb. 25, 2013.
  34. Identify Fast Flux in your environment, http: //infosecnirvana.com/detecting-fast-flux/
  35. Ching-Hsiang Hsu et el., "Fast-Flux Bot Detection in Real Time - Academia Sinica".
  36. http://www.cognitivesecurity.cz/
  37. MINDS algorithm [Ertoz et al, 2004] The Minnesota Intrusion Detection System.
  38. Xu et al. algorithm [Xu, Zhang et al, 2005]
  39. Volume prediction algorithm [Lakhina et al, 2004]
  40. Entropy prediction algorithm [Lakhina et al, 2005]
  41. Mi-Suk Kwak, Ah-Bin Kim, and Yoonhee Kim, "Design and implementation an integrated malicious code collection and monitoring system", Journal of KIIT, Vol. 8, No. 2, pp. 119-121, Feb. 2010.

Cited by

  1. Attacker Tactics and Technology Detection Method based on Attackers’ Behavior Matrix from a Network Perspective vol.18, pp.10, 2014, https://doi.org/10.14801/jkiit.2020.18.10.55