Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Attack Path and Intention Recognition System for detecting APT Attack

APT 공격 탐지를 위한 공격 경로 및 의도 인지 시스템

  • 김남욱 (성균관대학교 컴퓨터공학과) ;
  • 엄정호 (대전대학교 군사학과&안전융합학부)
  • Received : 2020.01.31
  • Accepted : 2020.03.09
  • Published : 2020.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

Keywords

References

  1. 이세열, "블록체인을 적용한 사설 클라우드 기반 침입시도탐지", 디지털산업정보학회 논문지, 제14권, 제2호, 2018, pp.11-17.
  2. 김창식.김남규.곽기영, "머신러닝 및 딥러닝 연구동향 분서: 토픽모델링을 중심으로", 디지털산업정보학회 논문지, 제15권, 제2호, 2019, pp.19-28.
  3. J. Navarro, A. Deruyver and P. Parrend, "A systematic survey on multi-step attack detection," Computers & Security, Vol.76, 2018, pp.214-249. https://doi.org/10.1016/j.cose.2018.03.001
  4. Z. Liu, C. Wang and S. Chen, "Correlating multi-step attack and constructing attack scenarios based on attack pattern modeling," in 2008 International Conference on Information Security and Assurance, 2008, pp.214-219.
  5. A. Ebrahimi, A. H. Z Navin, M. K. Mirnia, H. Bahrbegi and A. A. A. Ahrabi, "Automatic attack scenario discovering based on a new alert correlation method," in 2011 IEEE International Systems Conference, 2011, pp.52-58.
  6. M. Bateni and A. Baraani, "An architecture for alert correlation inspired by a comprehensive model of human immune system," International Journal of Computer Network & Information Security, 2014, pp.47-57.
  7. J. Wang, H. Wang and G. Zhao, "A GA-based solution to an NP-hard problem of clustering security events," in Proceedings of the 2006 International Conference on Communications, Circuits and Systems, 2006, pp.2093-2097.
  8. S. Mathew and S. Upadhyaya, "Attack scenario recognition through heterogeneous event stream analysis," IEEE Military Communications Conference, 2009, pp.1-7.
  9. S. Shin, S. Lee, H. Kim and S. Kim, "Advanced probabilistic approach for network intrusion forecasting and detection," Expert systems with applications, Vol. 40, No. 1, 2013, pp.315-322. https://doi.org/10.1016/j.eswa.2012.07.057
  10. N. K. Pandey, S. K. Gupta, S. Leekha and J. Zhou, "ACML: capability based attack modeling language," in Fourth International Conference on Information Assurance and Security, 2008, pp.147-154.
  11. Y. Lv, S. Xiang, J. Geng, Y. Li and C. Xia, "An alert correlation algorithm based on the sequence pattern mining," in IEEE Advanced Information Technology, Electronic and Automation Control Conference, 2015, pp.1146-1151.
  12. R. Katipally, W. Gasior, X. Cui and L. Yang, "Multistage attack detection system for network administrators using data mining," in Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, April 2010, pp.1-4.
  13. C. M. Chen, D. J. Guan, Y. Z. Huang and Y. H. Ou, "Anomaly network intrusion detection using Hidden Markov Model," International Journal of Innovative Computer Information and Control, Vol.12, No.2, 2016, pp.569-580.
  14. S. Fayyad and C. Meinel, "New attack scenario prediction methodology," in Tenth International Conference on Information Technology: New Generations, 2013, pp.53-59.
  15. Y. Luo, F. Szidarovszky, Y. Al-Nashif and S. ariri, "A fictitious play based response strategy for multistage intrusion defense systems," Security and Communication Networks, Vol.7, No.3, 2014, pp.473-491. https://doi.org/10.1002/sec.730
  16. A. Sadighian, J. M. Fernandez, A. Lemay and S.T. Zargar, "ONTIDS: a highly flexible context-aware and ontology based alert correlation framework," in 6th International Symposium on Foundations and Practice of Security, 2013, pp.161-177.
  17. 임창완.신영섭.이동재.조성영.한인성.오행록, "실시간 사이버 위협 지능형 분석 및 예측 기술," 정보과학회 컴퓨팅의 실제 논문지, 제25권, 제11호, 2019, pp.565-570.
  18. 김현진.손태식, "스마트시티의 보안을 위한 사이버보안위협정보 활용 연구," 한국디지털콘텐츠학회 논문지, 제20권, 제6호, 2019, pp.1173-1180.
  19. J.H Eom, "Modeling of Cyber-attack Intentions Analysis Reflecting Domestic / International Situations," International Journal of Grid and Distributed Computing, Vol.11, No.1, 2018, pp.13-26. https://doi.org/10.14257/ijgdc.2018.11.1.02

Cited by

  1. 제4차 산업혁명시대의 테러에 악용되는 첨단 정보통신기술 vol.17, pp.1, 2021, https://doi.org/10.17662/ksdim.2021.17.1.015