IEIE Transactions on Smart Processing and Computing

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Load Map of the Next Generation Convergence Security Framework for Advanced Persistent Threat Attacks

  • Received : 2013.11.20
  • Accepted : 2014.02.12
  • Published : 2014.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

Keywords

References

  1. Command Five Pty Ltd. "Advanced Persistent Threat: A Decade in Review" 2011.
  2. AhnLab "A Whole New Approach in combating Advanced Persistent Threats", 2012
  3. Binde, Beth E., McRee, Russ., and O'Conner, Terrence J. (2011). "Assessing Outbound Traffic to Uncover Advanced Persistent Threat".
  4. Blue Coat Labs Report: Advanced Persistent Threats, BlueCoat, BlueCoat, 2011.
  5. Woo Bong Cheon, Won Hyung Park, Tai Myoung Chung, "Design and Implementation of ATP(Advanced Persistent Threat) Attack Tool Using HTTP Get Flooding Technology", The Journal of Korean association of computer education / v.14 no.6, 2011, pp.65-73
  6. Segyun Park, "(A)Study on Effective APT Attack Defense of Endpoint Level", The korea Institute of Information Scientists and Engineers 2013 Conference. 2013. 6, pp.732-734
  7. Frankie Li, ran2, "A Detailed Analysis of an Advanced Persistent Threat Malware", SANS Institute Infosec Reading Room, Oct 2011.
  8. Moongoo Lee, Chunsock Bae, "Next Generation Convergence Security Framework for Advanced Persistent Threat", Journal of the Institute of Electronics Engineers of Korea, Vol. 50, No. 9 September 2013 pp. 92-99. https://doi.org/10.5573/ieek.2013.50.9.092