DOI QR코드

DOI QR Code

The IOA-Based Intelligent Information Protection System for Response of Advanced Persistent Threats

IOA 기반의 지능형지속위협 대응 위한 지능형 정보보호시스템

  • Ryu, Chang-su (Department of Cartoon & Game Animation, Yewon Arts University)
  • Received : 2016.11.01
  • Accepted : 2016.11.12
  • Published : 2016.11.30

Abstract

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

최근 기존 정보보호시스템을 우회하는 공격 기법의 발달로 사용자가 인식하지 못하는 형태의 정보자산에 대한 지속적인 공격으로 위협이 되고 있다. 이는 기존 시스템의 단일 대응이 어려운 APT 공격, 우회접근공격 및 암호화 패킷에 대한 공격 등에 대한 침해예측 시도에 대한 즉각적인 대응을 지원하고 공격지표 위주의 방어 전략으로 정보보호 시스템에 대한 지속적인 모니터링의 수행이 요구되고 있다. 본 논문에서는 지능형지속위협 공격경로차단을 위해 정보자산에 대한 업무영향평가를 통한 예방통제로 중요한 자산 식별하고 위험을 미리 제거하기 위하여 취약성 분석, 위험분석을 통한 정보통제 정책을 수립하고 서버접근에 대한 내 외부 우회네트워크 통제, 암호화통신 감시를 통해 탐지통제를 수립하고 백업과 복구를 통해 연계 제어된 교정통제를 하여 지능화된 침해대응 할 수 있도록 중앙집중식 지능형 정보보호시스템을 제안한다.

Keywords

References

  1. M. G. Lee, and C. S. Bae, "Next Generation Convergence Security Framework for Advanced Persistent Threat," Journal of The Institute of Electronics Engineering of Korea, vol. 50, no. 9, pp. 92-99, Sep. 2013.
  2. Y. S. Lim, "Review on the Cyber Attack by Advanced Persistent Threat," Journal of The Korean Association for Terrorism Studies, vol. 6, no. 2, pp. 158-178, Jun. 2013.
  3. S. H. Lee, and M. S. Han, "A Study of Defense Method through APT(Advanced Persistent Threat) Penetration Path Analysis in Industrial Network," The Journal of Korean Association for Industry Security, vol. 5, no. 1, pp. 223-253, Jun. 2015.
  4. M. S. Gu, and Y. Z. Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code," Journal of IT Convergence Society for SMB, vol. 5, no. 4, pp. 37-42, Aug. 2015.
  5. H. W. Kim, J. S. Ryu, and D. S. Kim, "Personal Information Protection by Privacy Impact Assessment in Information System Audit," The Journal of the Korea Contents Association, vol. 11, no. 3, pp. 84-99, Mar. 2011. https://doi.org/10.5392/JKCA.2011.11.3.084
  6. NIA, 2015 National Informatization White Paper, National Information Society Agency, 2015.
  7. KISA, 2016 the first quarter Cyber Threat Trend Report, Korea Internet & Security Agency, 2016.
  8. CA Technologies. Target Attack 2012 [Internet]. Available: http://www.ca.com/.
  9. Publication 800-30 Revision 1. Guide for Conducting Risk Assessments [Internet]. Available: http://csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf.
  10. C. S. Ryu, "Operation Plan for the Management of an Information Security System to Block the Attack Routes of Advanced Persistent Threats," in Proceeding of the 39th Conference of the Korea Institute of Information and Communication Engineering, Catholic University of Pusan, pp. 759-761, 2016.