The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Anomaly Signal Detection and Management Model using Big Data

빅데이터를 활용한 이상 징후 탐지 및 관리 모델 연구

  • 권영백 (고려대학교 정보보호대학원 금융보안학과) ;
  • 김인석 (고려대학교 사이버국방학과)
  • Received : 2016.10.05
  • Accepted : 2016.12.09
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

APT attack aimed at the interruption of information and communication facilities and important information leakage of companies. it performs an attack using zero-day vulnerabilities, social engineering base on collected information, such as IT infra, business environment, information of employee, for a long period of time. Fragmentary response to cyber threats such as malware signature detection methods can not respond to sophisticated cyber-attacks, such as APT attacks. In this paper, we propose a cyber intrusion detection model for countermeasure of APT attack by utilizing heterogeneous system log into big-data. And it also utilizes that merging pattern-based detection methods and abnormality detection method.

APT(Advanced Persistent Threat)공격은 기관, 기업의 정보통신 설비에 대한 중단 또는 핵심정보의 획득을 목적으로 장기간 IT인프라, 업무환경, 임직원 정보 등의 다양한 정보를 수집하고, 이를 바탕으로 제로데이 공격, 사회공학적기법 등을 이용하여 공격을 실행한다. 악성 시그니처 탐지 등의 단편적인 사이버 위협대응 방법으로는 APT 공격과 같이 고도화된 사이버 공격에 대응하기 어렵다. 본 논문에서는 APT 공격 대응 방안 중 하나로 이종 시스템 로그(Heterogeneous System Log)를 빅데이터로 활용하고, 패턴기반 탐지 방법과 이상 징후 탐지 방법을 병합하여 사이버 침해시도를 탐지하는 모델을 제시하고자 한다.

Keywords

References

  1. Daesung Moon, Hansung Lee, Ikkyun Kim, "Host based Feature Description Method for Detecting APT Attack", Journal of The Korea Institute of Information Security & Cryptology VOL.24, NO.5, Oct. 2014 DOI: https://doi.org/10.13089/jkiisc.2014.24.5.839
  2. MoonGoo, Lee, Chunsock Bae, "A Study for the Principle Cases of Advanced Persistent Threat Attacks", THE INSTITUTE OF ELECTRONICS ENGINEERS OF KOREA pp.939-942, Nov. 2013
  3. Sul-Hwa Im, Jong-Soo Kim, Jun-Keun Yang, Chae-ho Lim, "Present situation of APT and Response Strategies of new malware", Korea Institute Of Information Security And Cryptology VOL.24, NO.2, April. 2014
  4. Sung-Baek HAN, Sung-Kwon Hong, "Countermeasures in APT attack for the financial sector", Korea Institute Of Information Security And Cryptology VOL.23, NO.1, Feb. 2013
  5. Si-Jang Park, Jong-Hoon Park, "Current Status and Analysis of Domestic Security Monitoring Systems", The Korea Institute of Electronic Communication Sciences VOL.9, NO.2, pp.261-266, Feb. 2014 DOI: https://doi.org/10.13067/jkiecs.2014.9.2.261
  6. Jaeho Lee, Sangjin Lee, "A Study on Unknown Malware Detection using Digital Forensic Techniques", Journal of The Korea Institute of Information Security & Cryptology VOL.24, NO.1, Feb. 2014 DOI: https://doi.org/10.13089/jkiisc.2014.24.1.107
  7. Hojin Park, Sangjin Lee, "Build a Digital Evidence Map considered Log-Chain", Journal of The Korea Institute of Information Security & Cryptology VOL.24, NO.3, Jun. 2014 DOI: https://doi.org/10.13089/jkiisc.2014.24.3.523
  8. Jae-Hwa Sim, Sung-Hwan Kim, Tai-Myoung Chung, "A Survey of Solutions using Security Information Event Management", Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.390-391, Jan. 2014
  9. Hyu Keun Shin, Kichul Kim, "Security Monitering Technology trends survey and A Study on the next generation of security monitering framework", Journal of The Korea Institute of Information Security & Cryptology VOL.23, NO.6, Dec. 2014
  10. Kyu-il Kim, Hark-soo Park, Ji-yeon Choi, Sang-jun Ko, Jung-suk Song, "An Auto-Verification Method of Security Events Based on Empirical Analysis for Advanced Security Monitoring and Response", Journal of The Korea Institute of Information Security & Cryptology VOL.24, NO.3, Jun. 2014 DOI: https://doi.org/10.13089/jkiisc.2014.24.3.507
  11. Dae-Soo Choi, Yong-Min Kim, "BigData and Integrated security 2.0", COMMUNICATIONS OF THE KOREA INFORMATION SCIENCE SOCIETY VOL.30, NO.6, pp.65-72, Jun. 2012
  12. DeokJo Jeon, Dong-Gue Park, "Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology", Journal of Korean Institute Of Information Technology. Vol. 12, No. 5, pp. 81-100, May. 2014 DOI: https://doi.org/10.14801/kiitr.2014.12.5.81
  13. Mee Lan Han, Deok Jin Kim, Huy Kang Kim, "Applying CBR algorithm for cyber infringement profiling system", Journal of The Korea Institute of Information Security & Cryptology VOL.23, NO.6, Dec. 2013 DOI: https://doi.org/10.13089/jkiisc.2013.23.6.1069
  14. Hyong-su Park, Huy-kang Kim, Eun-jin Kim, "Hacking Mail Profiling by Applying Case Based Reasoning", Journal of The Korea Institute of Information Security & Cryptology VOL.25, NO.1, Feb. 2015 DOI: https://doi.org/10.13089/jkiisc.2015.25.1.107
  15. Ho-sub Lee, Eung-ki Park, Jung-taek Seo, "A New Method to Detect Anomalous State of Network using Information of Clusters", Journal of the Korea Institute of Information Security and Cryptology VOL.22, NO.3, pp.545-552, Jun. 2012
  16. Ki-Soon Yu, Sul-Hwa Im, Hak-Beom KIM, "Technology Trends of SIEM and direction of improvement", Journal of The Korea Institute of Information Security & Cryptology VOL.23, NO.6, Dec. 2014
  17. Kyung-Shin Kim, "Security Analysis and Improvement of Integrated Security Management System", Journal of Institute of Internet, Broadcasting and Communication VOL.15, No.1, pp.15-23, Feb. 2015 DOI: https://doi.org/10.7236/jiibc.2015.15.1.15