Fig. 1. Proposed system framework for unMazeTM
Fig. 2. SW functional block diagram of unMazeTM
Fig. 3. SW functional diagram for gathering information of cyber assets
Fig. 4. Implemented web interface for cyber asset management
Fig. 5. Proposed threat hunting algorithm with threat intelligence
Fig. 6. Implemented cyber COP of unMazeTM for cyber situation awareness
Table 1. Definition of threat hunting maturity matrix.
Table 2. Enhancement of threat hunting maturity level with unMazeTM
References
- Sqrrl Inc., "A Framework for Cyber Threat Hunting," https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper-web.pdf, 2016.
- Carson Zimmerman, "Ten Strategies of a World-Class Cybersecurity Operations Center," The MITRE Cooperation, pp. 8-9, p. 33, p. 45, 2014.
- KISA, "A Manual for CERT Management," https:// www.kisa.or.kr/public/laws/laws3.jsp, p. 3, p. 72, 2010.
- George P. Tadda and John S. Salerno, "Overview of Cyber Situation Awareness," in Cyber Situation Awareness, Springer, pp. 15-35, 2010.
- David J. Bianco, "The Pyramid of Pain," http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html, 2014.
- The MITRE Corporation, Systems Engineering Guide, pp. 175-183, https://www.mitre.org/publications/all/systems-engineering-guide, 2013.
- The MITRE Corporation, Crown Jewels Analysis, http://www.mitre.org/publications/systems-engineeringguide/enterprise-engineering/systems-engineering-formission-assurance/crown-jewels-analysis, 2013.
- Carbon Black Inc., "Eradicate Concealed Threats: Advanced Threat Hunting with Carbon Black," https://www.carbonblack.com/wp-content/uploads.2017/05/Cb_Threat_Hunting_Whitepaper_fin-1.pdf, 2017.
- Cybereason Inc., "Threat Hunting: Answering Am I Under Attack?," https://hi.cybereason.om/threat-hunting-answering-am-i-under-attack, 2017.
- Cybereason Inc., "Threat Hunting 2017 Survey Findings Report," https://hi.cybereason.com/2017-threat-hunting-report, 2017.
- Jaeyeon Lee, "A SW Framework Design for Defense Cyber Situation Awareness System," KIMST Autumn Conference Proceedings, pp. 567-568, 2017.
- Byeongjin Kim, "Opensource based Security Equipment and Asset Monitoring System," KIMST Annual Conference Proceedings, pp. 1367-1368, 2018.
- Dae-Won Hyun, "A Study on Intelligent Cyber Situation Awareness System for Cyber Attacks," KIMST Annual Conference Proceedings, pp. 1478-1479, 2018.
- Chris Fry and Martin Nystrom, "Security Monitoring," O'reilly, pp. 12-13, 2009.
- Bro Framework, https://www.bro.org/sphinx/intro/index.html.
- Richard A. Kemmerer, "Cybaware: A Cyber Awareness Framework for Attack Analysis, Prediction, and Visualization," In ARO/MURI Annual Review, 2014.