DOI QR코드

DOI QR Code

A Study on Building a Cyber Attack Database using Open Source Intelligence (OSINT)

공개출처정보를 활용한 사이버공격 데이터베이스 구축방안 연구

  • 신규용 (육군사관학교 컴퓨터과학과) ;
  • 유진철 (육군사관학교 컴퓨터과학과) ;
  • 한창희 (육군사관학교 컴퓨터과학과) ;
  • 김경민 (육군사관학교 컴퓨터과학과) ;
  • 강성록 (육군사관학교 심리경영학과) ;
  • 문미남 (육군사관학교 수학과) ;
  • 이종관 (육군사관학교 컴퓨터과학과)
  • Received : 2019.04.04
  • Accepted : 2019.06.30
  • Published : 2019.06.30

Abstract

With the development of the Internet and Information Communication Technology, there has been an increase in the amount of Open Source Intelligence(OSINT). OSINT can be highly effective, if well refined and utilized. Recently, it has been assumed that almost 95% of all information comes from public sources and the utilization of open sources has sharply increased. The ISVG and START programs, for example, collect information about open sources related to terrorism or crime, effectively used to detect terrorists and prevent crime. The open source information related to the cyber attacks is, however, quite different from that in terrorism (or crime) in that it is difficult to clearly identify the attacker, the purpose of attack, and the range of damage. In addition, the data itself of cyber attacks is relatively unstructured. So, a totally new approach is required to establish and utilize an OSINT database for cyber attacks, which is proposed in this paper.

인터넷과 정보통신기술의 발달로 매일 대량의 공개출처정보(Open Source Intelligence, OSINT)가 발생하고 있다. 최근에는 전체 정보의 95%가 공개출처정보에서 나온다고 할 정도로 공개출처의 활용도가 높아졌다. 이러한 공개출처정보는 잘 정제되어 활용된다면 매우 효과적인 고가치 정보로 활용될 수 있다. 일례로 ISVG나 START 프로그램은 테러나 범죄와 관련된 공개출처정보를 수집해 테러리스트 색출이나 범죄예방에 활용해 많은 효과를 거두고 있다. 하지만 사이버공격과 관련된 공개출처정보는 기존의 테러나 범죄와 관련된 공개출처정보와는 달리 공격자, 공격목적, 피해범위 등을 명확히 식별하기 어렵고, 자료 자체가 상대적으로 정형화되지 않았다는 특징이 있다. 이러한 이유 때문에 공개출처정보를 활용해 사이버공격에 대한 데이터베이스(Database, DB)를 구축하고 활용하기 위해서는 기존의 방식과는 전혀 다른 새로운 접근방식이 요구된다. 따라서 본 논문에서는 공개출처정보를 활용해 사이버공격 데이터베이스를 구축하는 방법론을 제시하고 향후 활용방안에 대해 토의하고자 한다.

Keywords

References

  1. Jin Gui Min, "National Intelligence Studies, 9th edition", Baeum, Jan. 2019.
  2. Wanhee Lee, Minwoo Yun, and Jung Seok Park, "Intelligence in the Internet Era: Understanding OSINT and Case Analysis", Korean Security Science Review, No. 34, pp. 259-278, 2013.
  3. Byungchul Cho, "A System for National Intelligence Activity Based on All Kinds of OSINT(Open Source INTelligence) on the Internet", Journal of Information and Security, Vol. 3, No. 2, pp. 41-55, June 2003.
  4. Woong Chun, "Open Source Intelligence in the Information Age", Journal of National Intelligence Studies, Vol. 1, No. 1, pp. 151-172, July 2008.
  5. Minwoo Yun, "Construction of Database for Terrorism and Crime through OSINT", The Korean Association of Criminal Psychology, Vol. 13, No. 2, June 2017.
  6. Mabrey Daniel, "Analyzing Terrorist Activities through Operational & Associational Coding of Events: Introducing the Institute for the Study of Violent Groups' Relational Database", ISVG center, 2010.
  7. START, "Global Terrorism Database Codebook : Inclusion Criteria and Variables", START Center. University of Maryland, 2017.
  8. FBI Office of the Program Management Executive, "Security Concept of Operations (S-CONOPS), Investigative Data Warehouse (IDW) Program", Electronic Frontier Foundation, Nov. 2004.
  9. Wanju Kim, Changwook Park, Soojin Lee, and Jaesung Lim, "Methods for Classification and Attack Prediction of Attack Groups based on Framework of Cyber Defense Operations", Journal of KIISE, Vol. 20, No. 6, pp. 317-328, June 2014.
  10. Kyuyong Shin, Jincheol Yoo, Changhee Han, Sungrok Kang, Jongkwan Lee, Minam Moon, Kyoung Min Kim, "A Study on Cyber Threat Analysis based on Open Source Intelligence", Technical Report, ROK Cyber Command, Dec. 2018.
  11. ISVG(Institute for the Study of Violent Groups), ISVG Relational Database Codebook, Sam Houston University, Huntswille, TX. 2005.
  12. Yeongdo Jung and Jeonggi Seog, "A Study on Countermeasures against North Korea's Cyber Attack", Journal of Information and Security, Vol. 16, No. 6, pp 43-50, Oct. 2016.