Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Cyber Threats Prediction model based on Artificial Neural Networks using Quantification of Open Source Intelligence (OSINT)

공개출처정보의 정량화를 이용한 인공신경망 기반 사이버위협 예측 모델

  • 이종관 (육군사관학교 컴퓨터학과) ;
  • 문미남 (육군사관학교 수학과) ;
  • 신규용 (육군사관학교 컴퓨터학과) ;
  • 강성록 (육군사관학교 심리경영학과)
  • Received : 2020.06.29
  • Accepted : 2020.09.27
  • Published : 2020.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Cyber Attack have evolved more and more in recent years. One of the best countermeasure to counter this advanced and sophisticated cyber threat is to predict cyber attacks in advance. It requires a lot of information and effort to predict cyber threats. If we use Open Source Intelligence(OSINT), the core of recent information acquisition, we can predict cyber threats more accurately. In order to predict cyber threats using OSINT, it is necessary to establish a Database(DB) for cyber attacks from OSINT and to select factors that can evaluate cyber threats from the established DB. We are based on previous researches that built a cyber attack DB using data mining and analyzed the importance of core factors among accumulated DG factors by AHP technique. In this research, we present a method for quantifying cyber threats and propose a cyber threats prediction model based on artificial neural networks.

사이버공격은 최근 몇 년간 더욱 더 진화하고 있다. 이렇게 고도화, 정교화된 사이버위협에 대응하기 위한 최선의 대책 중 하나는 사이버 공격을 사전에 예측하는 것이다. 사이버위협을 예측하기 위해서는 많은 정보와 노력이 요구되며 최근 정보획득의 핵심인 공개출처정보(Open Source Intelligence, OSINT)를 활용한다면 사이버위협을 보다 정확히 예측할 수 있을 것이다. 공개출처정보를 활용하여 사이버위협을 예측하기 위해서는 공개출처정보로부터 사이버위협 데이터베이스의 구축과 구축된 DB에서 사이버위협을 평가할 수 있는 요소를 선정하는 것이 선행되어야 한다. 이를 위해 데이터마이닝 기법을 활용하여 DB를 구축하고, 축적된 DB 요소 중 핵심요소에 대한 중요도를 AHP 기법으로 분석한 선행연구를 기초로 하였다. 본 연구에서는 공개출처정보로부터 축적된 사이버공격 DB를 활용하여 사이버위협을 정량화할 수 있는 방안을 제시하고 인공신경망을 기반으로 한 사이버위협 예측 모델을 제안한다.

Keywords

References

  1. Kuyoung Shin, Jinchel Yoo, Changhee Han, et al., "A study on building a cyber attack database using Open Source Intelligence(OSINT)", Convergence Security Journal 19(2), pp. 113-133, 2019.
  2. Sungrok Kang, Minam Moon, Kyuyoung Shin, Joogkwan Lee, "A study on Priority Analysis of Evaluation Factors for Cyber Threats using Open Source Intelligence(OSINT)", Convergence Security Journal 20(1), pp. 49-57, 2020.
  3. C. W. Geib and R. P. Goldman, "Plan recognition in intrusion detection systems," in DARPA Information Survivability Conference amp; Exposition II, 2001. DISCEX '01. Proceedings, 2001.
  4. A. A. Ahmed and N. A. K. Zaman, "Attack intention recognition: A review," IJ Network Security, vol. 19, no. 2, pp. 244-250, 2017.
  5. A. A. Ahmed and N. A. K. Zaman, "Attack intention recognition: A review," IJ Network Security, 2017.
  6. M. Abdlhamed, K. Kifayat, Q. Shi, and W. Hurst, "Intrusion Prediction Systems". Cham: Springer International Publishing, 2017.
  7. N. Polatidis, E. Pimenidis, M. Pavlidis, and H. Mouratidis, "Recommender systems meeting security: From product recommendation to cyber-attack prediction," in Engineering Applications of Neural Networks. Cham: Springer International Publishing, 2017.
  8. K. Huang, C. Zhou, Y. C. Tian, S. Yang, and Y. Qin, "Assessing the physical impact of cyberattacks on industrial cyber-physical systems," IEEE Transactions on Industrial Electronics, vol. 65, no. 10, 2018.
  9. A. Bar, B. Shapira, L. Rokach, and M. Unger, "Identifying Attack Propagation Patterns in Honeypots Using Markov Chains Modeling and Complex Networks Analysis," in Software Science, Technology and Engineering (SWSTE), 2016 IEEE International Conference on.IEEE, 2016.
  10. M. Abdlhamed, K. Kifayat, Q. Shi, and W. Hurst, "A system for intrusion prediction in cloud computing," in Proceedings of the International Conference on Internet of Things and Cloud Computing, ser. ICC '16.New York, NY, USA: ACM, 2016.
  11. G. Werner, S. Yang, and K. McConky, "Time series forecasting of cyber attack intensity," in Proceedings of the 12th Annual Conference on Cyber and Information Security Research, ser. CISRC '17. New York, NY, USA: ACM, 2017.
  12. Y.-B. Leau and S. Manickam, "A Novel Adaptive Grey Verhulst Model for Network Security Situation Prediction," International Journal of Advanced Computer Science & Applications, vol. 1, no. 7, 2016.
  13. F. He, Y. Zhang, D. Liu, Y. Dong, C. Liu, and C. Wu, "Mixed Wavelet-Based Neural Network Model for Cyber Security Situation Prediction Using MODWT and Hurst Exponent Analysis," in Network and System Security. Cham: Springer International Publishing, 2017.
  14. G. K. Jayasinghe, J. S. Culpepper, and P. Bertok, "Efficient and effective realtime prediction of drive-by download attacks," Journal of Network and Computer Applications, vol. 38, pp. 135-149, 2014. https://doi.org/10.1016/j.jnca.2013.03.009
  15. Y.-H. Kim and W. H. Park, "A study on cyber threat prediction based on intrusion detection event for apt attack detection," Multimedia Tools and Applications, vol. 71, no. 2, pp. 685-698, Jul 2014. https://doi.org/10.1007/s11042-012-1275-x
  16. Goodfellow, Ian, et al. "Deep learning," Vol. 1. Cambridge: MIT press, 2016.
  17. Abiodun, Oludare Isaac, et al. "State-of-the-art in artificial neural network applications: A survey." Heliyon, Vol. 4. No. 11, 2018.
  18. Wang, Lin, et al. "Optimal forecast combination based on neural networks for time series forecasting." Applied soft computing 66, pp. 1-17, 2018. https://doi.org/10.1016/j.asoc.2018.02.004
  19. Singh, Navneet, Asheesh Singh, and Manoj Tripathy. "Selection of hidden layer neurons and best training method for ffnn in application of long term load forecasting." Journal of electrical engineering, Vol. 63, No.3, pp. 153-16, 2012. https://doi.org/10.2478/v10187-012-0023-9