DOI QR코드

DOI QR Code

Analysis of Threat Information Priorities for Effective Security Monitoring & Control

효과적인 보안관제를 위한 위협정보 우선순위 도출

  • 강다연 (동아대학교 경영정보학과)
  • Received : 2021.04.14
  • Accepted : 2021.06.09
  • Published : 2021.10.31

Abstract

This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.

본 논문에서는 기업의 IT시스템에 대한 위협에 대응하고자 하는 기업의 자산을 지켜주는데 매우 중요한 영역인 보안관제 위협정보를 확인하고자 한다. 보안관제는 보안 장비에서 발생한 이벤트, 로그를 중심으로 실시간 분석하여 위협을 판정하고 대응한다. 보안관제 업무에 있어서 우선적으로 위협정보를 평판정보와 분석정보로 구분하여 우선순위를 도출하고자 한다. 평판정보는 Hash, URL, IP, Domain으로 구성하였으며, 분석정보는 E-mail, CMD-Line, CVE, 공격동향정보로 구성하여 분석하였다. 연구결과, 평판정보의 우선순위가 상대적으로 높았으며 위협정보에 대한 정확성과 대응성을 높이는 것에 의의가 있다.

Keywords

Acknowledgement

이 논문은 동아대학교 교내연구비 지원에 의하여 연구되었음.

References

  1. Chae, H. G., Lee, G. H. and Lee, J. Y.(2021). Analysis of Domestic and Foreign Financial Security Research Activities and Trends through Topic Modeling Analysis, Journal of the Korea Industrial Information Systems Research, 26(1), 83-95. https://doi.org/10.9723/JKSIIS.2021.26.1.083
  2. Chanm, F. T. S. and Kumar, N. (2007). Global Supplier Development Considering Risk Factors using Fuzzy Extended AHP-based Approach, Omega, 35(4), 417-431. https://doi.org/10.1016/j.omega.2005.08.004
  3. Choi, Y. B., Kim, J. H., Kim, J. W. and Moon, B. H.(2017). Implementation of OTP Detection System using Imaging Processing, Journal of the Korea Industrial Information Systems Research, 22(6), 17-22. https://doi.org/10.9723/JKSIIS.2017.22.6.017
  4. Gartnet(2017), Innovation Insight for Security Orchestration, Automation and Response, White paper, 30 November.
  5. Harker, D. T. and Vargas, L. G.(1987) The theory of ratio scale estimation: Satty's analytic hierarchy process, Management Science. 33(11), 1383-1403. https://doi.org/10.1287/mnsc.33.11.1383
  6. Hong, J. H. and Lee, B. Y. (2021). Artificial Intelligence-based Security Control Construction and Countermeasures, The Korea Contents Society, 21(1), 531-540.
  7. Jeong, K. M. and Park, H. S. (2011). Design of a Security Monitoring System based on correlation analysis. KSCI review Conference, 335-338.
  8. Jo, C. S. and Shin, Y. T. (2019). A Study on Improvement of Cyber Security Framework for Security Operations Center, Convergence security journal, 19(1), 111-120.
  9. KISA (2020), KrCERT/CC publishes the trends of cyber threat for 2021 with AusCERT, CERT-In, and Sri Lanka CERT| CC, 07 Dec.
  10. Kim, B. I. (2019). Automatic collection and analysis of cyber threat information, ICT R&D Trend, 31-37.
  11. Kim, Y. J., Lee, S. H., Kwon, H. Y. and Lim, J. I. (2009). A Study on the Improvement of Effectiveness in National Cyber Security Monitoring and Control Services, Journal of the Korea Institute of Information Security and Cryptology, 19(1), 103-111. https://doi.org/10.13089/JKIISC.2009.19.1.103
  12. Lee, J. K. and Jo, I. J. (2021), Improvement Mechanism of Security Monitoring and Control Model Using Multiple Search Engines, The Korea Contents Society, 21(1), 284-291.
  13. Lin, C. and Hsieh, P. J. (2004). A Fuzzy Decision Support System for Strategic Portfolio Management. Decision Support Systems, 38, 383-398. https://doi.org/10.1016/S0167-9236(03)00118-0
  14. Oh, Y. T. and Jo, I. J. (2019) Development of Integrated Security Control Service Model based on Artificial Intelligence Technology, Korea Contents Society, 19(1), 108-116.
  15. Park, J. B., Choi, B. H. and Jo, H. S. (2018), A Study on the Activation of Cyber Threat Information Sharing, Journal of The Korean Institute of Communication Sciences, 35(7), 41-48.
  16. Pi, D. K, Park, W. H. (2019). A study on Security Control & Monitoring Model of Industrial Security Threat in the Darkweb Environment, The Korea Association for Industrial Security, 9(1), 117-140.
  17. Satty, T. L. (1990). How to Make a Decision: The Analytic Hierarchy Process, European Iournal of Operation Research, 48(1), 9-26. https://doi.org/10.1016/0377-2217(90)90057-I
  18. So, H. C. and Kim, J. K.(2017). Influence of Information Security Activities of Financial Companies on Information Security Awareness and Information Security Self Confidence : Focusing on the Mediating Effect of Information Security Awareness, Journal of the Korea Industrial Information Systems Research, 22(4), 45-64. https://doi.org/10.9723/JKSIIS.2017.22.4.045
  19. Yonhapnews. (2021). Strengthening the prevention of cyber threats such as hacking, https://www.yna.co.kr(Accessed on Feb, 18th, 2021).