Browse > Article
http://dx.doi.org/10.9766/KIMST.2018.21.6.807

A Study for Cyber Situation Awareness System Development with Threat Hunting  

Lee, Jaeyeon (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Choi, Jeongin (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Park, Sanghyun (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Kim, Byeongjin (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Hyun, Dae-Won (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Kim, Gwanyoung (C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.)
Publication Information
Journal of the Korea Institute of Military Science and Technology / v.21, no.6, 2018 , pp. 807-816 More about this Journal
Abstract
Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.
Keywords
Threat hunting; CSOC; Cyber Situation Awareness System; Real-Time Threat Information Gathering; Cyber Asset Management; Cyber COP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Sqrrl Inc., "A Framework for Cyber Threat Hunting," https://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper-web.pdf, 2016.
2 Carson Zimmerman, "Ten Strategies of a World-Class Cybersecurity Operations Center," The MITRE Cooperation, pp. 8-9, p. 33, p. 45, 2014.
3 KISA, "A Manual for CERT Management," https:// www.kisa.or.kr/public/laws/laws3.jsp, p. 3, p. 72, 2010.
4 George P. Tadda and John S. Salerno, "Overview of Cyber Situation Awareness," in Cyber Situation Awareness, Springer, pp. 15-35, 2010.
5 David J. Bianco, "The Pyramid of Pain," http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html, 2014.
6 The MITRE Corporation, Systems Engineering Guide, pp. 175-183, https://www.mitre.org/publications/all/systems-engineering-guide, 2013.
7 The MITRE Corporation, Crown Jewels Analysis, http://www.mitre.org/publications/systems-engineeringguide/enterprise-engineering/systems-engineering-formission-assurance/crown-jewels-analysis, 2013.
8 Carbon Black Inc., "Eradicate Concealed Threats: Advanced Threat Hunting with Carbon Black," https://www.carbonblack.com/wp-content/uploads.2017/05/Cb_Threat_Hunting_Whitepaper_fin-1.pdf, 2017.
9 Cybereason Inc., "Threat Hunting: Answering Am I Under Attack?," https://hi.cybereason.om/threat-hunting-answering-am-i-under-attack, 2017.
10 Cybereason Inc., "Threat Hunting 2017 Survey Findings Report," https://hi.cybereason.com/2017-threat-hunting-report, 2017.
11 Jaeyeon Lee, "A SW Framework Design for Defense Cyber Situation Awareness System," KIMST Autumn Conference Proceedings, pp. 567-568, 2017.
12 Byeongjin Kim, "Opensource based Security Equipment and Asset Monitoring System," KIMST Annual Conference Proceedings, pp. 1367-1368, 2018.
13 Richard A. Kemmerer, "Cybaware: A Cyber Awareness Framework for Attack Analysis, Prediction, and Visualization," In ARO/MURI Annual Review, 2014.
14 Dae-Won Hyun, "A Study on Intelligent Cyber Situation Awareness System for Cyber Attacks," KIMST Annual Conference Proceedings, pp. 1478-1479, 2018.
15 Chris Fry and Martin Nystrom, "Security Monitoring," O'reilly, pp. 12-13, 2009.
16 Bro Framework, https://www.bro.org/sphinx/intro/index.html.