Browse > Article
http://dx.doi.org/10.6109/jkiice.2016.20.6.1129

The Analysis of the APT Prelude by Big Data Analytics  

Choi, Chan-young (Department of Convergence Technology, Hoseo Graduate School of Venture)
Park, Dea-woo (Department of Convergence Technology, Hoseo Graduate School of Venture)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.20, no.6, 2016 , pp. 1129-1135 More about this Journal
Abstract
The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.
Keywords
Big Data Analysis; APT attack; Prelude; Cyber terror;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 S. B. Han and S. K. Hong, "Financial Services Industry's Reaction Plan to Defend APT Attack," J. Korea Inst. Info. Security & Cryptology, vol. 2, no. 1, pp. 44-53, 2013.
2 Ministry of Science, ICT and Future Planning in Rep. of Korea. 3.20 Cyberterror Investigation Interim Report[Internet]. Available: http://korea.kr/policy/mainView.do?newsId=148758717.
3 Privacy Info. Crime Gov. Joint Investigation Dept. in Rep. of Korea. KHNP Cyberterror Incident Investigation Interim Report[Internet]. Available: http://www.spo.go.kr/_custome/spo/_common/board/download.jsp?attach_no=154704.
4 Peter Zadrozny and Ragha Kodali, Big Data Analytics Using Splunk,,1st ed, New York, NY: Apress,, 2013.
5 John D. Kelleher, Brian Mac Namee and Aoife D'Arcy, Fundamentals of Machine Learning for Predictive Analytics, 1st ed, Cambridge, MA: The MIT Press, 2015.
6 W. P. Kim, "Analysis of Global Research Trend on Information Security," J. Korea Inst. Inf. Commun. Eng, vol. 19, no. 5, pp. 1110-1116, May 2015.   DOI
7 D. H. Choi et al., "Tha Application Method of Machine Learning for Analyzing User Transaction Tendency in Big Data environment," J. Korea Inst. Inf. Commun. Eng, vol. 19, no. 10, pp. 2232-2240, Oct. 2015.   DOI
8 Sumeet Dua and Xian Du, Data Mining and Machine Learning in Cybersecurity, New York, NY: CRC Press, 2011.
9 Elshoush. H. Tagelsir. and I. M. Osmank, "Alert correlation in collaborative intelligent intrusion detection systems - A survey." Applied Soft Computing In Press, vol. 11, no. 7, pp. 4349-4365, Oct. 2011.   DOI
10 K. Julish, "Mining alarm clusters to improve alarm handling efficiency.," Proceedings of the 17th Annual Conference on Computer Security Applications, vol. 10, no. 14, pp. 12-21, Dec. 2001.
11 S. Cheung, U. Lindqvist, "Modeling multistep cyber attacks for scenario recognition," DARPA Information Survivability Conference and Exposition, vol. 1, pp.284-292, Apr. 2003.
12 H. Debar. and A. Wespi, "Aggregation and correlation of intrusion detection alerts," Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pp. 85-103, 2001.
13 B. Morin, L. Me, H. Debar, and M. Ducasse, "M2D2: A formal data model for IDS alert correlation," Proc. Recent Advances in Intrusion Detection, pp. 115-137, 2002.
14 X. Qin and W. Lee, "Statistical causality analysis of infosec alert data." in Proceedings of The 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, Sep. 2003.
15 X. Qin and W. Le, "Statistical causality analysis of infosec alert data", Lecture Notes in Computer Science, vol. 2820, pp. 73-93, Sep. 2003.   DOI
16 A. Valdes and K. Skinner, Probabilistic alert correlation, Berlin, HDB: Springer, 2001.
17 C. Y. Choi and D. W. Woo, "The Analysis of the APT Prelude by Big Data Analytics", in Proceedings of The 39th Conference of KIICE, vol. 20, no. 1, pp. 317-320, May 2016.
18 O. Dain and R. Cunninghan, "Building scenarios from a heterogeneous alert stream," in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp. 231-235, Jun. 2001.
19 K. H. Son, T. J. Lee and D. Won, "Design for Zombie PCs and APT Attack Detection based on traffic analysis," J. Korea Inst. Info. Security & Cryptology, vol. 24, no. 3, pp. 491-498, Jun. 2014.   DOI