Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.501

Efficient Operation Model for Effective APT Defense  

Han, Eun-hye (Korea University)
Kim, In-seok (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 501-519 More about this Journal
Abstract
With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.
Keywords
APT; Sandboxing; Web Proxy; Cyber Kill Chain; Real-time Filtering;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Yamamoto, Takumi, Kiyoto Kawauchi, and Shoji Sakurai. "Proposal of a method detecting malicious processes." Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on. IEEE, 2014
2 Lee, Suk-Won, and Kyung-Ho Lee. "Decision Making Model for Selecting Financial Company Server Privilege Account Operations." Journal of the Korea Institute of Information Security and Cryptology 25.6 (2015): 1607-1620.   DOI
3 Gilboy, Matthew Ryan. Fighting Evasive Malware with DVasion. Diss. 2016.
4 Joo, Jung-Uk, et al. "The User Action Event Generator Design for Leading Malicious Behaviors from Malware in Sandbox." International Journal of Security and Its Applications 9.10 (2015): 165-176.   DOI
5 Roman Jasek, Martin Kolarik and Tomas Vymola. "Apt detection system using honeypots." Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC'13), WSEAS Press. 2013.
6 Beuhring, Aaron, and Kyle Salous. "Beyond blacklisting: Cyberdefense in the era of advanced persistent threats." IEEE Security & Privacy 12.5 (2014): 90-93.   DOI
7 Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.
8 The Center for Internet Security, Critical Security Controls for Effective Cyber Defense Version 6.1, Aug 31,2016
9 NTT Security, The NTT Group 2016 Global Threat Intelligence Report
10 Defense Strategies for Advanced Threats - White Paper: Mapping the SANS 20 Criti cal Security Controls to the Cyber Kill Cha in, NTT Security https://www.solutionary.com/resource-center/white-papers/advanced-threat-protection/
11 Chan-Ku Kang, A Study on Context-aware Algorithm for responding to APT attack. December, 2013.
12 Jeff Jarmoc, "SSL/TLS Interception Proxies and Transitive Trust," Dell SecureWorks Counter Threat Unit Threat Intelligence, Black Hat Europe , March 14, 2012.
13 Gartner, "Security Leaders Must Address Threats from Rising SSL Traffic," December 2013, refreshed in January 2015
14 LightCyber Cyber Weapons 2016 Report
15 Andres Guerrero-Saade, GReAT, Costin Raiu on November 16, 2016
16 INFOSEC Institute - The Seven Steps of a Successful Cyber Attack-July 11, 2015
17 Joshua C. Douglas, CTO, Raytheon${\mid}$Websense, WHITE PAPER - Cyber Dwell Time and Lateral Movement, 2015.
18 Kaspersky Security Bulletin. Predictions for 2017 "Indicators of Compromise' are dead' By Juan
19 Dong-hee Han, Study of Snort Intrusion Detection Rules for Recognition of Intelligent Threats and Response of Active Detection, Journal of The Korea Institute of Information Security & Cryptology, VOL.25, NO.5, Oct. 2015
20 5 Advanced Persistent Threat Trends to Expect in 2016 By Jason F-Secure January 01. 2016 https://business.f-secure.com/5-advanced-persistent-threat-trends-to-expect-in-2016/
21 Ministry of Science, ICT and Future Planning, Press Release, September 2, 2016 http://www.msip.go.kr/web/msipContents/contentsView.do?cateId=mssw311&artId=1310104
22 Blue Coat Korea, DATANET, May 26, 2016
23 2015 Miercom Web Security Effectiveness Test Results, DR150303P, Mirecom, April 2015
24 Sung-Baek HAN, Sung-Kwon Hong, "Measures against the APT attack in the financial sector", Journal of The Korea Institute of Information Security & Cryptology, VOL.23, NO.1, pp. 44-53, Feb. 2013
25 Eric Hutchins, Michael Cloppert and Rohan Amin "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," The Proceedings of the 6th International Conference on Information Warfare and Security, 6, pp. 113-125, March 17-18, 2011.
26 Saaty, T. L. "The Analytic Hierarchy Process, McGraw-Hill, New York, 1980."
27 Committee on Commerce, Science, and Transportation, A "Kill Chain" Analysis of the 2013 Target Data Breach, Majority Staff Report for Chairman Rockefeller March 26, 2014
28 SSL Performance Problems, Significant SSL Performance Loss Leaves Much Room For Improvement. NSS Labs, Inc 2013
29 Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: An approach to Advanced Persistent Threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.