Browse > Article
http://dx.doi.org/10.3745/KTCCS.2016.5.11.419

Automatic Creation of Forensic Indicators with Cuckoo Sandbox and Its Application  

Kang, Boong Gu (고려대학교 정보보호대학원 정보보호학과)
Yoon, Jong Seong (고려대학교 정보보호대학원 정보보호학과)
Lee, Min Wook (고려대학교 정보보호대학원 정보보호학과)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.5, no.11, 2016 , pp. 419-426 More about this Journal
Abstract
As the threat of cyber incident grows continuously, the need of IOC(Indicators of Compromise) is increasing to identify the cause of incidents and share it for quick response to similar incidents. But only few companies use it domestically and the research about the application of IOC is deficient compared to foreign countries. Therefore in this paper, a quick and standardized way to create IOC automatically based on the analysis result of malwares from Cuckoo Sandbox and its application is suggested.
Keywords
Incident Response; Indicators of Compromise(IOC); Digital Forensic; Cuckoo Sandbox;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 SANS, "Using IOC (Indicators of Compromise) in Malware Forensic."
2 The honeynet project, "Result of the Forensic Challenge" [Internet], http://old.honeynet.org/challenge/results/index.html.
3 Wikipedia "Indicators of compromise" [Internet], https://en.wikipedia.org/wiki/Indicator_of_compromise.
4 Mandiant [Internet], http://www.openioc.org.
5 MITRE [Internet], https://cyboxproject.github.io.
6 Lee Min Wook, Yoon Jong Seong, and Lee Sang Jin, "Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application," KIPS Tr.Comp. and Comm. Sys., Vol.5, No.4, pp.95-102, 2016.
7 Cuckoo Sandbox [Internet], https://www.cuckoosandbox.org.
8 Olivier Ferrand "How to detext the Cuckoo Sandbox and hardening it?" 22nd EICAR Annual Conference, 2013.
9 SANS, "Attributes of Malicious Files."