Browse > Article
http://dx.doi.org/10.7472/jksii.2021.22.1.41

A Study on Defense and Attack Model for Cyber Command Control System based Cyber Kill Chain  

Lee, Jung-Sik (2nd R&D Institute - 3rd Directorate, Agency for Defense Development)
Cho, Sung-Young (2nd R&D Institute - 3rd Directorate, Agency for Defense Development)
Oh, Heang-Rok (2nd R&D Institute - 3rd Directorate, Agency for Defense Development)
Han, Myung-Mook (School of AI Software, GaChon University)
Publication Information
Journal of Internet Computing and Services / v.22, no.1, 2021 , pp. 41-50 More about this Journal
Abstract
Cyber Kill Chain is derived from Kill chain of traditional military terms. Kill chain means "a continuous and cyclical process from detection to destruction of military targets requiring destruction, or dividing it into several distinct actions." The kill chain has evolved the existing operational procedures to effectively deal with time-limited emergency targets that require immediate response due to changes in location and increased risk, such as nuclear weapons and missiles. It began with the military concept of incapacitating the attacker's intended purpose by preventing it from functioning at any one stage of the process of reaching it. Thus the basic concept of the cyber kill chain is that the attack performed by a cyber attacker consists of each stage, and the cyber attacker can achieve the attack goal only when each stage is successfully performed, and from a defense point of view, each stage is detailed. It is believed that if a response procedure is prepared and responded, the chain of attacks is broken, and the attack of the attacker can be neutralized or delayed. Also, from the point of view of an attack, if a specific response procedure is prepared at each stage, the chain of attacks can be successful and the target of the attack can be neutralized. The cyber command and control system is a system that is applied to both defense and attack, and should present defensive countermeasures and offensive countermeasures to neutralize the enemy's kill chain during defense, and each step-by-step procedure to neutralize the enemy when attacking. Therefore, thist paper proposed a cyber kill chain model from the perspective of defense and attack of the cyber command and control system, and also researched and presented the threat classification/analysis/prediction framework of the cyber command and control system from the defense aspect
Keywords
Cyber Command Control System; Cyber Kill Chain Model; Defense Model; Attack Model; threat classification/analysis/prediction framework;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Sung-young Cho, Insung Han, YoungSyup Shin, DongJea Lee, ChangWan Lim, Haengrok Oh, "Automation Method ofcyber threat scenario analysis and prediction", CISC-S, pp.564-569, 2018.
2 Sung-young Cho, Insung Han, Hyunsook Jeong, Sungmo Koo, Moosung Park, "Killchain model and cyber threat classification for cyber situational awareness", CISC-S, pp.149-153, 2017.
3 Bryan Harris, Eli Konikoff, and Phillip Petersen, "Breaking the DDoS attack chain", Institute for Software Research, 2013.
4 Bin Zhu and Ali A. Ghorbani, "Alert correlation for extracting attack strategies", IJ Network Security, vol.3, no.3, pp.244-258, 2006. http://ijns.jalaxy.com.tw/contents/ijns-v3-n3/ijns-2006-v3-n3-p244-258.pdf
5 Sungyoung Cho, Insung Han, Hyunsook Jeong, Jinsoo Kim, Sungmo Koo, Haengrok Oh and Moosung Park, "Cyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture", Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2018), 2018 International Conference on. IEEE, pp 1-8. 2018. https://doi.org/10.1109/CyberSA.2018.8551383   DOI
6 Dongho Kang and Jungchan Na, "A rule based event correlation approach for physical and logical security convergence", IJCSNS, 12(1), pp.28, 2012. http://paper.ijcsns.org/07_book/201201/20120104.pdf
7 Tarun Yadav and Arvind Mallari Rao, "Technical aspects of cyber kill chain", International Symposium on Security in Computing and Communication, pp.438-452, Springer, 2015. https://arxiv.org/pdf/1606.03184.pdf
8 MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge), https://attack.mitre.org/wiki/Main_Page
9 Ali Ahmadian Ramaki and Abbas Rasoolzadegan, "Causal knowledge analysis for detecting and modeling multi-step attacks", Security and Communication Networks, 9(18), pp.6042-6065, Wiley Online Library, 2016. https://doi.org/10.1002/sec.1756|   DOI
10 Chih-Hung Wang and Ye-Chen Chiou, "Alert correlation system with automatic extraction of attack strategies by using dynamic feature weights", International Journal of Computer and Communication Engineering, 5(1), pp.1, IACSIT Press, 2016. https://doi.org/10.17706/IJCCE.2016.5.1.1-10   DOI