Browse > Article
http://dx.doi.org/10.7472/jksii.2021.22.3.53

Cyber threat Detection and Response Time Modeling  

Han, Choong-Hee (Information Security Team, Korea Power Exchange)
Han, ChangHee (Dept. of Computer Science, Korea Military Academy)
Publication Information
Journal of Internet Computing and Services / v.22, no.3, 2021 , pp. 53-58 More about this Journal
Abstract
There is little research on actual business activities in the field of security control. Therefore, in this paper, we intend to present a practical research methodology that can contribute to the calculation of the size of the appropriate input personnel through the modeling of the threat information detection response time of the security control and to analyze the effectiveness of the latest security solutions. The total threat information detection response time performed by the security control center is defined as TIDRT (Total Intelligence Detection & Response Time). The total threat information detection response time (TIDRT) is composed of the sum of the internal intelligence detection & response time (IIDRT) and the external intelligence detection & response time (EIDRT). The internal threat information detection response time (IIDRT) can be calculated as the sum of the five steps required. The ultimate goal of this study is to model the major business activities of the security control center with an equation to calculate the cyber threat information detection response time calculation formula of the security control center. In Chapter 2, previous studies are examined, and in Chapter 3, the calculation formula of the total threat information detection response time is modeled. Chapter 4 concludes with a conclusion.
Keywords
Cyber threat; threat information; security control; detection response; TIDRT; CTI;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chrismon D, Ruks M. Threat Intelligence: Collecting, analyzing, evaluating, MWR Infosecurity, UK Cert, United Kingdom; 2015. https://www.foo.be/docs/informations-sharing/Threat-Intelligence-Whitepaper.pdf
2 Sitaram Kowtha, Laura A. Nolan, Rosemary A. Daley, 'Cyber Security Operation Center Characterization Model and Analysis', Johns Hopkins University, Applied Physics Laboratory, 978-1-4673-2709-1/12, IEEE, 2012. https://doi.org/10.1109/THS.2012.6459894
3 Tae-Woong Seo, 'An Analysis of Vulnerabilities and Performance on the CCTV Security Monitoring and Control', Journal of Multimedia, 15(1), Jan, 2012.
4 Han Choong-Hee, "A Study on Cyber Threat Detection Response Analysis and Blocking Method", Doctor's Thesis, Department of Interdisciplinary Program of Information Security Graduate School of Chonnam National University, pp. 1~121. Aug, 2019.
5 McMillan R. Definition: threat intelligence. Gartner; 2013. https://www.gartner.com/imagesrv/media-products/pdf/webroot/issue1_webroot.pdf
6 Gil Sun, Yu, 'A Study on the Cyber Security monitoring Detection and Response', Department of Digital Forensics, The Graduate School of Hanseo University, August, 2018.
7 Han Choong-Hee, "Enhanced Security Control model for critical infrastructures with the blocking prioritization process to cyber threats in power system", International Journal of Critical Infrastructure Protection, Volume 26, 100312, Sept. 2019. https://doi.org/10.1016/j.ijcip.2019.100312   DOI
8 Dalziel H. How to define and build an effective cyber threat intelligence capability. Syngress Publishing of Elsevier; 2014. https://www.sciencedirect.com/book/9780128027301/how-to-define-and-build-an-effective-cyber-threat-intelligencecapability
9 Cyril Onwobiko, 'Cyber Security Operation Centre: Security Monitoring for protecting Business and supporting Cyber Defense Strategy', Intelligence & Security Assurance, E-Security Group, London, UK. 2018. https://doi.org/10.1109/CyberSA.2015.7166125   DOI
10 Eui-yeon Jung, 'A Study on the Integrated Security Monitoring &Control in Financial Investment Industry Computer Networks', Korea Information Processing Society, 19-2, Feb, 2012. https://www.koreascience.or.kr/article/CFKO201221868477405.jsp-kj=SSMHB4&py=2012&vnc=v27n6&sp=588
11 Kim, MinJun, 'A study on the implementation of white-list intrusion detection system on control networks', Department of Industry Security, Graduate School, Kyonggi Univ, Jun, 2011.
12 Han Choong-Hee, 'Oversea IP Ranges Blocking for Security Enhancement of Critical Infrastructures with Cyber Threats Analysis in Electric Industry', Journal of the Korea Institute of Information Security and Cryptology 29(2), pp. 401~415, Apr, 2019. https://doi.org/10.13089/JKIISC.2019.29.2.401   DOI