Browse > Article
http://dx.doi.org/10.33778/kcsa.2022.22.1.019

A Study on Threat Detection Model using Cyber Strongholds  

Inhwan Kim (세종대학교/컴퓨터공학과)
Jiwon Kang (세종대학교/컴퓨터공학과)
Hoonsang An (강릉원주대학교/소프트웨어학과)
Byungkook Jeon (강릉원주대학교/소프트웨어학과)
Publication Information
Convergence Security Journal / v.22, no.1, 2022 , pp. 19-27 More about this Journal
Abstract
With the innovative development of ICT technology, hacking techniques of hackers are also evolving into sophisticated and intelligent hacking techniques. Threat detection research to counter these cyber threats was mainly conducted in a passive way through hacking damage investigation and analysis, but recently, the importance of cyber threat information collection and analysis is increasing. A bot-type automation program is a rather active method of extracting malicious code by visiting a website to collect threat information or detect threats. However, this method also has a limitation in that it cannot prevent hacking damage because it is a method to identify hacking damage because malicious code has already been distributed or after being hacked. Therefore, to overcome these limitations, we propose a model that detects actual threats by acquiring and analyzing threat information while identifying and managing cyber bases. This model is an active and proactive method of collecting threat information or detecting threats outside the boundary such as a firewall. We designed a model for detecting threats using cyber strongholds and validated them in the defense environment.
Keywords
Cyber Strongholds; Cyber Threat Intelligence; Threat Detection; Advanced Persistent Threat;
Citations & Related Records
Times Cited By KSCI : 11  (Citation Analysis)
연도 인용수 순위
1 Jae-Hyun Choi, Hoo-Jin Lee, "A Study on the Real-time Cyber Attack Intrusion Detection Method", Journal of the Korea Convergence Society Vol. 9. No. 7, pp. 55-62, 2018. https://doi.org/10.15207/JKCS.2018.9.7.055.   DOI
2 Alper Caglayan, Mike Toothaker, Dan Drapeau, Dustin Burke & Gerry Eaton, "Behavioral analysis of botnets for threat intelligence", Information Systems and e-Business Management Vol. 10, pp.491-519, Dec. 2012. https://doi.org/10.1007/s10257-011-0171-7   DOI
3 Fireeye Mandiant, "what is cyber threat intelligence", DOI:https://www.fireeye.kr/mandiant/threat-intelligence/what-is-cyber-threat-intelligence.html
4 Gartner, "Security Threat Intelligence Products and Services Reviews and Ratings", DOI:https://www.gartner.com/reviews/market/security-threat-intelligence-services.
5 SANS, "The Evolution of Cyber Threat Intelligence(CTI) : 2019 SANS CTI Survey", DOI:https://www.sans.org/whitepapers/38790/.
6 김경한, 이슬기, 김병익, 박순태, "OSINT기반의 활용 가능한 사이버 위협 인텔리전스 생성을 위한 위협정보수집 시스템", 정보보호학회지, pp. 75-80, 제29권 제6호, Dec. 2019. DOI:https://www.koreascience.or.kr/article/JAKO201904533932647.pdf.
7 SSeung-Soo Nam, Chang-Ho Seo, Joo-Young Lee, Jong-Hyun Kim, Ik-Kyun Kim, "Context cognition technology through integrated cyber security context analysis", Journal of Digital Convergence Vol. 13, No 1, pp.313-319, Jan, 2015. DOI : https://www.earticle.net/Article/A239116.   DOI
8 Kim Namuk, Eom Jungho, "Attack Path and Intention Recognition System for detecting APT Attack", Journal of Korea Society of Digital Industry and Information Management, Vol. 16. No. 1, pp. 67-78, 2020. DOI: https://doi.org/10.17662/ksdim.2020.16.1.067.   DOI
9 Lim Changwan, Shin Youngsup, Lee Dongjae, Cho Sungyoung, Han Insung, Oh Haengrok, "Real-time Cyber Threat Intelligent Analysis and Prediction Technique", KIISE transactions on computing practices Vol.25, No.11, pp.565-570, 2019. DOI : 10.5626/KTCP.2019.25.11.565.   DOI
10 Han Choong-Hee, Han ChangHee, "Cyber threat Detection and Response Time Modeling", Journal of Internet Computing and Services, Vol.22, No.3, pp.53-58, Jun. 2021. https://doi.org/10.7472/jksii.2021.22.3.53.   DOI
11 T. Mattern, J. Felker, R. Borum, G. Bamford, "Operational Levels of Cyber Intelligence", International Journal of Intelligence and Counterintelligence, 27 : 702-719, 2014. https://doi.org/10.1080/08850607.2014.924811.   DOI
12 Se-Ho Lee, In-June Jo, "Proposal of Security Orchestration Service Model based on Cyber Security Framework", The Journal of the Korea Contents Association Vol.20, No.7, pp.618-628, 2020. https://doi.org/10.5392/JKCA.2020.20.07.618.   DOI
13 Jae-Hyun Choi, Hoo-Jin Lee, "A Study on the Real-time Cyber Attack Intrusion Detection Method", Journal of the Korea Convergence Society Vol. 9. No. 7, pp. 55-62, 2018. https://doi.org/10.15207/JKCS.2018.9.7.055.   DOI
14 Inhwan Kim, Dukyun Kim, Sungkuk Cho, Byungkook Jeon, "A Method for Original IP Detection of VPN Accessor", The Journal of The Institute of Internet, Broadcasting and Communication(IIBC) Vol. 21, No. 3, pp.91-98, Jun. 30, 2021. DOI:https://doi.org/10.7236/JIIBC.2021.21.3.91.   DOI
15 ENISA, "Threat Landscape Report 2016", European Union Agency for Cybersecurity (ENISA), Jan. 2017. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016.
16 https://ichi.pro/ko/cti-cyber-threat-intelligence-yoyag-1-124932966514066.
17 Jongwon Choi, Yesol Kim, Byung-gil Min, "A Study on ICS Security Information Collection Method Using CTI Model", Journal of The Korea Institute of Information Security & Cryptology Vol.28, No.2, pp.471-484, Apr. 2018. DOI:10.13089/JKIISC.2018.28.2.471.   DOI
18 http://www.foolmoon.net/security/wft/index.html, "Windows Forensic Toolchest", (검색일: 2021.12.23.).
19 https://www.krcert.or.kr/webprotect/ctas.do, "사이버 위협정보분석공유(C-TAS) 시스템", (검색일: 2021.12.23.).
20 엄정호, "모자이크전 수행 개념을 적용한 능동형 상황 탄력적 사이버 방어작전", 융합보안논문지, 21(4), pp.41-48, 2021.
21 Nenekazi N. P. Mkuzangwe, Zubeida C. Khan, "Cyber-Threat Information-Sharing Standards: A Review of Evaluation Literature", The African Journal of Information and Communication(AJIC) On-line version vol.25 Johannesburg 2020. DOI:http://dx.doi.org/10.23962/10539/29191.   DOI
22 McMillan R. Definition: threat intelligence. Gartner; 2013. https://www.gartner.com/imagesrv/media-products/pdf/webroot/issue1_webroot.pdf.
23 Chrismon D, Ruks M. Threat Intelligence: Collecting, analyzing, evaluating, MWR Infosecurity, UK Cert, United Kingdom; 2015. https://www.foo.be/docs/informations-sharing/Threat-Intelligence-Whitepaper.pdf.
24 Dalziel H. How to define and build an effective cyber threat intelligence capability. Syngress Publishing of Elsevier; 2014. https://www.sciencedirect.com/book/9780128027301/how-to-define-and-build-an-effective-cyber-threat-intelligencecapabilit.
25 Md. Farhan Haque, Ram Krishnan, "Toward Automated Cyber Defense with Secure Sharing of Structured Cyber Threat Intelligence", Information Systems Frontiers 2021 -Springer, DOI:https://doi.org/10.1007/s10796-020-10103-7.   DOI
26 Se-Ho Lee, In-June Jo, "Proposal of Security Orchestration Service Model based on Cyber Security Framework", The Journal of the Korea Contents Association Vol.20, No.7, pp.618-628, 2020. https://doi.org/10.5392/JKCA.2020.20.07.618.   DOI