• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.87-99
• /
• 2022

Cyber attacks have become more difficult to detect and track as sophisticated and advanced APT attacks increase. System providence graphs provide analysts of cyber security with techniques to determine the origin of attacks. Various system provenance graph techniques have been studied to reveal the origin of penetration against cyber attacks. In this study, we investigated various system provenance graph techniques and described about data collection and analysis techniques. In addition, based on the results of our survey, we presented some future research directions.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.5
• /
• pp.57-66
• /
• 2023

In this paper, a research trend of attack graph studies for Cyber-Physical System (CPS) environments is surveyed, and we analyse the limitations of previous works and prospect the future directions. 35 among around 150 attack graph studies conducted within 5 years target CPS, and we inspect key features of CPS environment in the security aspect. Also, we categorize and analyze target studies in the aspect of modelling physical systems and considering air gaps, which are derived as key features of the security aspects of CPS. Half of 20 research that we surveyed do not reflect those two features, and other studies only consider one of the two features. In this circumstance, we examine challenges that attack graph studies on CPS environment face. Finally, we expect state-led studies or studies targeting open-spec commercial CPS will dominate.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.5
• /
• pp.567-575
• /
• 2020

As online social networks are used as a critical medium for modern people's information sharing and relationship, their users are increasing rapidly every year. This not only increases usage but also surpasses the existing media in terms of information credibility. Therefore, emerging marketing strategies are deliberately attacking social networks. As a result, public opinion, which should be formed naturally, is artificially formed by online attacks, and many people trust it. Therefore, many studies have been conducted to detect agents attacking online social networks. In this paper, we analyze the trends of researches attempting to detect such online social network attackers, focusing on researches using social network graph characteristics. While the existing content-based techniques may represent classification errors due to privacy infringement and changes in attack strategies, the graph-based method proposes a more robust detection method using attacker patterns.

• Journal of Convergence for Information Technology
• /
• v.11 no.6
• /
• pp.24-32
• /
• 2021

Recently, ransomware attacks have been infected through various channels such as e-mail, phishing, and device hacking, and the extent of the damage is increasing rapidly. However, existing known malware (static/dynamic) analysis engines are very difficult to detect/block against novel ransomware that has evolved like Advanced Persistent Threat (APT) attacks. This work proposes a method for modeling ransomware malicious behavior based on graph databases and detecting novel multi-complex malicious behavior for ransomware. Studies confirm that pattern detection of ransomware is possible in novel graph database environments that differ from existing relational databases. Furthermore, we prove that the associative analysis technique of graph theory is significantly efficient for ransomware analysis performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1021-1030
• /
• 2021

This paper proposes S-CAFG(Stage-based Cyber Attack Flow Graph), a model for effectively describing training scenarios that simulate modern complex cyber attacks. On top of existing graph and tree models, we add a stage node to model more complex scenarios. In order to evaluate the proposed model, we create a complicated scenario and compare how the previous models and S-CAFG express the scenario. As a result, we confirm that S-CAFG can effectively describe various attack scenarios such as simultaneous attacks, additional attacks, and bypass path selection.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.416-418
• /
• 2003

기존의 침입탐지 시스템(IDS)은 침입 단계를 고려하지 않고 독립적이고 단편적인 공격 정보를 제공하기 때문에 관리자나 침입대응 시스템(intrusion response system)이 정보들을 이해하고 적당한 행동을 취하기가 매우 힘들다. 본 논문은 기존 침입 탐지시스템이 제공하는 정보들이 갖는 한계를 극복하기 위하여 모든 침입은 독립되어 존재하는 것이 아니라 서로 다른 공격의 연속으로 이루어 진다는 점에 근거하여 단편적인 공격 정보들의 상관성을 활용하기 위한 기법을 제안한다. 이미 알려진 공격 단계에 대한 상관성 정보를 그래프 형태로 표현하고 공격정보에 따라 전이하는 토큰을 이용하여 단편적인 공격들의 상관성을 분석함으로써 활용하기 용이한 분석 정보를 제공하는 것을 목표로 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.1226-1227
• /
• 2023

최근 그래프 기반 분석에 대한 연구가 활발히 진행되면서 이를 정보 보안 분야에 적용하려는 시도가 이루어지고 있다. 특히 GNN(Graph Neural Network)은 복잡한 네트워크 데이터를 모델링하고 관계를 분석하는 데 효과적이며, 악성 코드 탐지 등 사이버 공격에 대한 대응 능력을 향상시키는 데 활용할 수 있다. 하지만 GNN을 사용하기 위해서는 그래프의 노드가 될 IOC(Indicator of Compromise) 데이터가 필요하다. 본 논문에서는 IOC Extractor 중 하나인 Cyobstract를 통하여 위협 보고서로부터 IOC를 추출하는 방법과 이를 활용하여 그래프를 구축하고 분석할 방향을 제시한다.

• Electronics and Telecommunications Trends
• /
• v.35 no.1
• /
• pp.34-48
• /
• 2020

Currently, cybersecurity technologies are primarily focused on defenses that detect and prevent cyberattacks. However, it is more important to regularly validate an organization's security posture in order to strengthen its cybersecurity defenses, as the IT environment becomes complex and dynamic. Cyberattack simulation technologies not only enable the discovery of software vulnerabilities but also aid in conducting security assessments of the entire network. They can help defenders maintain a fundamental level of security assurance and gain control over their security posture. The technology is gradually shifting to intelligent and autonomous platforms. This paper examines the trends and prospects of cyberattack simulation technologies that are evolving according to these requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.417-430
• /
• 2024

As modern technology advances and the proliferation of the internet continues, cyber threats are also on the rise. To effectively counter these threats, the importance of utilizing Cyber Threat Intelligence (CTI) is becoming increasingly prominent. CTI provides information on new threats based on data from past cyber incidents, but the complexity of data and changing attack patterns present significant analytical challenges. To address these issues, this study aims to utilize graph data that can comprehensively represent multidimensional relationships. Specifically, the study constructs a heterogeneous graph based on malware data, and uses the metapath2vec node embedding technique to more effectively identify cyber attack groups. By analyzing the impact of incorporating topology information into traditional malware data, this research suggests new practical applications in the field of cyber security and contributes to overcoming the limitations of CTI analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.123-128
• /
• 2010

Graph expression of attack scenarios is a necessary method for analysis of vulnerability in server as well as the design for defence against attack. Although various requirement analysis model are used for this expression, they are restrictive to express combination of complex scenarios. Role Based Petri Net suggested in this paper offer an efficient expression model based role on Petri Net which has the advantage of concurrency and visuality and can create unknown scenarios.