• Title/Summary/Keyword: APT Attacks

Search Result 88, Processing Time 0.025 seconds

Defending Against Today's Advanced Persistent Threats (최신 APT 해킹공격에 대한 방어)

  • Marpaung, Jonathan A.P.;Lee, HoonJae
    • Annual Conference of KIPS
    • /
    • 2012.11a
    • /
    • pp.954-957
    • /
    • 2012
  • Recent high profile attacks have brought the attention of governments, corporations, and the general public towards the dangers posed by Advanced Persistent Threats. This paper provides an analysis of the attack vectors employed by these actors by studying several recent attacks. We present recommendations on how to best defend against these threats by better classification of critical information infrastructure and assets, people protection, penetration tests, access control, security monitoring, and patch management.

A Study on the Concept of Social Engineering Cyber Kill Chain for Social Engineering based Cyber Operations (사회공학 사이버작전을 고려한 사회공학 사이버킬체인 개념정립 연구)

  • Shin, Kyuyong;Kim, Kyoung Min;Lee, Jongkwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1247-1258
    • /
    • 2018
  • The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

Anomaly Detection for IEC 61850 Substation Network (IEC 61850 변전소 네트워크에서의 이상 징후 탐지 연구)

  • Lim, Yong-Hun;Yoo, Hyunguk;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.939-946
    • /
    • 2013
  • This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.

Graph Database Design and Implementation for Ransomware Detection (랜섬웨어 탐지를 위한 그래프 데이터베이스 설계 및 구현)

  • Choi, Do-Hyeon
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.6
    • /
    • pp.24-32
    • /
    • 2021
  • Recently, ransomware attacks have been infected through various channels such as e-mail, phishing, and device hacking, and the extent of the damage is increasing rapidly. However, existing known malware (static/dynamic) analysis engines are very difficult to detect/block against novel ransomware that has evolved like Advanced Persistent Threat (APT) attacks. This work proposes a method for modeling ransomware malicious behavior based on graph databases and detecting novel multi-complex malicious behavior for ransomware. Studies confirm that pattern detection of ransomware is possible in novel graph database environments that differ from existing relational databases. Furthermore, we prove that the associative analysis technique of graph theory is significantly efficient for ransomware analysis performance.

Analysis of the 2013.3.20 South Korea APT Attack

  • Marpaung, Jonathan A.P.;Kim, Ki Hawn;Park, JeaHoon;Kim, ChangKyun;Lee, HoonJae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.249-252
    • /
    • 2013
  • The recent cyber attacks paralyzed several major banking services, broadcasters, and affected the services of a telecommunications provider. Media outlets classified the attack as cyber terror and named it an Advanced Persistant Threat. Although the attack significantly disrupted these services for at least one day, various components used in the attack were not new. Previous major cyber attacks towards targets in South Korea employed more advanced techniques thus causing greater damage. This paper studies the anatomy of the recent 2013.3.20 attack, studies the technical sophistication of the malware and attack vectors used compared with previous attacks.

  • PDF

Hacking and Countermeasure on Smart TV (스마트 TV 해킹 위협 및 대응방안 분석)

  • Hong, Sunghyuck
    • Journal of Digital Convergence
    • /
    • v.12 no.1
    • /
    • pp.313-317
    • /
    • 2014
  • Smart-phone, PC or tablet platforms, such as smart terminals spread to the masses trying to capitalize. Smart TV also is increasing. In Korea, market size of TV is growing fast with growth of risk of hacking. In this paper, several kinds of Smart TV hacking cases are presented with the possibility of attacks against the vulnerability analysis and countermeasures. Most of the Linux operating system is open. Thus, it is vulnerable for latest hacking techniques. Most are based on the Linux OS to enhance security mount Sand-Box. However, bypass procedure using the technique, or APT attacks can avoid San-Box technique. New hacking techniques and a variety of ways will occur in the future. Therefore, this paper will develop Smart TV, and it analysis of a security threat and establishes better prepared in the future because new hacking attacks are expected to prepare more.

A Implement of Integrated Management Systems for User Fraud Protection and Malware Infection Prevention (악성코드 감염방지 및 사용자 부정행위 방지를 위한 통합 관리 시스템 구현)

  • Min, So-Yeon;Cho, Eun-Sook;Jin, Byung-Wook
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.16 no.12
    • /
    • pp.8908-8914
    • /
    • 2015
  • The Internet continues to grow and develop, but there are going to generate a variety of Internet attacks that exploit it. In the initial Internet environment, the attackers maliciously exploited Internet environments for ostentations and hobbies. but these days many malicious attempts purpose the financial gain so systematic and sophisticated attacks that are associated with various crimes are occurred. The structures, such as viruses and worms were present in the form of one source multi-target before. but recently, APT(Advanced Persistent Threat, intelligent continuous attacks) in the form of multi-source single target is dealing massive damage. The performance evaluation analyzed whether to generate audit data and detect integrity infringement, and false positives for normal traffic, process detecting and blocking functions, and Agent policy capabilities with respect to the application availability.

A Security Monitoring System for Security Information Sharing and Cooperative Countermeasure (협력대응기반 전역네트워크 보안정보공유 시스템)

  • Kim, Ki-Young;Lee, Sung-Won;Kim, Jong-Hyun
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.2
    • /
    • pp.60-69
    • /
    • 2013
  • Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

An Intrusion Detection System based on the Artificial Neural Network for Real Time Detection (실시간 탐지를 위한 인공신경망 기반의 네트워크 침입탐지 시스템)

  • Kim, Tae Hee;Kang, Seung Ho
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.31-38
    • /
    • 2017
  • As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.

Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM (SIEM 기반 사이버 침해사고 대응을 위한 데이터 보완 메커니즘 비교 분석)

  • Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.8 no.5
    • /
    • pp.1-9
    • /
    • 2022
  • As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.