• Title/Summary/Keyword: Cyber Incident

Search Result 44, Processing Time 0.022 seconds

The Composition and Analytical Classification of Cyber Incident based Hierarchical Cyber Observables (계층적 침해자원 기반의 침해사고 구성 및 유형분석)

  • Kim, Young Soo;Mun, Hyung-Jin;Cho, Hyeisun;Kim, Byungik;Lee, Jin Hae;Lee, Jin Woo;Lee, Byoung Yup
    • The Journal of the Korea Contents Association
    • /
    • v.16 no.11
    • /
    • pp.139-153
    • /
    • 2016
  • Cyber incident collected from cyber-threat-intelligence sharing Center is growing rapidly due to expanding malicious code. It is difficult for Incident analysts to extract and classify similar features due to Cyber Attacks. To solve these problems the existing Similarity Analysis Method is based on single or multiple cyber observable of similar incidents from Cyber Attacks data mining. This method reduce the workload for the analysis but still has a problem with enhancing the unreality caused by the provision of improper and ambiguous information. We propose a incident analysis model performed similarity analysis on the hierarchically classified cyber observable based on cyber incident that can enhance both availability by the provision of proper information. Appling specific cyber incident analysis model, we will develop a system which will actually perform and verify our suggested model.

Ensemble Model using Multiple Profiles for Analytical Classification of Threat Intelligence (보안 인텔리전트 유형 분류를 위한 다중 프로파일링 앙상블 모델)

  • Kim, Young Soo
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.3
    • /
    • pp.231-237
    • /
    • 2017
  • Threat intelligences collected from cyber incident sharing system and security events collected from Security Information & Event Management system are analyzed and coped with expanding malicious code rapidly with the advent of big data. Analytical classification of the threat intelligence in cyber incidents requires various features of cyber observable. Therefore it is necessary to improve classification accuracy of the similarity by using multi-profile which is classified as the same features of cyber observables. We propose a multi-profile ensemble model performed similarity analysis on cyber incident of threat intelligence based on both attack types and cyber observables that can enhance the accuracy of the classification. We see a potential improvement of the cyber incident analysis system, which enhance the accuracy of the classification. Implementation of our suggested technique in a computer network offers the ability to classify and detect similar cyber incident of those not detected by other mechanisms.

A Study on Improving the Act on Information and Communication Network for Enhancing the Effectiveness of Cyber Incident Reporting (침해사고 신고의 실효성 제고를 위한 정보통신망법 개선 연구)

  • Tae-seung Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.5
    • /
    • pp.801-811
    • /
    • 2023
  • With the cyber incidents increasing every year, opinions are being raised that legal system relating to incident reporting needs to be revised to improve the cyber incident reporting rate, etc. Accordingly, this paper suggests a legal improvement to enhance the effectiveness of cyber incident reporting. First, by analyzing domestic media coverage, this paper defines the problems which need to be improved regarding an incident reporting system as "unreported" and "not timely reporting". Then, this paper finds four requirements for legal improvement like "a reporting entity", "a starting point of reporting", "a reporting deadline" and "a protection of reporting information" by analyzing the relationship between reporting relating problems and issues published by overseas institutions and additionally by analyzing the need to revise the law. Finally, through an analysis of legislative cases, this paper suggests a legal improvement for the requirements.

Study on Real-time Cooperation Protect System Against Hacking Attacks of WiBro Service

  • Park, Dea-Woo
    • Journal of information and communication convergence engineering
    • /
    • v.9 no.4
    • /
    • pp.353-357
    • /
    • 2011
  • U.S. Obama government is submit a motion to consider cyber attacks on State as a war. 7.7DDoS attack in Korea in 2009 and 3.4 DDoS attacks 2011, the country can be considered about cyber attacks. China hackers access a third country, bypassing South Korea IP by hacking the e-commerce sites with fake account, that incident was damaging finance. In this paper, for WiBro service, DDoS attacks, hackers, security incidents and vulnerabilities to the analysis. From hacker's attack, WiBro service's prognostic relevance by analyzing symptoms and attacks, in real time, Divide Red, Orange, Yellow, Green belonging to the risk rating. For hackers to create a blacklist, to defend against attacks in real-time air-conditioning system is the study of security. WiBro networks for incident tracking and detection after the packets through the national incident response should contribute to the development of technology.

Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM (SIEM 기반 사이버 침해사고 대응을 위한 데이터 보완 메커니즘 비교 분석)

  • Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.8 no.5
    • /
    • pp.1-9
    • /
    • 2022
  • As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

A Study on the Infringement Incident Response Curriculum Model in IoT Environment (사물인터넷 환경에서 침해사고대응 교육과정 모델에 관한 연구)

  • Keun-Ho Lee
    • Journal of Internet of Things and Convergence
    • /
    • v.9 no.3
    • /
    • pp.55-60
    • /
    • 2023
  • The IoT environment is very vulnerable to security threats, and if an intrusion occurs, it can cause great damage. In order to strengthen the security of the IoT environment, a curriculum that considers the characteristics of the IoT environment is needed. In this paper, we propose a curriculum model for cyber incident response in the Internet of Things environment. The proposed curriculum model was designed as a model for security threats in the IoT environment, types of intrusion incidents, and incident response procedures. The proposed curriculum model is expected to contribute to improving security awareness in the IoT environment and fostering cyber incident response experts in the IoT field. The proposed curriculum model strengthens the security of the IoT environment and is expected to be safe through security incident response in the IoT.

A Study for Integrating ICS Security Logs with Centralized SIEM (Security Information and Event Management) using OPC Protocol (OPC 프로토콜을 활용한 제어시스템 보안로그 전송방법 고찰 및 통합 로그서버 구축방안)

  • Kim, Jaehong;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.8
    • /
    • pp.1205-1212
    • /
    • 2022
  • Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

A Study on the Development of a Training Course for Ship Cyber Security Officers (선박 사이버보안 책임자를 위한 교육과정 개발에 관한 연구)

  • Lee, Eunsu;Ahn, Young-Joong;Park, Sung-ho
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.26 no.7
    • /
    • pp.830-837
    • /
    • 2020
  • With the rapid development of information and communication technology, information exchange between ships and shore has become faster and more convenient, However, accessing ship information has also become easier and concerns about cyber security attacks are growing. When a ship suffers a cyber-attack, it may cause considerable damage and incurs enormous costs and time to repair. In response to this threat, the maritime industry now demands that a cyber security officer be assigned to each ship to take charge of cyber security management onboard. In order to reduce the damage cause by an attack and to respond effectively, a specialized training course for the ship's cyber security officer is required. The purpose of this study was to present a training course for the position of the ship's cyber security officer, and to highlight the necessity of amending current legislation, To this end, domestic and foreign trends, ship cyber security incident cases, and cyber security training courses were investigated, and based on the results a standard training course for a ship's cyber security of icer was developed. Additionally, recommendations on the related amendments to legislation ware established. The results of the study can be used as basic data to establish future training courses for cyber security officers.

Cyber Attack Type and CERT (인터넷 침해유형과 대응조직)

  • Woo, Sung-hee
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.10a
    • /
    • pp.911-914
    • /
    • 2014
  • The internet is established as the basic infrastructure of our life and we live in cyberspace on internet, and additionally many problems on cyberspace arise. One among them is the most serious cyber attack of the information society. The cyber attacks increase each year, attack type and the intelligence is evolving, and then the cyber ecosystem is getting more complicated. In this study, we analyze the Internet last incident status and type of Internet invasion and hacking methods, and analyze the corresponding national and international organizations and associations active status.

  • PDF

A research on cyber kill chain and TTP by APT attack case study (APT 공격 사례 분석을 통한 사이버 킬체인과 TTP에 대한 연구)

  • Yoon, Youngin;Kim, Jonghwa;Lee, Jaeyeon;Yu, Sukdea;Lee, Sangjin
    • Convergence Security Journal
    • /
    • v.20 no.4
    • /
    • pp.91-101
    • /
    • 2020
  • We analyzed APT attack cases that occurred overseas in the past using a cyber kill chain model and a TTP model. As a result of the analysis, we found that the cyber kill chain model is effective in figuring out the overall outline, but is not suitable for establishing a specific defense strategy, however, TTP model is suitable to have a practical defense system. Based on these analysis results, it is suggested that defense technology development which is based on TTP model to build defense-in-depth system for preparing cyber attacks.