• 제목/요약/키워드: threat analysis

검색결과 974건 처리시간 0.024초

Unified Psycholinguistic Framework: An Unobtrusive Psychological Analysis Approach Towards Insider Threat Prevention and Detection

  • Tan, Sang-Sang;Na, Jin-Cheon;Duraisamy, Santhiya
    • Journal of Information Science Theory and Practice
    • /
    • 제7권1호
    • /
    • pp.52-71
    • /
    • 2019
  • An insider threat is a threat that comes from people within the organization being attacked. It can be described as a function of the motivation, opportunity, and capability of the insider. Compared to managing the dimensions of opportunity and capability, assessing one's motivation in committing malicious acts poses more challenges to organizations because it usually involves a more obtrusive process of psychological examination. The existing body of research in psycholinguistics suggests that automated text analysis of electronic communications can be an alternative for predicting and detecting insider threat through unobtrusive behavior monitoring. However, a major challenge in employing this approach is that it is difficult to minimize the risk of missing any potential threat while maintaining an acceptable false alarm rate. To deal with the trade-off between the risk of missed catches and the false alarm rate, we propose a unified psycholinguistic framework that consolidates multiple text analyzers to carry out sentiment analysis, emotion analysis, and topic modeling on electronic communications for unobtrusive psychological assessment. The user scenarios presented in this paper demonstrated how the trade-off issue can be attenuated with different text analyzers working collaboratively to provide more comprehensive summaries of users' psychological states.

효과적인 보안관제를 위한 위협정보 우선순위 도출 (Analysis of Threat Information Priorities for Effective Security Monitoring & Control)

  • 강다연
    • 한국산업정보학회논문지
    • /
    • 제26권5호
    • /
    • pp.69-77
    • /
    • 2021
  • 본 논문에서는 기업의 IT시스템에 대한 위협에 대응하고자 하는 기업의 자산을 지켜주는데 매우 중요한 영역인 보안관제 위협정보를 확인하고자 한다. 보안관제는 보안 장비에서 발생한 이벤트, 로그를 중심으로 실시간 분석하여 위협을 판정하고 대응한다. 보안관제 업무에 있어서 우선적으로 위협정보를 평판정보와 분석정보로 구분하여 우선순위를 도출하고자 한다. 평판정보는 Hash, URL, IP, Domain으로 구성하였으며, 분석정보는 E-mail, CMD-Line, CVE, 공격동향정보로 구성하여 분석하였다. 연구결과, 평판정보의 우선순위가 상대적으로 높았으며 위협정보에 대한 정확성과 대응성을 높이는 것에 의의가 있다.

위협 헌팅 개념 정립 및 방어기법 비교분석에 관한 연구 (A Study on the Establishment of Threat Hunting Concept and Comparative Analysis of Defense Techniques)

  • 류호찬;정익래
    • 정보보호학회논문지
    • /
    • 제31권4호
    • /
    • pp.793-799
    • /
    • 2021
  • 위협 헌팅은 기존 보안 솔루션의 한계를 극복하기 위한 방어 기법이며, 최근 위협 헌팅에 대한 관심이 높아지고 있다. 위협 헌팅은 시스템 내부에 존재하는 위협을 식별 및 제거하는 기법으로 인식되고 있지만 그 정의가 명확하지 않기 때문에 모의 해킹, 침입 탐지, 침해사고 분석 등 다른 용어들과 혼용이 많이 발생하고 있다. 따라서 본 논문에서는 보고서 및 논문에서 발췌한 위협 헌팅의 정의를 비교 분석하여 그 의미를 명확히 하고 방어기법을 비교분석한다.

Cyber-attack group analysis method based on association of cyber-attack information

  • Son, Kyung-ho;Kim, Byung-ik;Lee, Tae-jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제14권1호
    • /
    • pp.260-280
    • /
    • 2020
  • Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

정보보호를 위한 다속성 위협지수 : 시뮬레이션과 AHP 접근방법 (Multi-Attribute Threat Index for Information Security : Simulation and AHP Approach)

  • 이강수;김기윤;나관식
    • 한국IT서비스학회지
    • /
    • 제7권1호
    • /
    • pp.117-130
    • /
    • 2008
  • Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

다대다 대응 위협평가 및 무기할당 알고리즘 연구: 탄도미사일 및 장사정포 위협을 중심으로 (A Study of Multi-to-Majority Response on Threat Assessment and Weapon Assignment Algorithm: by Adjusting Ballistic Missiles and Long-Range Artillery Threat)

  • 임준성;유병천;김주현;최봉완
    • 산업경영시스템학회지
    • /
    • 제44권4호
    • /
    • pp.43-52
    • /
    • 2021
  • In weapon assignment studies to defend against threats such as ballistic missiles and long range artillery, threat assessment was partially lacking in analysis of various threat attributes, and considering the threat characteristics of warheads, which are difficult to judge in the early flight stages, it is very important to apply more reliable optimal solutions than approximate solution using LP model, Meta heuristics Genetic Algorithm, Tabu search and Particle swarm optimization etc. Our studies suggest Generic Rule based threat evaluation and weapon assignment algorithm in the basis of various attributes of threats. First job of studies analyzes information on Various attributes such as the type of target, Flight trajectory and flight time, range and intercept altitude of the intercept system, etc. Second job of studies propose Rule based threat evaluation and weapon assignment algorithm were applied to obtain a more reliable solution by reflection the importance of the interception system. It analyzes ballistic missiles and long-range artillery was assigned to multiple intercept system by real time threat assessment reflecting various threat information. The results of this study are provided reliable solution for Weapon Assignment problem as well as considered to be applicable to establishing a missile and long range artillery defense system.

이기종 다중센서 위협데이터 통합 및 대응책 선정 알고리즘 (Algorithm for Threat Data Integration of Multiple Sensor and selection of CounterMeasures)

  • 고은경;우상민;정운섭
    • 한국군사과학기술학회지
    • /
    • 제14권3호
    • /
    • pp.474-481
    • /
    • 2011
  • The Electronic Warfare Computer for the Aircraft Survivability Equipment will improve the ability for countermeasures by analysis about threat information. This paper suggests method that threat data integration of multiple sensors(Radar Warning Receiver, Laser Warning Receiver, Missile Warning Receiver). The algorithm of threat data integration is based on detected threat sequence and azimuth information. The threat sequence information is analyzed in advance and the azimuth data is received from sensors. The suggested method is evaluated through simulation under the environment like real helicopter.

사이버 거점을 활용한 위협탐지모델 연구 (A Study on Threat Detection Model using Cyber Strongholds)

  • 김인환;강지원;안훈상;전병국
    • 융합보안논문지
    • /
    • 제22권1호
    • /
    • pp.19-27
    • /
    • 2022
  • ICT 기술의 혁신적인 발전에 따라 해커의 해킹 수법도 정교하고 지능적인 해킹기법으로 진화하고 있다. 이러한 사이버 위협에 대응하기 위한 위협탐지 연구는 주로 해킹 피해 조사분석을 통해 수동적인 방법으로 진행되었으나, 최근에는 사이버 위협정보 수집과 분석의 중요성이 높아지고 있다. 봇 형태의 자동화 프로그램은 위협정보를 수집하거나 위협을 탐지하기 위해 홈페이지를 방문하여 악성코드를 추출하는 다소 능동적인 방법이다. 그러나 이러한 방법도 이미 악성코드가 유포되어 해킹 피해를 받고 있거나, 해킹을 당한 이후에 식별하는 방법이기 때문에 해킹 피해를 예방할 수 없는 한계점이 있다. 따라서, 이러한 한계점을 극복하기 위해 사이버 거점을 식별, 관리하면서 위협정보를 획득 및 분석하여 실질적인 위협을 탐지하는 모델을 제안한다. 이 모델은 방화벽 등의 경계선 외부에서 위협정보를 수집하거나 위협을 탐지하는 적극적이고 능동적인 방법이다. 사이버 거점을 활용하여 위협을 탐지하는 모델을 설계하고 국방 환경에서 유효성을 검증하였다.

스마트홈 서비스 환경에서의 보안 위험 분석을 위한 위협 모델링 적용 방안 (Application of Threat Modeling for Security Risk Analysis in Smart Home Service Environment)

  • 이윤환;박상건
    • 전기학회논문지P
    • /
    • 제66권2호
    • /
    • pp.76-81
    • /
    • 2017
  • In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

특성화 고등학교 흡연 청소년의 담뱃갑 경고그림 위협인식, 심리적 저항이 금연의도에 미치는 영향 (The influence of threat perception and psychological reactance to cigarette warning labels on intention to quit smoking among smoking adolescents -with focus on industrial specialized high school students)

  • 박수현;박지영
    • 한국보건간호학회지
    • /
    • 제35권2호
    • /
    • pp.283-296
    • /
    • 2021
  • Purpose: The aim of this study was to investigate the influence of threat perception and psychological reactance to graphic health warnings on cigarette packages on intention to quit smoking among smoking adolescents. Methods: The participants were 185 smoking adolescents attending two industrial specialized high schools, who had witnessed graphic health warnings on cigarette packages within the previous 30 days. Collected data were analyzed using descriptive statistics, the t-test, one-way analysis of variance, Pearson's correlation coefficients, and hierarchical multiple regression analysis using SPSS/WIN Ver. 25.0. Results: The results showed that participant threat perception (𝛽=.14, p=.037) after witnessing a cigarette warning message had a positive influence on intention to quit smoking. On the other hand, psychological reactance (𝛽=-.23, p=.001) showed a negative influence on intention to quit smoking. Conclusion: When designing and developing a message for smoking adolescents, customized messages are required to reflect teenagers' characteristics and raise threat perception and lower psychological reactance. In addition, we propose a future study be conducted to determine the influences of various psychological determinants, including self-efficacy and skills, on threat perception and psychological reactance to graphic health warnings on cigarette packages among smoking adolescents.