CAAM - Model for National-level Cyber Attack Attribution

Min-ho Lee, Chang-wook Park, Wan-ju Kim, Jae-sung Lim

http://doi.org/10.5626/JOK.2020.47.1.19

Recently, security companies have been reporting that some organizations engaging in carry out cyber attacks are suspected of receiving state-sponsored support. To effectively respond to these cyber-attack groups, it is critical to detect and quickly analyze the characteristics of the attacks to identify the countries responsible first for such terroristic acts. This paper presents the attribution model (CAAM) for state-sponsored cyber attacks, and CAAM analyzes the characteristics of such cyber attacks through the four-step process of detection and collection, analysis, evaluation and visualization. The detailed elements for analyzing the characteristics of cyber attacks were divided into five categories: Tools and technology of attack organizations, Infrastructure of attack organizations, Structure of malicious codes, Motivation of attacks, and External factors. Five factors were assessed by country to identify those that support cyber attacks. The application of CAAM is expected to enable rapid analysis of state-sponsored cyber attacks and has validated the effectiveness of the CAAM model through comparison with the existing attack group analysis model.