Analysis and Modeling of Advanced Persistent Threat through Case Study

MinJu Kim, Seok-Won Lee

http://doi.org/10.5626/JOK.2019.46.12.1328

Advanced Persistent Threat(APT) attack is one of the cyber-attack methods that continuously attacks the specific target with advanced tools. Since attackers use various methods that are specialized to targets, it is difficult to prevent the attacks with common security countermeasures. Currently, there exist various the APT attack stage models. However, the models only express APT attacks simply. Consequently, it is difficult to use them for risk assessment or as a recommendation for security requirements for a specific system. In order to overcome the limitations of such models, we derived factors of APT attack through a case study for defining the features of APT attack. We have also analyzed and defined the factors and their relationships to construct the APT attack factor model. For validation purpose, the model applied to the actual attack case has been referred to as ‘APT 1’. Through the proposed model, it would be possible to gain understanding about the overall flow of APT attacks and classify attack factors not only in terms of technical aspects but also with respect to social engineering facets.