The Classification Model of Fileless Cyber Attacks

GyungMin Lee, ShinWoo Shim, ByoungMo Cho, TaeKyu Kim, KyoungGon Kim

http://doi.org/10.5626/JOK.2020.47.5.454

Since late 2000, state-sponsored and sophisticated cyber-attacks have continued unabated. Also, preparing countermeasures against cyber-attack techniques based on traces are also in development. Cyber attackers use a variety of techniques to veil their attacks from these analyses and countermeasures. In particular, fileless cyber-attacks that do not create a file used for an attack are increasing. Fileless cyber-attacks are difficult to analyze because there are no executable files to analyze from the defender"s perspective. In this paper, we investigate and analyze fileless cyber-attacks and present a model based on the cyber kill chain to classify fileless cyber-attacks. Through this, it is expected to identify and respond to attack types more quickly than when new fileless cyber-attacks occur.