Digital Library[ Search Result ]

Search : [ keyword: APT 공격 ] (2)

CAAM - Model for National-level Cyber Attack Attribution

Min-ho Lee, Chang-wook Park, Wan-ju Kim, Jae-sung Lim

http://doi.org/10.5626/JOK.2020.47.1.19

Recently, security companies have been reporting that some organizations engaging in carry out cyber attacks are suspected of receiving state-sponsored support. To effectively respond to these cyber-attack groups, it is critical to detect and quickly analyze the characteristics of the attacks to identify the countries responsible first for such terroristic acts. This paper presents the attribution model (CAAM) for state-sponsored cyber attacks, and CAAM analyzes the characteristics of such cyber attacks through the four-step process of detection and collection, analysis, evaluation and visualization. The detailed elements for analyzing the characteristics of cyber attacks were divided into five categories: Tools and technology of attack organizations, Infrastructure of attack organizations, Structure of malicious codes, Motivation of attacks, and External factors. Five factors were assessed by country to identify those that support cyber attacks. The application of CAAM is expected to enable rapid analysis of state-sponsored cyber attacks and has validated the effectiveness of the CAAM model through comparison with the existing attack group analysis model.

Analysis and Modeling of Advanced Persistent Threat through Case Study

MinJu Kim, Seok-Won Lee

http://doi.org/10.5626/JOK.2019.46.12.1328

Advanced Persistent Threat(APT) attack is one of the cyber-attack methods that continuously attacks the specific target with advanced tools. Since attackers use various methods that are specialized to targets, it is difficult to prevent the attacks with common security countermeasures. Currently, there exist various the APT attack stage models. However, the models only express APT attacks simply. Consequently, it is difficult to use them for risk assessment or as a recommendation for security requirements for a specific system. In order to overcome the limitations of such models, we derived factors of APT attack through a case study for defining the features of APT attack. We have also analyzed and defined the factors and their relationships to construct the APT attack factor model. For validation purpose, the model applied to the actual attack case has been referred to as ‘APT 1’. Through the proposed model, it would be possible to gain understanding about the overall flow of APT attacks and classify attack factors not only in terms of technical aspects but also with respect to social engineering facets.


Search




Journal of KIISE

  • ISSN : 2383-630X(Print)
  • ISSN : 2383-6296(Electronic)
  • KCI Accredited Journal

Editorial Office

  • Tel. +82-2-588-9240
  • Fax. +82-2-521-1352
  • E-mail. chwoo@kiise.or.kr