Digital Library[ Search Result ]
A Security Requirements Recommendation Framework Based on APT Attack Cases
MinJu Kim, Sihn-Hye Park, Seok-Won Lee
http://doi.org/10.5626/JOK.2021.48.9.1014
Advanced Persistent Threat (APT) attacks are intelligent and continuous attacks on specific targets. This type of attack is one of the most difficult attacks to detect and defend because it uses an organized and advanced technique for attacking targets, and it continuously attempts to attack the undetected for a certain period. In this paper, we propose a framework that recommends security requirements for real-world APT attacks as a proactive defense against APT attacks. The proposed framework derives attack elements based on scenarios for specific APT attacks and analyzes the relationships between elements. Through case-based reasoning of analytical results, attack patterns are deduced, and security requirements are recommended. For case-based reasoning and security requirements recommendation, we build an integrated knowledge base that includes APT attack knowledge, general security knowledge, and domain-specific knowledge. The integrated knowledge base consists of knowledge-specific ontology and related databases. We implement this framework as a web application to conduct case studies on specific APT attacks.
Analysis and Modeling of Advanced Persistent Threat through Case Study
http://doi.org/10.5626/JOK.2019.46.12.1328
Advanced Persistent Threat(APT) attack is one of the cyber-attack methods that continuously attacks the specific target with advanced tools. Since attackers use various methods that are specialized to targets, it is difficult to prevent the attacks with common security countermeasures. Currently, there exist various the APT attack stage models. However, the models only express APT attacks simply. Consequently, it is difficult to use them for risk assessment or as a recommendation for security requirements for a specific system. In order to overcome the limitations of such models, we derived factors of APT attack through a case study for defining the features of APT attack. We have also analyzed and defined the factors and their relationships to construct the APT attack factor model. For validation purpose, the model applied to the actual attack case has been referred to as ‘APT 1’. Through the proposed model, it would be possible to gain understanding about the overall flow of APT attacks and classify attack factors not only in terms of technical aspects but also with respect to social engineering facets.
Social Engineering based Security Requirements Recommendation Framework to Prevent an Advanced Persistent Threat
http://doi.org/10.5626/JOK.2018.45.10.1015
Advanced Persistent Threat (APT) is a major threat to Socio-Technical System, which constitutes our society. This threat is an attack process rather than a hacking technique, unlike traditional methods of cyberbullying, so it is difficult to detect or defend a wide range of targets for a long period of time using a wide range of exploits. In particular, traditional advanced threats involve technical approaches, such as firewalls, log checks, and packet analysis, in which the first stage of the intelligent, sustained threat analysis involves the ease with which human vulnerabilities are pursued during the early stages of the process. This paper proposes a framework that analyzes the vulnerable social perspective based on the various human factors to prevent advanced persistent threats by using three-layered approach and recommends a security requirement to complement them by using ontology-based approach.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr