Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
MITRE ATT&CK ¸ðµ¨À» ÀÌ¿ëÇÑ »çÀ̹ö °ø°Ý ±×·ì ºÐ·ù |
| ¿µ¹®Á¦¸ñ(English Title) |
Cyber attack group classification based on MITRE ATT&CK model |
| ÀúÀÚ(Author) |
ÃÖâÈñ
½ÅÂùÈ£
½Å¼º¿í
Chang-hee Choi
Chan-ho Shin
Sung-uk Shin
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 23 NO. 06 PP. 0001 ~ 0013 (2022. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
Á¤º¸Åë½Å ȯ°æÀÇ ¹ßÀüÀ¸·Î ÀÎÇÏ¿© ±º»ç ½Ã¼³ÀÇ È¯°æ ¶ÇÇÑ ¸¹Àº ¹ßÀüÀÌ ÀÌ·ç¾îÁö°í ÀÖ´Ù. ÀÌ¿¡ ºñ·ÊÇÏ¿© »çÀ̹ö À§Çùµµ Áõ°¡ÇÏ°í ÀÖÀ¸¸ç, ƯÈ÷ ±âÁ¸ ½Ã±×´Ïó ±â¹Ý »çÀ̹ö ¹æ¾îü°è·Î´Â ¸·´Â °ÍÀÌ ¾î·Á¿î APT °ø°ÝµéÀÌ ±º»ç ½Ã¼³ ¹× ±¹°¡ ±â¹Ý ½Ã¼³À» ´ë»óÀ¸·Î ºó¹øÇÏ°Ô ÀÌ·ç¾îÁö°í ÀÖ´Ù. ÀûÀýÇÑ ´ëÀÀÀ» À§ÇØ °ø°Ý±×·ìÀ» ¾Ë¾Æ³»´Â °ÍÀº Áß¿äÇÑ ÀÏÀÌÁö¸¸, ¾ÈƼ Æ÷·»½Ä µîÀÇ ¹æ¹ýÀ» ÀÌ¿ëÇØ Àº¹ÐÇÏ°Ô ÀÌ·ç¾îÁö´Â »çÀ̹ö °ø°ÝÀÇ Æ¯¼º»ó °ø°Ý ±×·ìÀ» ½Äº°ÇÏ´Â °ÍÀº ¸Å¿ì ¾î·Á¿î ÀÏÀÌ´Ù. °ú°Å¿¡´Â °ø°ÝÀÌ Å½ÁöµÈ ÈÄ, ¼öÁýµÈ ´Ù·®ÀÇ Áõ°ÅµéÀ» ¹ÙÅÁÀ¸·Î º¸¾È Àü¹®°¡°¡ ±ä ½Ã°£ µ¿¾È °íµµÀÇ ºÐ¼®À» ¼öÇàÇØ¾ß °ø°Ý±×·ì¿¡ ´ëÇÑ ½Ç¸¶¸®¸¦ °Ü¿ì ÀâÀ» ¼ö ÀÖ¾ú´Ù. º» ³í¹®¿¡¼´Â ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ Å½Áö ÈÄ ÂªÀº ½Ã°£ ³»¿¡ °ø°Ý±×·ìÀ» ºÐ·ùÇس¾ ¼ö ÀÖ´Â ÀÚµ¿È ±â¹ýÀ» Á¦¾ÈÇÏ¿´´Ù. APT °ø°ÝÀÇ °æ¿ì ÀϹÝÀûÀÎ »çÀ̹ö °ø°Ý ´ëºñ °ø°Ý Ƚ¼ö°¡ Àû°í ¾Ë·ÁÁø µ¥ÀÌÅ͵µ ¸¹Áö ¾ÊÀ¸¸ç, ½Ã±×´Ïó ±â¹ÝÀÇ »çÀ̹ö ¹æ¾î ±â¹ýÀ» ¿ìȸÇϵµ·Ï ¼³°è°¡ µÇ¾îÀÖÀ¸¹Ç·Î, ¿ìȸ°¡ ¾î·Á¿î °ø°Ý ¸ðµ¨ ±â¹ÝÀÇ Å½Áö ±â¹ýÀ» ±â¹ÝÀ¸·Î ¾Ë°í¸®ÁòÀ» °³¹ßÇÏ¿´´Ù. °ø°Ý ¸ðµ¨·Î´Â »çÀ̹ö °ø°ÝÀÇ ¸¹Àº ºÎºÐÀ» ¸ðµ¨¸µÇÑ MITRE ATT&CKⓇÀ» »ç¿ëÇÏ¿´´Ù. °ø°Ý ±â¼úÀÇ ¹ü¿ë¼ºÀ» °í·ÁÇÏ¿© ¿µÇ⼺ Á¡¼ö¸¦ ¼³°èÇÏ°í À̸¦ ¹ÙÅÁÀ¸·Î ±×·ì À¯»çµµ Á¡¼ö¸¦ Á¦¾ÈÇÏ¿´´Ù. ½ÇÇè °á°ú Á¦¾ÈÇÏ´Â ¹æ¹ýÀÌ Top-5 Á¤È®µµ ±âÁØ 72.62%ÀÇ È®·ü·Î °ø°Ý ±×·ìÀ» ºÐ·ùÇÔÀ» ¾Ë ¼ö ÀÖ¾ú´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CKⓇ which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy. |
| Å°¿öµå(Keyword) |
»çÀ̹ö °ø°Ý
°ø°Ý ±×·ì À¯»çµµ
°ø°Ý ±×·ì ºÐ·ù
APT
MITRE ATT&CK
Cyber attack
attack group similarity
attack group classification
APT
MITRE ATT&CK
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
