DOI QR코드

DOI QR Code

Efficient Operation Model for Effective APT Defense

효율적인 APT 대응 시스템 운영 모델

  • Received : 2017.02.21
  • Accepted : 2017.05.22
  • Published : 2017.06.30

Abstract

With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

진보하는 IT의 혁명적인 기술 발전에 따라 사이버 보안에 대한 위협과 보안 사고는 함께 증가하고 있다. 지난 수년 동안 큰 규모의 APT 보안 사고가 국내와 해외에서 다수 발생 하였다. 특히 보안 사고에 대한 피해 사실을 해당 조직 내부에서 스스로 알기 전에 외부에서 전달되는 정보에 의해 알게 되는 경우가 더 많다. 4차 산업혁명 등 진보하는 IT 발전과 함께 생성되는 민감한 데이터의 규모는 점점 더 커져가고 있고 데이터를 보호하기 위해 고비용을 투자하여 주요 데이터를 암호화하고, 접근을 통제하고, 여러 보안 장비의 정보를 수집하여 이상 징후를 찾아내기 위한 SIEM을 구현하는 등 많은 보안 대책을 세우고 있다. 하지만 극도로 지능화된 APT의 경우 내부 침투 사실을 인지하는 것조차 파악하기 어려운 것이 현실이다. 이러한 진보된 APT의 보안위협은 소규모, 대규모 기업 및 공공 기관을 포함하여 전 업계에 큰 부담이 아닐 수 없다. 본 논문에서는 사이버킬체인 체계에 맞추어 주요 취약점 현황을 분석하고 이러한 취약점에 대한 효과적인 대응 방안을 연구하여 운영 조직의 업무 환경과 운영 인력을 고려한 효율적인 APT 대응 운영 모델을 제시하고자 한다.

References

  1. Sung-Baek HAN, Sung-Kwon Hong, "Measures against the APT attack in the financial sector", Journal of The Korea Institute of Information Security & Cryptology, VOL.23, NO.1, pp. 44-53, Feb. 2013
  2. Eric Hutchins, Michael Cloppert and Rohan Amin "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," The Proceedings of the 6th International Conference on Information Warfare and Security, 6, pp. 113-125, March 17-18, 2011.
  3. NTT Security, The NTT Group 2016 Global Threat Intelligence Report
  4. Defense Strategies for Advanced Threats - White Paper: Mapping the SANS 20 Criti cal Security Controls to the Cyber Kill Cha in, NTT Security https://www.solutionary.com/resource-center/white-papers/advanced-threat-protection/
  5. The Center for Internet Security, Critical Security Controls for Effective Cyber Defense Version 6.1, Aug 31,2016
  6. Jeff Jarmoc, "SSL/TLS Interception Proxies and Transitive Trust," Dell SecureWorks Counter Threat Unit Threat Intelligence, Black Hat Europe , March 14, 2012.
  7. Gartner, "Security Leaders Must Address Threats from Rising SSL Traffic," December 2013, refreshed in January 2015
  8. LightCyber Cyber Weapons 2016 Report
  9. Chan-Ku Kang, A Study on Context-aware Algorithm for responding to APT attack. December, 2013.
  10. INFOSEC Institute - The Seven Steps of a Successful Cyber Attack-July 11, 2015
  11. Joshua C. Douglas, CTO, Raytheon${\mid}$Websense, WHITE PAPER - Cyber Dwell Time and Lateral Movement, 2015.
  12. Kaspersky Security Bulletin. Predictions for 2017 "Indicators of Compromise' are dead' By Juan
  13. Andres Guerrero-Saade, GReAT, Costin Raiu on November 16, 2016
  14. 5 Advanced Persistent Threat Trends to Expect in 2016 By Jason F-Secure January 01. 2016 https://business.f-secure.com/5-advanced-persistent-threat-trends-to-expect-in-2016/
  15. Dong-hee Han, Study of Snort Intrusion Detection Rules for Recognition of Intelligent Threats and Response of Active Detection, Journal of The Korea Institute of Information Security & Cryptology, VOL.25, NO.5, Oct. 2015
  16. Ministry of Science, ICT and Future Planning, Press Release, September 2, 2016 http://www.msip.go.kr/web/msipContents/contentsView.do?cateId=mssw311&artId=1310104
  17. Blue Coat Korea, DATANET, May 26, 2016
  18. Saaty, T. L. "The Analytic Hierarchy Process, McGraw-Hill, New York, 1980."
  19. 2015 Miercom Web Security Effectiveness Test Results, DR150303P, Mirecom, April 2015
  20. Committee on Commerce, Science, and Transportation, A "Kill Chain" Analysis of the 2013 Target Data Breach, Majority Staff Report for Chairman Rockefeller March 26, 2014
  21. SSL Performance Problems, Significant SSL Performance Loss Leaves Much Room For Improvement. NSS Labs, Inc 2013
  22. Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: An approach to Advanced Persistent Threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.
  23. Yamamoto, Takumi, Kiyoto Kawauchi, and Shoji Sakurai. "Proposal of a method detecting malicious processes." Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on. IEEE, 2014
  24. Lee, Suk-Won, and Kyung-Ho Lee. "Decision Making Model for Selecting Financial Company Server Privilege Account Operations." Journal of the Korea Institute of Information Security and Cryptology 25.6 (2015): 1607-1620. https://doi.org/10.13089/JKIISC.2015.25.6.1607
  25. Gilboy, Matthew Ryan. Fighting Evasive Malware with DVasion. Diss. 2016.
  26. Joo, Jung-Uk, et al. "The User Action Event Generator Design for Leading Malicious Behaviors from Malware in Sandbox." International Journal of Security and Its Applications 9.10 (2015): 165-176. https://doi.org/10.14257/ijsia.2015.9.10.15
  27. Roman Jasek, Martin Kolarik and Tomas Vymola. "Apt detection system using honeypots." Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC'13), WSEAS Press. 2013.
  28. Beuhring, Aaron, and Kyle Salous. "Beyond blacklisting: Cyberdefense in the era of advanced persistent threats." IEEE Security & Privacy 12.5 (2014): 90-93. https://doi.org/10.1109/MSP.2014.86
  29. Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.