Efficient Operation Model for Effective APT Defense

효율적인 APT 대응 시스템 운영 모델

  • Received : 2017.02.21
  • Accepted : 2017.05.22
  • Published : 2017.06.30


With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.


  1. NTT Security, The NTT Group 2016 Global Threat Intelligence Report
  2. Defense Strategies for Advanced Threats - White Paper: Mapping the SANS 20 Criti cal Security Controls to the Cyber Kill Cha in, NTT Security
  3. The Center for Internet Security, Critical Security Controls for Effective Cyber Defense Version 6.1, Aug 31,2016
  4. Jeff Jarmoc, "SSL/TLS Interception Proxies and Transitive Trust," Dell SecureWorks Counter Threat Unit Threat Intelligence, Black Hat Europe , March 14, 2012.
  5. Gartner, "Security Leaders Must Address Threats from Rising SSL Traffic," December 2013, refreshed in January 2015
  6. LightCyber Cyber Weapons 2016 Report
  7. Chan-Ku Kang, A Study on Context-aware Algorithm for responding to APT attack. December, 2013.
  8. INFOSEC Institute - The Seven Steps of a Successful Cyber Attack-July 11, 2015
  9. Joshua C. Douglas, CTO, Raytheon${\mid}$Websense, WHITE PAPER - Cyber Dwell Time and Lateral Movement, 2015.
  10. Kaspersky Security Bulletin. Predictions for 2017 "Indicators of Compromise' are dead' By Juan
  11. Andres Guerrero-Saade, GReAT, Costin Raiu on November 16, 2016
  12. 5 Advanced Persistent Threat Trends to Expect in 2016 By Jason F-Secure January 01. 2016
  13. Dong-hee Han, Study of Snort Intrusion Detection Rules for Recognition of Intelligent Threats and Response of Active Detection, Journal of The Korea Institute of Information Security & Cryptology, VOL.25, NO.5, Oct. 2015
  14. Ministry of Science, ICT and Future Planning, Press Release, September 2, 2016
  15. Blue Coat Korea, DATANET, May 26, 2016
  16. Sung-Baek HAN, Sung-Kwon Hong, "Measures against the APT attack in the financial sector", Journal of The Korea Institute of Information Security & Cryptology, VOL.23, NO.1, pp. 44-53, Feb. 2013
  17. Eric Hutchins, Michael Cloppert and Rohan Amin "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," The Proceedings of the 6th International Conference on Information Warfare and Security, 6, pp. 113-125, March 17-18, 2011.
  18. Saaty, T. L. "The Analytic Hierarchy Process, McGraw-Hill, New York, 1980."
  19. 2015 Miercom Web Security Effectiveness Test Results, DR150303P, Mirecom, April 2015
  20. Committee on Commerce, Science, and Transportation, A "Kill Chain" Analysis of the 2013 Target Data Breach, Majority Staff Report for Chairman Rockefeller March 26, 2014
  21. SSL Performance Problems, Significant SSL Performance Loss Leaves Much Room For Improvement. NSS Labs, Inc 2013
  22. Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: An approach to Advanced Persistent Threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.
  23. Yamamoto, Takumi, Kiyoto Kawauchi, and Shoji Sakurai. "Proposal of a method detecting malicious processes." Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on. IEEE, 2014
  24. Lee, Suk-Won, and Kyung-Ho Lee. "Decision Making Model for Selecting Financial Company Server Privilege Account Operations." Journal of the Korea Institute of Information Security and Cryptology 25.6 (2015): 1607-1620.
  25. Gilboy, Matthew Ryan. Fighting Evasive Malware with DVasion. Diss. 2016.
  26. Joo, Jung-Uk, et al. "The User Action Event Generator Design for Leading Malicious Behaviors from Malware in Sandbox." International Journal of Security and Its Applications 9.10 (2015): 165-176.
  27. Roman Jasek, Martin Kolarik and Tomas Vymola. "Apt detection system using honeypots." Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC'13), WSEAS Press. 2013.
  28. Beuhring, Aaron, and Kyle Salous. "Beyond blacklisting: Cyberdefense in the era of advanced persistent threats." IEEE Security & Privacy 12.5 (2014): 90-93.
  29. Mustafa, Tarique. "Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management." Electronics, Communications and Photonics Conference (SIECPC), 2013 Saudi International. IEEE, 2013.