A Study on the Concept of Social Engineering Cyber Kill Chain for Social Engineering based Cyber Operations

사회공학 사이버작전을 고려한 사회공학 사이버킬체인 개념정립 연구

  • Shin, Kyuyong (Cyber Warfare Research Center at Korea Military Academy) ;
  • Kim, Kyoung Min (Cyber Warfare Research Center at Korea Military Academy) ;
  • Lee, Jongkwan (Cyber Warfare Research Center at Korea Military Academy)
  • 신규용 (육군사관학교 사이버전 연구센터) ;
  • 김경민 (육군사관학교 사이버전 연구센터) ;
  • 이종관 (육군사관학교 사이버전 연구센터)
  • Received : 2018.05.17
  • Accepted : 2018.08.10
  • Published : 2018.10.31


The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

록히드 마틴사(社)에서 제안한 사이버킬체인은 사이버 공격절차를 7단계로 표준화하고, 각 단계별로 적절한 대응방안을 제시함으로써 궁극적으로 공격자가 공격목적을 달성하지 못하도록 하는 사이버작전 수행 간 방어에 대한 방법론을 제공한다. 이와 같은 사이버킬체인 모델을 활용하면 기존의 방법들로는 대응하기 어려웠던 지능형 지속공격(APT)에 보다 효과적인 대응이 가능하다는 장점이 있다. 하지만 최근의 사이버작전은 목표시스템을 직접 공격하는 기술적 사이버작전보다는 목표시스템 관리자나 사용자의 취약점을 통해 목표시스템을 우회적으로 공격하는 사회공학 사이버작전의 비중이 늘어가고 있는 추세이다. 이런 상황에서 기술적 사이버작전을 방어하기 위한 기존의 사이버킬체인 개념만으로는 사회공학 사이버작전에 효과적으로 대응할 수 없다. 따라서 본 논문에서 우리는 사회공학 사이버 작전에 효과적으로 대응할 수 있는 사회공학 사이버킬체인에 대한 개념을 정립하고자 한다.

JBBHCB_2018_v28n5_1247_f0001.png 이미지

Fig. 1. The Course of Defensive Actions in Different Stages of Cyber Kill Chain(Lockheed Martin[2]).

JBBHCB_2018_v28n5_1247_f0002.png 이미지

Fig. 2. The Procedure of Technical and Social Engineering Cyber Operations[8].

JBBHCB_2018_v28n5_1247_f0003.png 이미지

Fig. 3. The Concept and Procedure of the Social Engineering Cyber Kill Chain Model

Table 1. The Difference between Lockheed Martin and Proposed Cyber Kill Chain for the Scenario

JBBHCB_2018_v28n5_1247_t0001.png 이미지


Supported by : 화랑대연구소


  1. Kang-nyeong Kim, "The Direction and Tasks of Moon Jae-in's Administration's Defense-Military Policy toward North Korea," Korean Association Of Unification Strategy, 2017.
  2. Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," Lockheed Martin, 2011.
  3. Ireneusz Tarnowski, "How to use cyber kill chain model to build cybersecurity?," Case Study, Wroclaw University of Science and Technology, Poland, 2017.
  4. Younghwan Kim and Soojin Lee, "Cyber Kill Chain Strategy for Offensive and Integrated Cyber Operations," Journal of Security Engineering, 2016.
  5. Kwang-Je Kim, Taek-Shin Kang, Jae-Hong Kim, Seunghoon Jung, Jong-Bae Kim, "Cyber Defense Developement Plan based on Cyber Kill Chain," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, 2017.
  6. Taejong Son and Youngbong Kim, "Cyber kill chain concept and defense application directions," KIDA Weekly, no.1653, 2017.
  7. Wenjun Fan, Kevin Lwakatare and Rong Rong, "Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations," Computer Network and Information Security, pp. 1-11, Jan. 2017.
  8. Kyuyong Shin et. al., "A Study on the Concept of Social Engineering based Cyber Operations," Journal of The Korea Institute of Information Security & Cryptology, vol. 28, no. 3, pp. 707-716, Jun. 2018.
  9. Dong Cheon Shin and Young Hoo Park, "Development of Risk Assessment Indices for Social Engineering Attacks," Journal of Security Engineering, 2017.
  10. Virocom, "18 Cyber Security Trends We Are Watching in 2018," 2018.
  11. Roger A. Grimes, "5 computer security facts that surprise most people," 2017.
  12. Republic of Korea Joint Chiefs of Staff, "Joint Cyberspace Operations," Joint Field Manual 3-24, 2016.
  13. Joint Publication 3-12, "Cyberspace Operations," 2013.
  14. Young-Tack Park, "The Possibility of N.K.'s Hybrid Warfare and the Development of the Phases," Journal of Defense Policy Studies, 2011.
  15. Jungho Kang et. al., "A study on the relationship between social engineering and cyberspace operations," ROK Cyber Command Technical Report, 2017.
  16. Yu-seung Sohn, Kil-hyun Nam, Sung-cheol Goh, "On the administrative security approaches against spear phishing attacks," Journal of the Korea Institute of Information and Communication Engineering, 2013.
  17. Michael Alexander, "Methods for Understanding and Reducing Social Engineering Attacks," SANS Institute, Apr. 2016.
  18. David Airehrour, Nisha Vasudevan Nair, and Samaneh Madanian, "Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model," Information, May. 2018.