• Title, Summary, Keyword: Cyber KillChain

Search Result 11, Processing Time 0.03 seconds

A Study on the Concept of Social Engineering Cyber Kill Chain for Social Engineering based Cyber Operations (사회공학 사이버작전을 고려한 사회공학 사이버킬체인 개념정립 연구)

  • Shin, Kyuyong;Kim, Kyoung Min;Lee, Jongkwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1247-1258
    • /
    • 2018
  • The Cyber Kill Chain originally proposed by Lockheed Martin defines the standard procedure of general cyber attacks and suggests tailored defensive actions per each step, eventually neutralizing the intent of the attackers. Defenders can effectively deal with Advanced Persistent Threat(APT)s which are difficult to be handled by other defensive mechanisms under the Cyber Kill Chain. Recently, however, social engineering techniques that exploits the vulnerabilities of humans who manage the target systems are prevail rather than the technical attacks directly attacking the target systems themselves. Under the circumstance, the Cyber Kill Chain model should evolve to encompass social engineering attacks for the improved effectiveness. Therefore, this paper aims to establish a definite concept of Cyber Kill Chain for social engineering based cyber attacks, called Social Engineering Cyber Kill Chain, helping future researchers in this literature.

Cyber kill chain strategy for hitting attacker origin (공격 원점지 타격을 위한 사이버 킬체인 전략)

  • Yoo, Jae-won;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.306-309
    • /
    • 2017
  • The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

  • PDF

Cyber kill chain strategy for hitting attacker origin (공격 원점 타격을 위한 사이버 킬체인 전략)

  • Yoo, Jae-won;Park, Dea-woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.11
    • /
    • pp.2199-2205
    • /
    • 2017
  • The development of modern ICT technology constitutes cyber world by using infrastructure in country and society. There is no border in cyber world. Countries around the world are carrying out cyber attacks for their own benefit. A cyber killer strategy is needed to defend cyber attacks. In order to defend the cyber attack or to determine the responsibility of attack, it is important to grasp the attacker origin point. Strategic cyber kill chains are needed to strike against the attacker origin. In this paper, we study the analysis of attacker origin. And analyze the cyber kill chain for attacker origin point strike. Study the efficient and customized cyber kill chain strategy for attacking the origin point. The cyber kill chain strategy will be a practical strategy to replace the power of nuclear and missiles with asymmetric power.

Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures

  • Bahrami, Pooneh Nikkhah;Dehghantanha, Ali;Dargahi, Tooska;Parizi, Reza M.;Choo, Kim-Kwang Raymond;Javadi, Hamid H.S.
    • Journal of Information Processing Systems
    • /
    • v.15 no.4
    • /
    • pp.865-889
    • /
    • 2019
  • The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

Detection of Abnormal Traffic by Pre-Inflow Agent (사전유입 에이전트가 발생하는 이상트래픽 탐지 방안)

  • Cho, Young Min;Kwon, Hun Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1169-1177
    • /
    • 2018
  • Modern society is a period of rapid digital transformation. This digital-centric business proliferation offers convenience and efficiency to businesses and individuals, but cyber threats are increasing. In particular, cyber attacks are becoming more and more intelligent and precise, and various attempts have been made to prevent these attacks from being discovered. Therefore, it is increasingly difficult to respond to such attacks. According to the cyber kill chain concept, the attacker penetrates to achieve the goal in several stages. We aim to detect one of these stages and neutralize the attack. In this paper, we propose a method to detect anomalous traffic caused by an agent attacking an external attacker, assuming that an agent executing a malicious action has been introduced in advance due to various reasons such as a system error or a user's mistake.

Cyber KillChain Based Security Policy Utilizing Hash for Internet of Things (해시를 활용한 사이버킬체인 기반의 사물인터넷 보안 정책)

  • Jeong, So-Won;Choi, Yu-Rim;Lee, Il-Gu
    • Journal of Digital Convergence
    • /
    • v.16 no.9
    • /
    • pp.179-185
    • /
    • 2018
  • Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

Efficient Operation Model for Effective APT Defense (효율적인 APT 대응 시스템 운영 모델)

  • Han, Eun-hye;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.501-519
    • /
    • 2017
  • With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

Cyber Weapon Model for the National Cybersecurity (국가사이버안보를 위한 사이버무기 모델 연구)

  • Bae, Si-Hyun;Park, Dae-Woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.2
    • /
    • pp.223-228
    • /
    • 2019
  • Recently, the United States has been trying to strengthen its cybersecurity by upgrading its position as an Unified Combatant Command that focuses on the Cyber Command in the United States, strengthening operations in cyberspace, and actively responding to cyber threats. Other major powers are also working to strengthen cyber capabilities, and they are working to strengthen their organization and power. The world demands economic power for its own interests rather than its own borders. But Cyber World is a world without borders and no defense. Therefore, a cyber weapon system is necessary for superiority in cyberspace (defense, attack) for national cybersecurity. In this paper, we analyze operational procedures for cyber weapons operation. And we design cyber weapons to analyze and develop the best cyber weapons to lead victory in cyberwarfare. It also conducts cyber weapons research to solve the confrontation between Cyber World.

A Study on the Insider Behavior Analysis Using Machine Learning for Detecting Information Leakage (정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구)

  • Kauh, Janghyuk;Lee, Dongho
    • Journal of the Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.2
    • /
    • pp.1-11
    • /
    • 2017
  • In this paper, we design and implement PADIL(Prediction And Detection of Information Leakage) system that predicts and detect information leakage behavior of insider by analyzing network traffic and applying a variety of machine learning methods. we defined the five-level information leakage model(Reconnaissance, Scanning, Access and Escalation, Exfiltration, Obfuscation) by referring to the cyber kill-chain model. In order to perform the machine learning for detecting information leakage, PADIL system extracts various features by analyzing the network traffic and extracts the behavioral features by comparing it with the personal profile information and extracts information leakage level features. We tested various machine learning methods and as a result, the DecisionTree algorithm showed excellent performance in information leakage detection and we showed that performance can be further improved by fine feature selection.

Analysis of Influencing Factors of Cyber Weapon System Core Technology Realization Period (사이버 무기체계 핵심기술 실현시기의 영향 요인 분석)

  • Lee, Ho-gyun;Lim, Jong-in;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.281-292
    • /
    • 2017
  • It is demanded to promote research and development of cyber weapons system and core technology in response to the ongoing cyber attack of North Korea. In this paper, core technologies of the future cyber weapon system are developed and the factors affecting the realization timing of core technologies were analyzed. 9 core technology groups and 36 core technologies are derived. Afterwards, these core technology groups are compared to the operation phase of the joint cyber warfare guideline and the cyber kill chain of Lockheed Martin. As a result of the comparison, it is confirmed that the core technology groups cover all phases of the aforementioned tactics. The results of regression analyses performed on the degree of influence by each factor regarding the moment of core technology realization show that the moment of core technology realization approaches more quickly as factors such as technology level of the most advanced country, technology level of South Korea, technology transfer possibility from the military sector to the non-military sector(spin-off factor), and technology transfer possibility from the non-military sector to the military sector(spin-on factor) increase. On the contrary, the moment of core technology realization is delayed as the degree at which the advanced countries keep their core technologies from transferring decrease. The results also confirm that the moment of core technology realization is not significantly correlated to the economic ripple effect factor. This study is meaningful in that it extract core technologies of cyber weapon system in accordance with revision of force development directive and join cyber warfare guideline, which incorporated cyber weapon system into formal weapon system. Furthermore, the study is significant because it indicates the influential factor of the moment of core technology realization.