Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Research on System Architecture and Methodology based on MITRE ATT&CK for Experiment Analysis on Cyber Warfare Simulation

  • Ahn, Myung Kil (School of Electrical and Electronics Engineering, Chung-Ang University) ;
  • Lee, Jung-Ryun (School of Electrical and Electronics Engineering, Chung-Ang University)
  • Received : 2020.07.20
  • Accepted : 2020.08.10
  • Published : 2020.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a system architecture and methodology based on cyber kill chain and MITRE ATT&CK for experiment analysis on cyber warfare simulation. Threat analysis is possible by applying various attacks that have actually occurred with continuous updates to reflect newly emerging attacks. In terms of cyber attack and defense, the current system(AS-IS) and the new system(TO-BE) are analyzed for effectiveness and quantitative results are presented. It can be used to establish proactive cyber COA(Course of Action) strategy, and also for strategic decision making. Through a case study, we presented the usability of the system architecture and methodology proposed in this paper. The proposed method will contribute to strengthening cyber warfare capabilities by increasing the level of technology for cyber warfare experiments.

본 논문에서는 사이버 전투실험 분석이 가능한 사이버 킬체인 및 MITRE ATT&CK 기반의 시스템 구성 및 분석 방법론을 제안한다. 사이버 킬체인을 기반으로 공격 과정을 모의하고, MITRE ATT&CK를 기반으로 공격 목적 및 구체적인 공격 방법을 적용하여, 실제 발생한 다양한 공격 및 새롭게 등장할 공격에 대한 시스템 위협 분석이 가능하도록 한다. 또한, 현 시스템(AS-IS)과 새로운 대응 시스템이 적용될 경우(TO-BE)에 대한 사이버 공격 및 대응 측면의 효과도 분석을 정량적으로 제시하여, 선제적 방어방책 및 소요 반영을 위한 의사결정에도 활용이 가능하다. 제안하는 시스템 및 방법론의 활용성을 제시하기 위해, 테스트베드 환경에서 프로토타입을 구축하고 사례 연구를 수행하였다. 제안된 방안은 사이버 전투실험의 기술 수준을 높여 사이버전 역량 강화에 기여할 것으로 기대한다.

Keywords

References

  1. Ryu Young ki, "Systematic Analysis technique for Determining ROCs", Kongju University Doctoral Thesis, 2011.
  2. Symantec, "2019 Internet Security Threat Report", Volume 24, February 2019.
  3. AhnLab, "ASEC REPORT", Vol.98, 2020.
  4. Gartner Research, "Gartner's Top 10 Strategic Technology Trends for 2017", October 2016.
  5. S. Hassell, P. Beraud, A. Cruz, G. Ganga, S. Martin, J. Toennies, P. Vazquez, G. Wright, D. Gomez, F. Pietryka, N. Srivastava, T. Hester, D. Hyde, and B. Mastropietro, "Evaluating network cyber resiliency methods using cyber threat, vulnerability and defense modeling and simulation,", 2012 IEEE Military Communications Conference, pp.1-6, Orlando, FL, USA, Oct. 2012, DOI: 10.1109/MILCOM.2012.6415565.
  6. Myung Kil Ahn, and Yong Hyun Kim, "Research on System Architecture and Simulation Environment for Cyber Warrior Training", Journal of The Korea Institute of Information Security & Cryptology, VOL.26, NO.2, pp. 533-540, Apr. 2016, DOI:10.13089/JKIISC.2016.26.2.533.
  7. United States. Joint Chiefs of Staff, "Joint Tactics, Techniques, and Procedures for Joint Intelligence Preparation of the Battlespace", JP 2-01.3, 2000.
  8. E. M. Hutchins, M. J. Cloppert, and R. M. Amin, "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains", Leading Issues in Information Warfare & Security Research, vol. 1, p. 80, 2011.
  9. MITRE, ATT&CK, Available at https://attack.mitre.org.
  10. Jungyun Kwon, Soomin Han, Sangyun Choe, Hanil Jeong, "A Study on Developing Performance Evaluation System Using Delphi Technique and Analytic Hierarchy Process", Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, Vol.6, No.9, pp. 99-110, September 2016, DOI:10.14257/AJMAHS.2016.09.40
  11. MITRE, CVE, Available at http://cve.mitre.org/
  12. ECSIRT, IODEF/IDMEF Solutions, Available at http://www.ecsirt.net/service/products.html
  13. I. Kotenko, A. Chechulin, "A Cyber Attack Modeling and Impact Assessment Framework", Proceedings of the 5th International Conference on Cyber Conflict 2013 (CyCon 2013), pp.119-142, Tallinn, Estonia, July 2013.
  14. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J., "Cauldron: Mission-Centric Cyber Situational Awareness with Defense in Depth", MILCOM 2011 Military Communications Conference, Baltimore, USA, Nov. 2011, DOI:10.1109/MILCOM.2011.6127490.
  15. H. Al-Mohannadi, Q. Mirza, A. Namanya, I. Awan, A. Cullen, J. Disso, "Cyber-attack modeling analysis techniques: An overview", 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp.69-76, Vienna, Austria, Aug. 2016, DOI:10.1109/W-FiCloud.2016.29
  16. AttackIQ, Available at https://attackiq.com/
  17. SafeBreach, Available at https://safebreach.com/

Cited by

  1. APT 공격 사례 분석을 통한 사이버 킬체인과 TTP에 대한 연구 vol.20, pp.4, 2020, https://doi.org/10.33778/kcsa.2020.20.4.091