DOI QR코드

DOI QR Code

Automated Cyber Threat Emulation Based on ATT&CK for Cyber Security Training

  • Kim, Donghwa (Dept. of Computer and Radio Communications Engineering, Korea University) ;
  • Kim, Yonghyun (The 2nd R&D Institute, Agency for Defense Development) ;
  • Ahn, Myung-Kil (School of Electrical and Electronics Engineering, Chung-Ang University) ;
  • Lee, Heejo (Dept. of Computer Science and Engineering, Korea University)
  • 투고 : 2020.07.29
  • 심사 : 2020.09.05
  • 발행 : 2020.09.29

초록

사회가 초연결 사회가 되어 갈수록 우리는 더 많은 사이버 보안 전문가들이 필요하다. 이를 위해 본 논문에서는 실제 사이버 공격에 대한 분석결과와 MITRE ATT&CK 프레임워크를 바탕으로 사이버 모의 위협을 모델링하고 실제 사이버 보안 훈련 시스템에서 모의 된 사이버 위협을 생성할 수 있는 CyTEA를 개발하였다. 모의 된 사이버 위협이 실제 사이버 위협 수준의 유효성을 갖는지를 확인하기 위해 절차적, 환경적, 결과적 유사성을 기준으로 모의 수준을 알아보고 또 실제 사이버 보안 훈련 시스템에서 모의 위협을 실행하면서 방어훈련 시 예상되는 위협의 실제 위협실행 결과와 모의 위협의 실행 결과가 동일하여 실제 사이버 위협에 준하는 훈련을 가능함을 확인하였다.

As societies become hyperconnected, we need more cyber security experts. To this end, in this paper, based on the analysis results of the real world cyber attacks and the MITRE ATT&CK framework, we developed CyTEA that can model cyber threats and generate simulated cyber threats in a cyber security training system. In order to confirm whether the simulated cyber threat has the effectiveness of the actual cyber threat level, the simulation level was examined based on procedural, environmental, and consequential similarities. in addition, it was confirmed that the actual defense training using cyber simulation threats is the same as the expected defense training when using real cyber threats in the cyber security training system.

키워드

참고문헌

  1. Hong, Suyoun, Kwangsoo Kim, and Taekyu Kim. "The Design and Implementation of Simulated Threat Generator based on MITRE ATT&CK for Cyber Warfare Training." Journal of the Korea Institute of Military Science and Technology Vol. 22, No. 6, pp. 797-805, Nov. 2019 https://doi.org/10.9766/KIMST.2019.22.6.797
  2. Hyunjin Lee, Youngu Kim, Myung Kil Ahn, "Method for Cyber Attack Scenario Composition using MITRE ATT&CK", Annual Conference of IEIE 2020, Vol 42, pp. 1103-1104, Jeju, Korea, Jun. 2019
  3. D. H Kim, Y. H. Kim, W. S. Cho, D. S. Kim, J. Y. Kim, Y. H. Kim, M. K. Ahn, C. W. Lee, D. H. Lee, "Software Design Description(SDD) for LVT of Cyber warfare Modeling Technology using LVC(CMT)", Agency for Defense Development, 314pages, 2017
  4. Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). Mitre att&ck: Design and philosophy. Technical report.
  5. ATT&CK framework, https://attack.mitre.org/
  6. Cyber attack group, https://attack.mitre.org/groups/
  7. Cross, J. "Operation Dust Storm, Feb. 2016
  8. Bruskin S., Zilberman P., Puzis R., Shwarz S., "SoK: A Survey of Open Source Threat Emulators", arxiv preprint arXiv:2003.01518, 2020
  9. Red Team Automation, https://github.com/endgameinc/RTA
  10. Lee, J.Y., Moon, D.S., Kim, I.K., "Technological Trends in Cyber Attack Simulations", Electronics and Telecommunications Trends, 35(1), pp. 34-48, 2020 https://doi.org/10.22648/ETRI.2020.J.350104
  11. Andy Applebaum, Doug Miller, Blake Strom, Chris Korban, and Orss Wolf, "Intelligent, Automated Red Team Emulation", In Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC '16, pp 363-373, 2016
  12. Atomic Red Team, https://atomicredteam.io/
  13. Ferguson, Bernard, Anne Tall, and Denise Olsen, "National cyber range overview", In 2014 IEEE Military Communications Conference, pp. 123-128, IEEE, 2014
  14. Pham, Cuong, Dat Tang, Ken-ichi Chinen, and Razvan Beuran, "Cyris: A cyber range instantiation system for facilitating security training.", In Proceedings of the Seventh Symposium on Information and Communication Technology, pp. 251-258, 2016
  15. Yoo, J. D., Park, E., Lee, G., Ahn, M. K., Kim, D., Seo, S., & Kim, H. K. "Cyber Attack and Defense Emulation Agents", Applied Sciences, 10(6), 2140, 2020 https://doi.org/10.3390/app10062140
  16. AttackIQ, https://attackiq.com/
  17. Cymulate, https://cymulate.com/