Journal of Internet of Things and Convergence (사물인터넷융복합논문지)

The Korea Internet of Things Society (한국사물인터넷학회)
권호 표지
DOI QR코드

DOI QR Code

Indicators of Compromise Data Generation Method for Malware on Cyber Incident Occurrence in IoT Environments

사물인터넷 환경에서 침해사고 발생시 Malware에 대한 침해지표 데이터 생성 방법

  • Hyung-Woo Lee (School of Computing and Artificial Intelligence, Hanshin University)
  • 이형우 (한신대학교 컴퓨터공학부 )
  • Received : 2023.06.02
  • Accepted : 2023.07.28
  • Published : 2023.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

As cyber attacks become more intelligent and advanced, cyber attacks targeting heterogeneous systems such as Internet of Things (IoT) devices are increasing. There is a need for a technique to share detailed threat information about the incident attack. In the event of an infringement incident, a technique that can express digital forensic artifacts collected from heterogeneous IoT devices as indicators of compromise (IoC) and share them must be established. In particular, when malicious code is executed targeting various IoT devices, an efficient IoC generation method to express cyber threat information and share it among CTI systems must be presented. Therefore, in this study, the existing IoC creation method and expression method were analyzed. A classification system for generating IoC for malware and an efficient and standardized expression method were presented. Based on the proposed IoC expression and standardization method, it is expected that it will be able to actively respond to intelligent attacks when establishing an accident management framework.

사이버 공격이 지능화·고도화됨에 따라 사물인터넷(IoT) 기기 등 이기종 시스템을 대상으로 한 사이버 공격이 발생하였을 경우 해당 침해사고 공격에 대한 상세 위협 정보를 공유할 수 있는 기법이 필요하다. 침해사고 발생시 이기종 IoT 기기로부터 수집된 디지털 포렌식 아티팩트를 침해지표(Indicators of Compromise : IoC)로 표현하고 이를 공유할 수 있는 기법이 구축되어야 한다. 특히 각종 IoT 기기를 대상으로 악성코드가 실행될 경우 사이버 위협 정보를 표현하고 CTI 시스템 간에 공유하기 위한 효율적인 침해지표 생성 방법이 제시되어야 한다. 이에 본 연구에서는 기존의 침해지표 생성 방식 및 표현 방식에 대해 분석하여 Malware에 대한 침해지표 데이터를 생성하기 위한 분류체계 및 효율적이고 규격화된 표현 방식을 제시하였다. 앞으로 제시된 침해지표 표현 및 규격화 방안을 토대로 사고관리 프레임워크 구축 시 지능화된 공격에 능동적으로 대응할 수 있을 것을 기대된다.

Keywords

Acknowledgement

이 논문은 한신대학교 학술연구비 지원에 의하여 연구되었음

References

  1. Abu, S.; Selamat, S.R.; Yusof, R.; Ariffin, A., "An Enhancement of Cyber Threat Intelligence Framework", J. Adv. Res. Dyn. Control. Syst, 10, pp.96-104, 2018. 
  2. Harrington, C., "Sharing indicators of compromise: An overview of standards and formats", Emc Crit. Incid. Response Cent. 2013. 
  3. Brown, R.; Lee, R.M. The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey; SANS Institute: Bethesda, MA, USA, 2019. 
  4. A. Pala and J. Zhuang, "Information sharing in cybersecurity: A review," Decis. Anal., Vol.16, No.3, pp. 172-196, 2019.  https://doi.org/10.1287/deca.2018.0387
  5. S. Ghernaouti, L. Cellier, and B. Wanner, "Information sharing in cybersecurity : Enhancing security, trust and privacy by capacity building," 2019 3rd Cyber Secur. Netw. Conf. CSNet, pp.58-62, 2019. 
  6. Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C., "Guide to Cyber Threat Information Sharing", NIST Special Publication 800-150, 2016 
  7. Mavroeidis, V., Bromander, S., "Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence", Intelligence and Security Informatics Conference (EISIC), pp.91-98, 2017 
  8. Burger, E. W., Goodman, M. D., Kampanakis, P., Zhu, K. A., "Taxonomy model for cyber threat intelligence information exchange technologies", ACM Workshop on Information Sharing & Collaborative Security, pp.51-60. 2017. 
  9. Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E., "Cyber threat intelligence sharing: Survey and research directions", Computers & Security Vol.87, pp.1-13, 2019.  https://doi.org/10.1016/j.cose.2019.101589
  10. Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis, "A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues", IEEE Communications Surveys & Tutorials, Vol.22, No.2, pp.1191-1221, 2020.  https://doi.org/10.1109/COMST.2019.2962586
  11. C. Beaman, A. Barkworth, T. D. Akande, S. Hakak, M. H. Khan, "Ransomware: Recent advances, analysis, challenges and future research directions", Computer & Security, Vol.111, 2021. 
  12. H. W. Lee, "Cryptography Module Detection and Identification Mechanism on Malicious Ransomware Software", Journal of Internet of Things and Convergence, Vol.9, No.1, pp.1-7, 2023.  https://doi.org/10.20465/KIOTS.2023.9.1.001
  13. T. Y. Kim, K. Han, S. O. Hwang, "A New Association Rule Mining based on Coverage and Exclusion for Network Intrusion Detection", Journal of Internet of Things and Convergence, Vol.9, No.1, pp.77-87, 2023.  https://doi.org/10.20465/KIOTS.2023.9.1.077
  14. H. W. Lee, "Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM Model Analysis of AI-Based Water Pipeline Improved Decision", Journal of Internet of Things and Convergence, Vol.8, No.5, pp.1-10, 2022.  https://doi.org/10.20465/KIOTS.2022.8.5.001
  15. J. K. Park, J. Kim, "Comparison of encryption algorithm performance between low-spec IoT devices", Journal of Internet of Things and Convergence, Vol.8, No.1, pp.79-85, 2022.  https://doi.org/10.20465/KIOTS.2022.8.1.079
  16. Open IOC: Back to the Basics, Mandiant, https://www.mandiant.com/resources/blog/openioc-basics 
  17. C-TAS, Cyber Threat Analysis and Sharing System, https://cshare.krcert.or.kr:8443/index 
  18. FSEC, Financial Security Institute API, https://www.fsec.or.kr