Journal of Internet of Things and Convergence (사물인터넷융복합논문지)

The Korea Internet of Things Society (한국사물인터넷학회)
권호 표지
DOI QR코드

DOI QR Code

IoT System Cyber Threat Information Sharing Method

IoT 시스템을 대상으로 한 침해사고 위협 정보 공유 방법

  • Hyung-Woo Lee (School of Computing and Artificial Intelligence, Hanshin University)
  • 이형우 (한신대학교 컴퓨터공학부 )
  • Received : 2023.08.26
  • Accepted : 2023.10.03
  • Published : 2023.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In order to proactively respond to increasingly intelligent and sophisticated cyber-attacks targeting heterogeneous IoT systems, there is a need for techniques that efficiently share threat information collected when intrusion incidents occur. Techniques should be presented for generating various IoC(Indicators of Compromise) information from various digital forensic artifacts collected from various IoT devices, and for sharing this information through CTI(Cyber Threat Intelligence) systems such as MISP. In this study, when various artifacts are collected upon intrusion incidents in IoT devices, we propose a method for generating detailed attack information as IoCs and sharing threat information efficiently by applying the Hub & Spoke model in CTI systems like MISP. The application of the proposed threat information sharing model is expected to enhance response time and detection performance in the cyber incident analysis process, thus improving the ability to detect and respond to intelligent cyber-attacks targeting IoT devices.

이기종 IoT 시스템을 대상으로 점차 지능화·고도화되는 사이버 공격에 능동적으로 대응하기 위해서 침해사고 발생 시 수집되는 위협정보를 효율적으로 공유할 수 있는 기법이 필요하다. 각종 IoT 기기 등으로부터 수집된 각종 디지털 포렌식 아티팩트를 IoC 정보로 생성한 후에 이를 MISP 등과 같은 CTI 시스템을 통해 공유할 수 있는 기법이 제시되어야 한다. 이에 본 연구에서는 IoT 기기를 대상으로 침해사고 발생 시 각종 아티팩트가 수집되면 상세 공격 정보를 침해지표(IoC)로 생성하고 MISP와 같은 CTI 시스템에서 Hub&Spoke 모델을 적용하여 위협정보를 공유하여 잠재적인 위협 행위에 효율적으로 대응할 수 있는 방법을 제안하였다. 제안한 위협정보 공유 모델을 적용할 경우 사이버 침해사고 분석 과정 시 대응 시간 및 검출 성능을 향상시킬 수 있어 최근 급증하고 있는 IoT 기기를 대상으로 한 지능형 사이버 공격에 대한 탐지/대응 능력을 더욱더 향상시킬 수 있을 것으로 기대된다.

Keywords

Acknowledgement

이 논문은 한신대학교 학술연구비 지원에 의하여 연구되었음

References

  1. Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C., "Guide to Cyber Threat Information Sharing", NIST Special Publication 800-150, 2016. 
  2. Vasil Rizov, "Information Sharing for Cyber Threats", International Journal of Information Security, Vol.39, No.1, pp.43-50, 2018.  https://doi.org/10.11610/isij.3904
  3. A. Pala, J. Zhuang, "Information sharing in cybersecurity: A review," Decis. Anal., Vol.16, No.3, pp.172-196, 2019.  https://doi.org/10.1287/deca.2018.0387
  4. S. Ghernaouti, L. Cellier, and B. Wanner, "Information sharing in cybersecurity : Enhancing security, trust and privacy by capacity building," 2019 3rd Cyber Security in Networking Conference (CSNet), pp.58-62, 2019. 
  5. Wagner, T.D., Mahbub, K., Palomar, E. and Abdallah, A.E., "Cyber threat intelligence sharing: Survey and research directions", Computers & Security Vol.87, pp.1-13, 2019. 
  6. D. Preuveneers, W. Joosen, J. B. Bernabe and A. Sharmeta, "Distributed Security Framework for Reliable Threat Intelligence Sharing", Security and Communication Networks, Vol.2022, Article ID 8833765, Hindawi, 2022. 
  7. R. Brown, R. M. Lee, "SANS Cyber Treat Intelligence (CTI) Survey," SANS Institute, Scandinavia, UK, 2021, https://www.sans.org/white-papers/40080/Tech.Rep. 
  8. S. Abu, S.R. Selamat, R. Yusof and A. Ariffin, "An Enhancement of Cyber Threat Intelligence Framework", J. Adv. Res. Dyn. Control. Syst, 10, pp.96-104, 2018. 
  9. Mavroeidis, V., Bromander, S., "Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence", Intelligence and Security Informatics Conference (EISIC), pp.91-98, 2017. 
  10. T. D. Wagner, E. Palomar, K. Mahbub and A. E. Abdallah, "A Novel Trust Taxonomy for Shared Cyber Threat Intelligence", Security and Communication Networks, Vol.2018, Article ID 9634507, Hindawi, 2018. 
  11. MISP Threat Sharing, https://www.misp-project.org 
  12. OpenCTI, https://filigran.io/solutions/products/opencti-threat-intelligence/
  13. Burger, E. W., Goodman, M. D., Kampanakis, P. and Zhu, K. A., "Taxonomy model for cyber threat intelligence information exchange technologies", ACM Workshop on Information Sharing & Collaborative Security, pp.51-60. 2017. 
  14. Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis, "A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues", IEEE Communications Surveys & Tutorials, Vol.22, No.2, pp.1191-1221, 2020.  https://doi.org/10.1109/COMST.2019.2962586
  15. STIX(TM) Version 2.0. https://www.oasis-open.org/standard/stix2-0/
  16. H. W. Lee, "Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM Model", Journal of Internet of Things and Convergence, Vol.8, No.5, pp.1-10, 2022.  https://doi.org/10.20465/KIOTS.2022.8.5.001
  17. H. W. Lee, "Indicators of Compromise Data Generation Method for Malware on Cyber Incident Occurrence in IoT Environments", Journal of Internet of Things and Convergence, Vol.9, No.4, pp.1-8, 2023.  https://doi.org/10.20465/KIOTS.2023.9.4.001
  18. MITRE ATT&CK, https://attack.mitre.org