• Title/Summary/Keyword: APT Attack

Search Result 76, Processing Time 0.027 seconds

A Study on Schema Of Recent APT Attack And Plan For Reaction (최근 APT 공격의 형태 및 대응 방안 연구)

  • Ho, Im Wan;Im, Hyungjin;Park, Jong Hyuk
    • Annual Conference of KIPS
    • /
    • 2015.04a
    • /
    • pp.421-423
    • /
    • 2015
  • 인터넷을 통한 악성코드의 확산이 나날이 증가하고 있는 가운데 특정 대상을 목표로 하여 지능적이고 지속적으로 공격하는 Advanced Persistent threat(APT) 공격이 이슈가 되고 있다. APT 공격은 특정 시스템을 목표로 하여 공격하기 때문에, 실제 공격이 성공 했을 시에는 그 피해가 더 치명적일 수 있다. 본 논문에서는 APT공격의 정의를 살펴보며, 최근에 발생하는 일반적인 APT 공격의 형태와 그 대응 방안에 대해 논의한다.

Cyberattack Tracing System Operational Architecture (사이버공격 추적시스템 운용아키텍처)

  • Ahn, Jae-hong
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.26 no.2
    • /
    • pp.179-187
    • /
    • 2023
  • APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. 'Cyberattack Tracing System' allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.

The IOA-Based Intelligent Information Protection System for Response of Advanced Persistent Threats (IOA 기반의 지능형지속위협 대응 위한 지능형 정보보호시스템)

  • Ryu, Chang-su
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.11
    • /
    • pp.2067-2072
    • /
    • 2016
  • Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

Efficient Operation Model for Effective APT Defense (효율적인 APT 대응 시스템 운영 모델)

  • Han, Eun-hye;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.501-519
    • /
    • 2017
  • With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

A Precursor Phenomena Analysis of APT Hacking Attack and IP Traceback (APT 해킹 공격에 대한 전조현상 분석 및 IP역추적)

  • Noh, Jung Ho;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.275-278
    • /
    • 2013
  • Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

  • PDF

Preprocessor Implementation of Open IDS Snort for Smart Manufacturing Industry Network (스마트 제조 산업용 네트워크에 적합한 Snort IDS에서의 전처리기 구현)

  • Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1313-1322
    • /
    • 2016
  • Recently, many virus and hacking attacks on public organizations and financial institutions by internet are becoming increasingly intelligent and sophisticated. The Advanced Persistent Threat has been considered as an important cyber risk. This attack is basically accomplished by spreading malicious codes through complex networks. To detect and extract PE files in smart manufacturing industry networks, an efficient processing method which is performed before analysis procedure on malicious codes is proposed. We implement a preprocessor of open intrusion detection system Snort for fast extraction of PE files and install on a hardware sensor equipment. As a result of practical experiment, we verify that the network sensor can extract the PE files which are often suspected as a malware.

Design for Zombie PCs and APT Attack Detection based on traffic analysis (트래픽 분석을 통한 악성코드 감염PC 및 APT 공격탐지 방안)

  • Son, Kyungho;Lee, Taijin;Won, Dongho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.491-498
    • /
    • 2014
  • Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis (네트워크 트래픽 분석을 이용한 연쇄적 사이버공격 트래픽의 발생원 추적 방법)

  • Goo, Young-Hoon;Choi, Sun-Oh;Lee, Su-Kang;Kim, Sung-Min;Kim, Myung-Sup
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.41 no.12
    • /
    • pp.1771-1779
    • /
    • 2016
  • In these days, the world is getting connected to the internet like a sophisticated net, such an environment gives a suitable environment for cyber attackers, so-called cyber-terrorists. As a result, a number of cyber attacks has significantly increased and researches to find cyber attack traffics in the field of network monitoring has also been proceeding. But cyber attack traffics have been appearing in new forms in every attack making it harder to monitor. This paper suggests a method of tracking down cyber attack traffic sources by defining relational information flow of traffic data from highest cascaded and grouped relational flow. The result of applying this cyber attack source tracking method to real cyber attack traffic, was found to be reliable with quality results.

Analysis of the 2013.3.20 South Korea APT Attack

  • Marpaung, Jonathan A.P.;Kim, Ki Hawn;Park, JeaHoon;Kim, ChangKyun;Lee, HoonJae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.249-252
    • /
    • 2013
  • The recent cyber attacks paralyzed several major banking services, broadcasters, and affected the services of a telecommunications provider. Media outlets classified the attack as cyber terror and named it an Advanced Persistant Threat. Although the attack significantly disrupted these services for at least one day, various components used in the attack were not new. Previous major cyber attacks towards targets in South Korea employed more advanced techniques thus causing greater damage. This paper studies the anatomy of the recent 2013.3.20 attack, studies the technical sophistication of the malware and attack vectors used compared with previous attacks.

  • PDF

A Study on Effective Countermeasures against E-mail Propagation of Intelligent Malware (지능형 악성코드의 이메일 전파에 대한 효과적인 대응 방안에 관한 연구)

  • Lee, Eun-Sub;Kim, Young-Kon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.3
    • /
    • pp.189-194
    • /
    • 2020
  • Most cyber breaches are caused by APT attacks using malware. Hackers use the email system as a medium to penetrate the target. It uses e-mail as a method to access internally, destroys databases using long-term collected vulnerabilities, and illegally acquires personal information through system operation and ransomware. As such, the e-mail system is the most friendly and convenient, but at the same time operates in a blind spot of security. As a result, personal information leakage accidents can cause great damage to the company and society as a whole. This study intends to suggest an effective methodology to securely manage the APT attack by strengthening the security configuration of the e-mail system operating in the enterprise.