• Journal of Convergence Society for SMB
• /
• v.6 no.1
• /
• pp.17-23
• /
• 2016

Recently, Internet services via various devices including smartphone have become available. Because of the development of ICT, numerous hacking incidents have occurred and most of those attacks turned out to be APT attacks. APT attack means an attack method by which a hacker continues to collect information to achieve his goal, and analyzes the weakness of the target and infects it with malicious code, and being hidden, leaks the data in time. In this paper, we examine the information collection method the APT attackers use to invade the target system in a short time using big data, and we suggest and evaluate the countermeasure to protect against the attack method using big data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.215-223
• /
• 2019

The recent trend of cyber attack threat is mainly APT (Advanced Persistent Threat) attack. This attack is a combination of hacking techniques to try to steal important information assets of a corporation or individual, and social engineering hacking techniques aimed at human psychological factors. Spear phishing attacks, one of the most commonly used APT hacking techniques, are known to be easy to use and powerful hacking techniques, with more than 90% of the attacks being a key component of APT hacking attacks. The existing research for cyber security threat defense is mainly focused on the technical and policy aspects. However, in order to preemptively respond to intelligent hacking attacks, it is necessary to study different aspects from the viewpoint of social engineering. In this study, we analyze the correlation between human personality type (DISC) and cyber security threats, focusing on spear phishing attacks, and present countermeasures against security threats from a new perspective breaking existing frameworks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.449-451
• /
• 2021

Cyber-attacks targeting endpoints have developed sophisticatedly into targeted and intelligent attacks, Advanced Persistent Threat (APT) targeting the Industrial Internet of Things (IIoT) has increased accordingly. Machine learning-based Endpoint Detection and Response (EDR) solutions combine and complement rule-based conventional security tools to effectively defend against APT attacks are gaining attention. However, universal EDR solutions have a high false positive rate, and needs high-level analysts to monitor and analyze a tremendous amount of alerts. Therefore, the process of optimizing machine learning-based EDR solutions that consider the characteristics and vulnerabilities of IIoT environment is essential. In this study, we analyze the flow and impact of IIoT targeted APT cases and compare the method of machine learning-based APT detection EDR solutions.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.3-8
• /
• 2011

Advanced Persistent Threat (APT), aims a specific business or political targets, is rapidly growing due to fast technological advancement in hacking, malicious code, and social engineering techniques. One of the most important characteristics of APT is persistence. Attackers constantly collect information by remaining inside of the targets. Enterprise Security Management (EMS) system can misidentify APT as normal pattern of an access or an entry of a normal user as an attack. In order to analyze this misidentification, a new system development and a research are required. This study suggests the way of forecasting APT and the effective countermeasures against APT attacks by categorizing misidentified data in data-mining through threshold ratings. This proposed technique can improve the detection of future APT attacks by categorizing the data of long-term attack attempts.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.317-320
• /
• 2016

The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and Classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on December in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attack thus far. Therefore, we will use big data analytics to analyze whether or not APT attack has occurred in order to defend against the manipulative attackers. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean defense system. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attack and evaluate the models' accuracy and other results. Lastly, we will present an effective response method to address a detected APT attack.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.287-294
• /
• 2016

APT attack aimed at the interruption of information and communication facilities and important information leakage of companies. it performs an attack using zero-day vulnerabilities, social engineering base on collected information, such as IT infra, business environment, information of employee, for a long period of time. Fragmentary response to cyber threats such as malware signature detection methods can not respond to sophisticated cyber-attacks, such as APT attacks. In this paper, we propose a cyber intrusion detection model for countermeasure of APT attack by utilizing heterogeneous system log into big-data. And it also utilizes that merging pattern-based detection methods and abnormality detection method.

• Journal of Convergence Society for SMB
• /
• v.5 no.2
• /
• pp.1-6
• /
• 2015

Small and medium-sized companies lack countermeasures to secure the safety of a information system. In this circumstance, they have difficulties regarding the damage to their images and legal losses, when the information is leaked. This paper examines the information leakage of the system and hacking methods including APT attacks. Especially, APT attack, Advanced Persistent Threats, means that a hacker sneaks into a target and has a latency period of time and skims all the information related to the target, and acts in the backstage and neutralize the security services without leaving traces. Because he attacks the target covering up his traces not to reveal them, the victim remains unnoticed, which increases the damage. This study examines attack methods and the process of them and seeks a countermeasure.