• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.12
• /
• pp.2753-2762
• /
• 2013

Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.275-278
• /
• 2013

Log is a file system, a system that uses all remaining data. Want situation now being issued in the IT, media Nate on information disclosure, the press agency server hack by numbness crime occurred. Hacking crisis that's going through this log analysis software professionally for professional analysis is needed. The present study, about APT attacks happening intelligently Log In case of more than traceback in advance to prevent the technology to analyze the pattern for log analysis techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.491-498
• /
• 2014

Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.87-99
• /
• 2022

Cyber attacks have become more difficult to detect and track as sophisticated and advanced APT attacks increase. System providence graphs provide analysts of cyber security with techniques to determine the origin of attacks. Various system provenance graph techniques have been studied to reveal the origin of penetration against cyber attacks. In this study, we investigated various system provenance graph techniques and described about data collection and analysis techniques. In addition, based on the results of our survey, we presented some future research directions.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.3
• /
• pp.189-194
• /
• 2020

Most cyber breaches are caused by APT attacks using malware. Hackers use the email system as a medium to penetrate the target. It uses e-mail as a method to access internally, destroys databases using long-term collected vulnerabilities, and illegally acquires personal information through system operation and ransomware. As such, the e-mail system is the most friendly and convenient, but at the same time operates in a blind spot of security. As a result, personal information leakage accidents can cause great damage to the company and society as a whole. This study intends to suggest an effective methodology to securely manage the APT attack by strengthening the security configuration of the e-mail system operating in the enterprise.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.1-13
• /
• 2022

As the information and communication environment develops, the environment of military facilities is also development remarkably. In proportion to this, cyber threats are also increasing, and in particular, APT attacks, which are difficult to prevent with existing signature-based cyber defense systems, are frequently targeting military and national infrastructure. It is important to identify attack groups for appropriate response, but it is very difficult to identify them due to the nature of cyber attacks conducted in secret using methods such as anti-forensics. In the past, after an attack was detected, a security expert had to perform high-level analysis for a long time based on the large amount of evidence collected to get a clue about the attack group. To solve this problem, in this paper, we proposed an automation technique that can classify an attack group within a short time after detection. In case of APT attacks, compared to general cyber attacks, the number of attacks is small, there is not much known data, and it is designed to bypass signature-based cyber defense techniques. As an attack model, we used MITRE ATT&CK® which modeled many parts of cyber attacks. We design an impact score considering the versatility of the attack techniques and proposed a group similarity score based on this. Experimental results show that the proposed method classified the attack group with a 72.62% probability based on Top-5 accuracy.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

• Journal of Digital Contents Society
• /
• v.19 no.2
• /
• pp.327-334
• /
• 2018

When a PC is infected with a malicious code, it communicates with the control and command (C&C) server and, by the attacker's instructions, spreads to the internal network and acquires information. The company focuses on preventing attacks from the outside in advance, but malicious codes aiming at APT attacks are infiltrated into the inside somehow. In order to prevent the spread of the damage, it is necessary to perform internal monitoring to detect a PC that is infected with malicious code and attempts to communicate with the C&C server. In this paper, a destination IP monitoring method is proposed in this paper using Bloom filter to quickly and effectively check whether the destination IP of many packets is in the blacklist.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.6
• /
• pp.65-73
• /
• 2011

As we can see from the recent cyber attack, APT(Advanced Persistent Threat) is trend of hacking attack in the World. Thus, HTTP Get Flooding attack is considered to be one of the most successful attacks in cyber attack method. In this paper, designs and implements new technique for the cyber attack using HTTP get flooding technology. also, I need a defence about DDoS attack through APT Tools.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.