• Title/Summary/Keyword: Mitre ATT&CK

Search Result 22, Processing Time 0.014 seconds

3-Step Security Vulnerability Risk Scoring considering CVE Trends (CVE 동향을 반영한 3-Step 보안 취약점 위험도 스코어링)

  • Jihye, Lim;Jaewoo, Lee
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.27 no.1
    • /
    • pp.87-96
    • /
    • 2023
  • As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

Reinforcement Learning-Based APT Attack Response Technique Utilizing the Availability Status of Assets (방어 자산의 가용성 상태를 활용한 강화학습 기반 APT 공격 대응 기법)

  • Hyoung Rok Kim;Changhee Choi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.6
    • /
    • pp.1021-1031
    • /
    • 2023
  • State-sponsored cyber attacks are highly impactful because they are carried out to achieve pre-planned goals. As a defender, it is difficult to respond to them because of the large scale of the attack and the possibility that unknown vulnerabilities may be exploited. In addition, overreacting can reduce the availability of users and cause business disruption. Therefore, there is a need for a response policy that can effectively defend against attacks while ensuring user availability. To solve this problem, this paper proposes a method to collect the number of processes and sessions of defense assets in real time and use them for learning. Using this method to learn reinforcement learning-based policies on a cyber attack simulator, the attack duration based on 100 time-steps was reduced by 27.9 time-steps and 3.1 time-steps for two attacker models, respectively, and the number of "restore" actions that impede user availability during the defense process was also reduced, resulting in an overall better policy.