• Title/Summary/Keyword: advanced persistent threat

Search Result 64, Processing Time 0.023 seconds

Design and Implementation of ATP(Advanced Persistent Threat) Attack Tool Using HTTP Get Flooding Technology (HTTP Get Flooding 기술을 이용한 APT(지능적 지속 위협)공격 도구의 설계와 구현)

  • Cheon, Woo-Bong;Park, Won-Hyung;Chung, Tai-Myoung
    • The Journal of Korean Association of Computer Education
    • /
    • v.14 no.6
    • /
    • pp.65-73
    • /
    • 2011
  • As we can see from the recent cyber attack, APT(Advanced Persistent Threat) is trend of hacking attack in the World. Thus, HTTP Get Flooding attack is considered to be one of the most successful attacks in cyber attack method. In this paper, designs and implements new technique for the cyber attack using HTTP get flooding technology. also, I need a defence about DDoS attack through APT Tools.

  • PDF

Detection Framework for Advanced and Persistent Information Leakage Attack (지능적이고 지속적인 정보유출 공격 탐지 프레임워크)

  • Kil, Ye-Seul;Jeon, Ga-Hye;Lee, Il-Gu
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2022.05a
    • /
    • pp.203-205
    • /
    • 2022
  • As digital transformation and remote work environment advanced by Covid-19 become more common, the scale of leakage damage to industrial secrets and personal information caused by information leakage attacks is increasing. Recently, advanced and persistent information leakage attacks have become a serious security threat because they do not quickly leak large amounts of information, but continuously leak small amounts of information over a long period of time. In this study, we propose a framework for detecting advanced and persistent information leakage attacks based on traffic characteristics. The proposed method can effectively detect advanced and persistent information leakage attacks using traffic patterns, packet sizes, and metadata, even if the payload is encrypted.

  • PDF

Design for Zombie PCs and APT Attack Detection based on traffic analysis (트래픽 분석을 통한 악성코드 감염PC 및 APT 공격탐지 방안)

  • Son, Kyungho;Lee, Taijin;Won, Dongho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.491-498
    • /
    • 2014
  • Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

A study on the threat hunting model for threat detection of circumvent connection remote attack (우회 원격공격의 위협탐지를 위한 위협 헌팅 모델 연구)

  • Kim, Inhwan;Ryu, Hochan;Jo, Kyeongmin;Jeon, Byungkook
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.21 no.4
    • /
    • pp.15-23
    • /
    • 2021
  • In most hacking attacks, hackers intrudes inside for a long period of time and attempts to communicate with the outside using a circumvent connection to achieve purpose. research in response to advanced and intelligent cyber threats has been mainly conducted with signature-based detection and blocking methods, but recently it has been extended to threat hunting methods. attacks from organized hacking groups are advanced persistent attacks over a long period of time, and bypass remote attacks account for the majority. however, even in the intrusion detection system using intelligent recognition technology, it only shows detection performance of the existing intrusion status. therefore, countermeasures against targeted bypass rwjqthrwkemote attacks still have limitations with existing detection methods and threat hunting methods. in this paper, to overcome theses limitations, we propose a model that can detect the targeted circumvent connection remote attack threat of an organized hacking group. this model designed a threat hunting process model that applied the method of verifying the origin IP of the remote circumvent connection, and verified the effectiveness by implementing the proposed method in actual defense information system environment.

Attack Path and Intention Recognition System for detecting APT Attack (APT 공격 탐지를 위한 공격 경로 및 의도 인지 시스템)

  • Kim, Namuk;Eom, Jungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.1
    • /
    • pp.67-78
    • /
    • 2020
  • Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures

  • Bahrami, Pooneh Nikkhah;Dehghantanha, Ali;Dargahi, Tooska;Parizi, Reza M.;Choo, Kim-Kwang Raymond;Javadi, Hamid H.S.
    • Journal of Information Processing Systems
    • /
    • v.15 no.4
    • /
    • pp.865-889
    • /
    • 2019
  • The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

Operation Plan for the Management of an Information Security System to Block the Attack Routes of Advanced Persistent Threats (지능형지속위협 공격경로차단 위한 정보보호시스템 운영관리 방안)

  • Ryu, Chang-Su
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.759-761
    • /
    • 2016
  • Recent changes in the information security environment have led to persistent attacks on intelligent assets such as cyber security breaches, leakage of confidential information, and global security threats. Since existing information security systems are not adequate for Advanced Persistent Threat; APT attacks, bypassing attacks, and attacks on encryption packets, therefore, continuous monitoring is required to detect and protect against such attacks. Accordingly, this paper suggests an operation plan for managing an information security system to block the attack routes of advanced persistent threats. This is achieved with identifying the valuable assets for prevention control by establishing information control policies through analyzing the vulnerability and risks to remove potential hazard, as well as constructing detection control through controlling access to servers and conducting surveillance on encrypted communication, and enabling intelligent violation of response by having corrective control through packet tagging, platform security, system backups, and recovery.

  • PDF

An APT Malicious Traffic Detection Method with Considering of Trust Model (신뢰모형을 고려한 APT 악성 트래픽 탐지 기법)

  • Yun, Kyung-mi;Cho, Gi-hwan
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2014.10a
    • /
    • pp.937-939
    • /
    • 2014
  • Recently, an intelligent APT(Advanced Persistent Threat) attack which aims to a special target is getting to be greatly increased. It is very hard to protect with existing intrusion detection methods because of the difficulties to protect the initial intrusion of malicious code. In this paper, we analyze out-bound traffics to prevent call-back step after malicious code intrusion, and propose an APT malicious traffic detection method with considering of trust. The proposed method is expected to provide a basement to improve the detection rate in comparing with that of existing detection methods.

  • PDF

A spear phishing threat and the prevention method for the end user (스피어 피싱 위협과 최종 사용자 관점에서 대응방안 제안)

  • Sohn, Yu-seung;Nam, Kil-hyun;Goh, Seung-chul
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.284-287
    • /
    • 2013
  • Recently target oriented attacks which target an enterprise and a government agency are increasing. The starting point of APT(Advanced Persistent Threat), called as target oriented attacks, is the spear phishing email that is personalized based on the information collected via Internet of the target personnel. It is known that 94% of target oriented attacks use spear phishing emails. Therefore, in this paper, we analysed spear phishing methods in detail and the characteristics and recent trends of spear phishing threats and proposed the effective prevention method of spear phishing for the end user.

  • PDF

On the administrative security approaches against spear phishing attacks (스피어 피싱 대응을 위한 관리적 보안대책에 의한 접근)

  • Sohn, Yu-Seung;Nam, Kil-Hyun;Goh, Sung-Cheol
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.12
    • /
    • pp.2753-2762
    • /
    • 2013
  • Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.