Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
ÇѱÛÁ¦¸ñ(Korean Title) |
APT °ø°Ý »ç·Ê ±â¹Ý º¸¾È ¿ä±¸»çÇ× Ãßõ ÇÁ·¹ÀÓ¿öÅ© |
¿µ¹®Á¦¸ñ(English Title) |
A Security Requirements Recommendation Framework Based on APT Attack Cases |
ÀúÀÚ(Author) |
±è¹ÎÁÖ
¹Ú½ÅÇý
À̼®¿ø
MinJu Kim
Sihn-Hye Park
Seok-Won Lee
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 48 NO. 09 PP. 1014 ~ 1026 (2021. 09) |
Çѱ۳»¿ë (Korean Abstract) |
Áö´ÉÇü Áö¼Ó À§Çù(APT, Advanced Persistent Threat) °ø°ÝÀº ƯÁ¤ ´ë»ó¿¡ Áö´ÉÀûÀ̸ç Áö¼ÓÀûÀ¸·Î °ø°ÝÀ» °¡ÇÏ´Â ±â¹ýÀÌ´Ù. ºÐ¸íÇÑ °ø°Ý ¸ñÀûÀ» °¡Áö°í, °ø°Ý ´ë»ó¿¡ Á¶Á÷ÀûÀÌ°í °íµµÈµÈ ±â¼úÀ» »ç¿ëÇϸç, ƯÁ¤ ±â°£ µ¿¾È ŽÁöµÇÁö ¾Ê°í Áö¼ÓÀûÀ¸·Î °ø°ÝÀ» ½ÃµµÇϹǷΠŽÁö¿Í ¹æ¾î°¡ ¾î·Á¿î °ø°Ý Áß ÇϳªÀÌ´Ù. º» ³í¹®Àº APT °ø°Ý¿¡ ´ëÇÑ ¼±Á¦Àû ¹æ¾î ¹æ¹ýÀ¸·Î ½ÇÁ¦ ¹ß»ýÇÑ APT °ø°Ý¿¡ ´ëÇÑ º¸¾È ¿ä±¸»çÇ×À» ÃßõÇÏ´Â ÇÁ·¹ÀÓ¿öÅ©¸¦ Á¦¾ÈÇÑ´Ù. Á¦¾ÈÇÏ´Â ÇÁ·¹ÀÓ¿öÅ©´Â ƯÁ¤ APT °ø°Ý¿¡ ´ëÇÏ¿© ½Ã³ª¸®¿À¸¦ ±â¹ÝÀ¸·Î °ø°Ý ¿ä¼Ò¸¦ µµÃâÇÏ°í ¿ä¼Ò °£ °ü°è¸¦ ºÐ¼®ÇÑ´Ù. ºÐ¼® °á°ú¿¡ ´ëÇÑ »ç·Ê ±â¹Ý Ãß·ÐÀ» ÅëÇØ °ø°Ý ÆÐÅÏÀ» Ãß·ÐÇÏ°í, º¸¾È ¿ä±¸»çÇ×À» ÃßõÇÑ´Ù. »ç·Ê ±â¹Ý Ã߷аú º¸¾È ¿ä±¸»çÇ× ÃßõÀ» À§ÇØ APT °ø°Ý Áö½Ä, ÀÏ¹Ý º¸¾È Áö½Ä, µµ¸ÞÀÎ Æ¯È Áö½ÄÀ» Æ÷ÇÔÇÏ´Â ÅëÇÕ Áö½Ä º£À̽º¸¦ ±¸ÃàÇÏ¿´´Ù. ÅëÇÕ Áö½Ä º£À̽º´Â Áö½Äº° ¿ÂÅç·ÎÁö¿Í °ü·Ã µ¥ÀÌÅͺ£À̽º·Î ±¸¼ºµÈ´Ù. º» ÇÁ·¹ÀÓ¿öÅ©¸¦ À¥ ¾îÇø®ÄÉÀ̼ÇÀ¸·Î ±¸ÇöÇÏ¿© ƯÁ¤ APT °ø°Ý¿¡ ´ëÇØ »ç·Ê ¿¬±¸¸¦ ¼öÇàÇÏ¿´´Ù. |
¿µ¹®³»¿ë (English Abstract) |
Advanced Persistent Threat (APT) attacks are intelligent and continuous attacks on specific targets. This type of attack is one of the most difficult attacks to detect and defend because it uses an organized and advanced technique for attacking targets, and it continuously attempts to attack the undetected for a certain period. In this paper, we propose a framework that recommends security requirements for real-world APT attacks as a proactive defense against APT attacks. The proposed framework derives attack elements based on scenarios for specific APT attacks and analyzes the relationships between elements. Through case-based reasoning of analytical results, attack patterns are deduced, and security requirements are recommended. For case-based reasoning and security requirements recommendation, we build an integrated knowledge base that includes APT attack knowledge, general security knowledge, and domain-specific knowledge. The integrated knowledge base consists of knowledge-specific ontology and related databases. We implement this framework as a web application to conduct case studies on specific APT attacks. |
Å°¿öµå(Keyword) |
Áö´ÉÇü Áö¼Ó °ø°Ý
»ç·Ê ±â¹Ý Ãß·Ð
º¸¾È ¿ä±¸»çÇ×
¹®Á¦ µµ¸ÞÀÎ ¿ÂÅç·ÎÁö
advanced persistent threat
case-based reasoning
security requirements
problem domain ontology
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|