Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
MITRE ATT&CK ±â¹Ý »çÀ̹ö °ø°Ý ¸ñÇ¥ ºÐ·ù : CIA ¶óº§¸µ |
| ¿µ¹®Á¦¸ñ(English Title) |
Cyberattack Goal Classification Based on MITRE ATT&CK: CIA Labeling |
| ÀúÀÚ(Author) |
½ÅÂùÈ£
ÃÖâÈñ
Chan Ho Shin
Chang-hee Choi
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 23 NO. 06 PP. 0015 ~ 0026 (2022. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
»çÀ̹ö °ø°ÝÀ» ¼öÇàÇÏ´Â ÁÖü¿Í ±× ¸ñÀûÀÌ Á¡Â÷ ´Ù¾çÈµÇ°í °íµµÈµÇ°í ÀÖ´Ù. °ú°Å »çÀ̹ö °ø°ÝÀº °³ÀΠȤÀº Áý´ÜÀÇ Àڽۨ Ç¥ÃâÀ» À§ÇØ ¼öÇàµÇ¾úÁö¸¸, ÃÖ±Ù¿¡´Â ±¹°¡ ´ÜÀ§ÀÇ ÈÄ¿øÀ» ¹ÞÀº Á¤Ä¡Àû, °æÁ¦Àû ¸ñÀûÀÇ °ø°Ýµµ È°¹ßÈ÷ ÀÌ·ç¾îÁö°í ÀÖ´Ù. ÀÌ¿¡ ´ëÀÀÇÏ°íÀÚ ½Ã±×´Ïó ±â¹ÝÀÇ ¾Ç¼ºÄÚµå Æйи® ºÐ·ù, °ø°Ý ÁÖü ºÐ·ù µîÀÌ ÀÌ·ç¾îÁ³Áö¸¸ °ø°Ý ÁÖü°¡ ÀǵµÀûÀ¸·Î ¹æ¾îÀÚ¸¦ ¼ÓÀÏ ¼ö ÀÖ´Ù´Â ´ÜÁ¡ÀÌ ÀÖ´Ù. ¶ÇÇÑ °ø°ÝÀÇ ÁÖü, ¹æ¹ý, ¸ñÀû°ú ¸ñÇ¥°¡ ´Ù¾çÇØÁü¿¡ µû¶ó, °ø°ÝÀÇ ¸ðµç °úÁ¤À» ºÐ¼®ÇÏ´Â °ÍÀº ºñÈ¿À²ÀûÀÌ´Ù. µû¶ó¼ ¹æ¾îÀÚ °üÁ¡¿¡¼ »çÀ̹ö °ø°ÝÀÇ ÃÖÁ¾ ¸ñÇ¥¸¦ ½Äº°ÇØ À¯¿¬ÇÏ°Ô ´ëÀÀÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. »çÀ̹ö °ø°ÝÀÇ ±Ùº»ÀûÀÎ ¸ñÇ¥´Â ´ë»óÀÇ Á¤º¸º¸¾ÈÀ» ÈѼÕÇÏ´Â °ÍÀÌ´Ù. Á¤º¸º¸¾ÈÀº Á¤º¸ÀÚ»êÀÇ ±â¹Ð¼º, ¹«°á¼º, °¡¿ë¼ºÀ» º¸Á¸ÇÔÀ¸·Î½á ´Þ¼ºµÈ´Ù. ÀÌ¿¡ º» ³í¹®¿¡¼´Â MITRE ATT&CKⓇ ¸ÅÆ®¸¯½º¿¡ ±â¹ÝÇÏ¿© °ø°ÝÀÚÀÇ ¸ñÇ¥¸¦ Á¤º¸º¸¾ÈÀÇ 3¿ä¼Ò °üÁ¡¿¡¼ ÀçÁ¤ÀÇÇÏ°í, À̸¦ ¸Ó½Å·¯´× ¸ðµ¨°ú µö·¯´× ¸ðµ¨À» ÅëÇØ ¿¹ÃøÇÏ¿´´Ù. ½ÇÇè °á°ú ÃÖ´ë 80%ÀÇ Á¤È®µµ·Î ¿¹ÃøÇÏ´Â °ÍÀ» È®ÀÎÇÒ ¼ö ÀÖ¾ú´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker¡¯s purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker¡¯s goal based on MITRE ATT&CKⓇ in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability. |
| Å°¿öµå(Keyword) |
¶óº§¸µ
¸Ó½Å·¯´×
µö·¯´×
MITRE ATT&CK
TTP
Á¤º¸º¸¾È 3¿ä¼Ò
labeling
machine learning
deep learning
MITRE ATT&CK
TTP
CIA triad
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
