Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
IOA ±â¹ÝÀÇ Áö´ÉÇüÁö¼ÓÀ§Çù ´ëÀÀ À§ÇÑ Áö´ÉÇü Á¤º¸º¸È£½Ã½ºÅÛ |
| ¿µ¹®Á¦¸ñ(English Title) |
The IOA-Based Intelligent Information Protection System for Response of Advanced Persistent Threats |
| ÀúÀÚ(Author) |
·ùâ¼ö
Chang-su Ryu
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 20 NO. 11 PP. 2067 ~ 2072 (2016. 11) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù ±âÁ¸ Á¤º¸º¸È£½Ã½ºÅÛÀ» ¿ìȸÇÏ´Â °ø°Ý ±â¹ýÀÇ ¹ß´Þ·Î »ç¿ëÀÚ°¡ ÀνÄÇÏÁö ¸øÇÏ´Â ÇüÅÂÀÇ Á¤º¸Àڻ꿡 ´ëÇÑ Áö¼ÓÀûÀÎ °ø°ÝÀ¸·Î À§ÇùÀÌ µÇ°í ÀÖ´Ù. ÀÌ´Â ±âÁ¸ ½Ã½ºÅÛÀÇ ´ÜÀÏ ´ëÀÀÀÌ ¾î·Á¿î APT °ø°Ý, ¿ìȸÁ¢±Ù°ø°Ý ¹× ¾ÏÈ£È ÆÐŶ¿¡ ´ëÇÑ °ø°Ý µî¿¡ ´ëÇÑ Ä§ÇØ¿¹Ãø ½Ãµµ¿¡ ´ëÇÑ Áï°¢ÀûÀÎ ´ëÀÀÀ» Áö¿øÇÏ°í °ø°ÝÁöÇ¥ À§ÁÖÀÇ ¹æ¾î Àü·«À¸·Î Á¤º¸º¸È£ ½Ã½ºÅÛ¿¡ ´ëÇÑ Áö¼ÓÀûÀÎ ¸ð´ÏÅ͸µÀÇ ¼öÇàÀÌ ¿ä±¸µÇ°í ÀÖ´Ù. º» ³í¹®¿¡¼´Â Áö´ÉÇüÁö¼ÓÀ§Çù °ø°Ý°æ·ÎÂ÷´ÜÀ» À§ÇØ Á¤º¸Àڻ꿡 ´ëÇÑ ¾÷¹«¿µÇâÆò°¡¸¦ ÅëÇÑ ¿¹¹æÅëÁ¦·Î Áß¿äÇÑ ÀÚ»ê ½Äº°ÇÏ°í À§ÇèÀ» ¹Ì¸® Á¦°ÅÇϱâ À§ÇÏ¿© Ãë¾à¼º ºÐ¼®, À§ÇèºÐ¼®À» ÅëÇÑ Á¤º¸ÅëÁ¦ Á¤Ã¥À» ¼ö¸³ÇÏ°í ¼¹öÁ¢±Ù¿¡ ´ëÇÑ ³»・¿ÜºÎ ¿ìȸ³×Æ®¿öÅ© ÅëÁ¦, ¾ÏÈ£ÈÅë½Å °¨½Ã¸¦ ÅëÇØ Å½ÁöÅëÁ¦¸¦ ¼ö¸³ÇÏ°í ¹é¾÷°ú º¹±¸¸¦ ÅëÇØ ¿¬°è Á¦¾îµÈ ±³Á¤ÅëÁ¦¸¦ ÇÏ¿© Áö´ÉÈµÈ Ä§ÇØ´ëÀÀ ÇÒ ¼ö ÀÖµµ·Ï Áß¾ÓÁýÁᫎ Áö´ÉÇü Á¤º¸º¸È£½Ã½ºÅÛÀ» Á¦¾ÈÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.
|
| Å°¿öµå(Keyword) |
°ø°ÝÁöÇ¥
Áö´ÉÇüÁö¼ÓÀ§Çù
Á¤º¸º¸È£½Ã½ºÅÛ
°ø°Ý°æ·ÎÂ÷´Ü
Indicator Of Attack
Advanced Persistent Threat
Information Security System
Attack Routes Block
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
