CHOSUN

APT 공격 탐지를 위한 온톨로지 기반의 상황인지 모델

Metadata Downloads
Author(s)
김광민
Issued Date
2017
Abstract
With the Internet of cloud services, big data, machine learning, mobile technology, artificial intelligence, and similar new technologies providing the ability to connect and intelligently handle every aspect of our lives, these recent developments in IT technology have facilitated a highly personalized service and dramatically improved the productivity of industry, leading to a better quality of life. However, such changes have become the source of serious threats to cyber security. As everything is connected and intelligently handled, the importance of data has been thrown into sharper focus. Every company has invested heavily in protecting important data in the enterprise resources to encrypt key data, control access, and build security information and event management solutions to detect signs of an attack However, the advanced persistent threats (APT) attack, which can bypass security devices, hides malicious code in the system and steals information in a covert and continuous manner, causing serious damage. APT attacks are one of the biggest challenges to conventional cyber security technology. this study constructed security threat ontology by analyzing and modeling the context information of a real APT attack, which is difficult to develop with security technology, and further designed reasoning rules based on inter-class relationships. The reasoning rules divide an APT attack into steps such as reconnaissance, attack using virus, acquisition of backdoor, action to achieve goal, acquisition of data after goal achievement, and finally, erasing traces of intrusion. Thus, to detect an anomaly in the context of an APT attack using the process of the APT attack, reasoning rules were designed by using Semantic Web Rule Language (SWRL) language for the context-aware reasoning of attack phase, penetration pahse, and collection phase based on the context information before and after the APT attack. Based on the SWRL language defined after designing the reasoning rules, the detection reasoning results for an APT attack context could be derived using the stepwise defined and designed rules. Future studies will continue to develop monitoring and context-aware control service systems with advanced functions to enable the integrated detection and control of various security threats using the application of various rules and the mapping of conventional designed ontologies via the modification and addition of rules.
Alternative Title
Ontology-Based Context Awareness Model for APT Attack Detection
Alternative Author(s)
KwangMin Kim
Department
산업기술융합대학원 소프트웨어융합공학과
Advisor
김판구
Awarded Date
2018-02
Table Of Contents
Ⅰ. 서론 1
A. 연구 배경 및 목적 1
B. 연구 내용 및 구성 2

Ⅱ. 관련 연구 3
A. 상황인지 3
B. 온톨로지 기반 상황인지모델 5
C. APT 공격 개념과 기존연구 7
1. APT 공격 개념 7
2. APT 공격 기존연구 9

Ⅲ. APT 공격 탐지를 위한 온톨로지 기반 상황인지 모델 11
A. 온톨로지 기반 상황인지 모델 필요성 11
B. 프레임워크 13
C. 온톨로지 설계 및 구축 15
1. APT 공격 온톨로지 - 클래스/계층 정의 15
2. APT 공격 온톨로지 - 속성 정의 22
3. APT 공격 온톨로지 - 관계 정의 22
D. 추론 규칙 설계 24
1. APT 탐지를 위한 추론 단계 정의 24
2. 추론 규칙 설계 26

Ⅳ. 실험 및 결과 28

A. 상황 시나리오 기반의 APT 공격 탐지 28
1. 상황 시나리오 구성 28
2. 상황정보에 따른 온톨로지 기반 클래스 추출 29
3. 시나리오 기반 추론식을 이용한 APT 공격 탐지 30
4. 추론엔진을 이용하여 평가 31
Ⅴ. 결론 및 제언 32

참고문헌 33
Degree
Master
Publisher
조선대학교 산업기술융합대학원
Citation
김광민. (2017). APT 공격 탐지를 위한 온톨로지 기반의 상황인지 모델.
Type
Dissertation
URI
https://oak.chosun.ac.kr/handle/2020.oak/16531
http://chosun.dcollection.net/common/orgView/200000266480
Appears in Collections:
Engineering > 3. Theses(Master)
Authorize & License
  • AuthorizeOpen
  • Embargo2018-02-21
Files in This Item:

Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.