최근 다양한 사이버 범죄 위협이 증가하는 추세로 정보시스템을 대상으로 공격하는 사이버 공격에 대해 실시간 탐지 등 최전선에서 초동 대응을 해야 하는 보안관제의 중요성이 높아지고 있다. 보안관제센터, 사이버테러 대응센터, 침해 대응센터 등의 이름으로 기관의 관제인원들은 사이버 공격 예방을 위해 많은 노력을 하고 있다. 특히 침해사고 탐지를 위한 방법으로 네트워크 보안장비를 이용하거나 관제시스템을 활용하여 탐지를 하고 있지만 장비 위주의 단순한 패턴기반으로 관제를 하는 방법으로는 침해사고의 예방을 위한 방법으로는 부족하다. 그러므로 보안관제시스템은 지속적으로 고도화 되고 있으며 침해위협에 대한 예방활동으로 탐지방법에 대한 개발과 연구가 활발히 진행되고 있다. 이에 본 논문에서는 기존 침해사고 탐지 방법에 대한 문제점 개선을 위해 주요 구성 모듈의 침해사고 탐지 방법을 정의하고, 성능테스트를 통해 효율적인 보안 관제를 위한 방안을 제시하고 SIEM(Security Information Event Management)을 활용한 관제시스템 고도화를 통하여 효과적인 침해위협 탐지 방법을 연구하고자 한다.
최근 다양한 사이버 범죄 위협이 증가하는 추세로 정보시스템을 대상으로 공격하는 사이버 공격에 대해 실시간 탐지 등 최전선에서 초동 대응을 해야 하는 보안관제의 중요성이 높아지고 있다. 보안관제센터, 사이버테러 대응센터, 침해 대응센터 등의 이름으로 기관의 관제인원들은 사이버 공격 예방을 위해 많은 노력을 하고 있다. 특히 침해사고 탐지를 위한 방법으로 네트워크 보안장비를 이용하거나 관제시스템을 활용하여 탐지를 하고 있지만 장비 위주의 단순한 패턴기반으로 관제를 하는 방법으로는 침해사고의 예방을 위한 방법으로는 부족하다. 그러므로 보안관제시스템은 지속적으로 고도화 되고 있으며 침해위협에 대한 예방활동으로 탐지방법에 대한 개발과 연구가 활발히 진행되고 있다. 이에 본 논문에서는 기존 침해사고 탐지 방법에 대한 문제점 개선을 위해 주요 구성 모듈의 침해사고 탐지 방법을 정의하고, 성능테스트를 통해 효율적인 보안 관제를 위한 방안을 제시하고 SIEM(Security Information Event Management)을 활용한 관제시스템 고도화를 통하여 효과적인 침해위협 탐지 방법을 연구하고자 한다.
Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response cent...
Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).
Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
문제 정의
In this paper, we propose an effective method to detect threat of intrusion by measuring the effectiveness of each module of SIEM proposed in this paper. An efficient control system was studied using the existing control method and correlation analysis policy with new modules.
제안 방법
In this paper, we propose an effective method to detect intrusion threats through scenarios for prevention of infringement accidents by measuring the effectiveness of control system using SIEM, we will study the efficient control system using analytic policy and propose verification of correlation analysis policy[3].
An efficient control system was studied using the existing control method and correlation analysis policy with new modules. We could get satisfactory results through system performance test for correlation analysis policy, and we could get better results as test progressed.
데이터처리
The information security data of the linking organization is collected and normalized by the threat detection module based on the detection rule created in the security control center, and the correlation analysis is performed. Figure 4 shows the structure of the system for responding to infringement incidents in order to build and operate a preventive-based security control system based on the statistical-based security control system by strengthening continuous information security control ability as a result of the analysis and the result.
성능/효과
As a result of performing the performance test of the correlation analysis module three times, the average processing time of 559 seconds (9.32 minutes) was obtained from 3000 raw data average times, and the performance satisfies the performance requirements.
As a result of performing the performance test of the security information integration module three times, the performance satisfying the performance requirement of an average of 10,000 per second was achieved.
참고문헌 (16)
J. G. Um & H. Y. Kwon, (2016). Model proposal of detection method of cyber attack using SIEM, Journal of IIBC, 16(6), 43-54.
J. H. Sim, S. H. Kim & T. M. Chung, (2014). A Survey of Solutions using Security Information Event Management. Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 390-391.
S. B. Kang, (2011). (A) study on the effective countermeasures for preventing computer security incident. Doctoral dissertation Korea University, Seoul.
S. M. Park, (2011). An Empirical Study of Cyber Security Center Model in Public Sector. Doctoral dissertation Soongsil University, Seoul
H. H. Kang, (2014). (A) study on the improvement of alert function in ESM for effective attack detection, Master dissertation, Sungkyunkwan University, Seoul.
Y. Lee, (2017). A study on effective attack detection using threat scoring function through ESM. Master dissertation, Sungkyunkwan University, Seoul.
H. Kim, (2010). A study on malicious code detecting by ESM correlation. M.S. dissertation, Korea University, Seoul.
G. W. Lee, (2017). Design of integrated security system for intelligent continuous threat detection and active response. Master dissertation Korea University, Seoul.
D. J. Jeon & D. G. Park, (2014). Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology, Journal of the Korea Information Science Society, 81-100.
B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Improved Integrated Monitoring System Design and Construction, Journal of Convergence for Information Technology, 25-33.
S. S. Nam & C. H. Seo, (2015), Context cognition technology through integrated cyber security context analysis, Journal of digital convergence, 313-319.
B. J. Jeon, D. B. Yoon & S. S. Shin. (2017). Integrated Monitoring System using Log Data, Journal of Convergence for Information Technology, 35-42.
Y. H. Kim & H. H. Nam, (2014). Log Analysis Supporting System based on Log Data for Efficient Big Data Analysis, Journal of Korea Information Science Society, 936-938.
NIS, MSIP, KCC, MOSPA, KISA, NSRI, (2013). 2013 National Information Security White Paper.
I. S. Jeon, K. H. Han, D. W. Kim & J. Y. Choi, (2015). Using the SIEM Software vulnerability detection model proposed, Journal of the Korea Institute of Information Security and Cryptology, 25(4), 961-974.
AI-Helper
※ AI-Helper는 부적절한 답변을 할 수 있습니다.