Cyber Threat Intelligence를 위한 악성코드 프로파일링 및 이메일 기반 Botnet Group 분석기술 연구
Malware Profiling and Email-based Botnet Analysis Research for Cyber Threat Intelligence
초록/요약
Cyber-attacks are steadily increasing as they are becoming more confidential and intelligent. An average of 1,000,000 malware appear every day, and these attacks are gradually expanding into IT convergence services, such as automobile and TV, and even to social infrastructures such as nuclear power, electricity and water supply. There have been large cyber-attacks in Korea including 7.7 DDoS attack, personal information leakage in SK Communications and Nexon in 2009, and 6.25 and 3.20 Cyber-attacks in 2013. Such cyber-attacks have grown beyond financial crime and have been appearing in forms of political disputes and cyber warfare. However, an element that does not change in cyber-attacks is that one, malware is used as an attack technique and, two, a malware infected PC (Botnet Group) is used to access the attack target. In this study, we analyzed malware, variant detection, profiling technique and email based Botnet Group analysis technology which are the key elements of intelligent cyber-attack. Based on this, we have studied Cyber Threat Intelligence technology that can support correlation analysis and decision-making between overall cyber attacks. As a result, a system is developed and its effectiveness is verified as real data in a commercial environment. Moreover, not only does the research contents proposed in this paper validated but also are applied to the practical application of the real environment. It is positively expected that more can be derived from the system management at its actual use.
more목차
Ⅰ. Introduction
Ⅱ. Research Background
A. Importance of Malware Profiling
B. Importance of Botnet Group Analysis
C. Importance of Cyber Threat Intelligence Analysis
Ⅲ. Related Research
A. Trends of Malware Profiling Research
B. Trends of Botnet Group Analysis Research
C. Trends of Cyber Threat Intelligence Research
Ⅳ. Malware Profiling Technology
A. Overview
B. Model Proposal
C. Experimental Results
D. System Implementation
Ⅴ. Email-based Botnet Group Analysis Technology
A. Overview
B. Model Proposal
C. Experimental Results
D. System Implementation
Ⅵ. Future Research Direction
A. Overview
B. Profiling by Cyber-attack Element
Ⅶ. Conclusion
A. Malware Profiling Technology
B. Email-based Botnet Group Detection Technology
C. Cyber Threat Intelligence Analysis Technology
REFERENCES
