{"title":"网络攻击跟踪系统操作架构","authors":"J. Ahn","doi":"10.9766/kimst.2023.26.2.179","DOIUrl":null,"url":null,"abstract":"APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. ‘Cyberattack Tracing System’ allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.","PeriodicalId":17292,"journal":{"name":"Journal of the Korea Institute of Military Science and Technology","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cyberattack Tracing System Operational Architecture\",\"authors\":\"J. Ahn\",\"doi\":\"10.9766/kimst.2023.26.2.179\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. ‘Cyberattack Tracing System’ allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.\",\"PeriodicalId\":17292,\"journal\":{\"name\":\"Journal of the Korea Institute of Military Science and Technology\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of the Korea Institute of Military Science and Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.9766/kimst.2023.26.2.179\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of the Korea Institute of Military Science and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.9766/kimst.2023.26.2.179","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyberattack Tracing System Operational Architecture
APT cyber attacks have been a problem for over a past decade, but still remain a challenge today as attackers use more sophisticated techniques and the number of objects to be protected increases. ‘Cyberattack Tracing System’ allows analysts to find undetected attack codes that penetrated and hid in enterprises, and to investigate their lateral movement propagation activities. The enterprise is characterized by multiple networks and mass hosts (PCs/servers). This paper presents a data processing procedure that collects event data, generates a temporally and spatially extended provenance graph and cyberattack tracing paths. In each data process procedure phases, system design considerations are suggested. With reflecting the data processing procedure and the characteristics of enterprise environment, an operational architecture for CyberAttack Tracing System is presented. The operational architecture will be lead to the detailed design of the system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
