Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups-Reference-Cited by-同舟云学术

Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups

Published:2022-12-12 Issue:24 Volume:11 Page:4142
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Youn Jaepil^ORCID,Kim Kookjin^ORCID,Kang Daeyoung,Lee Jaeil,Park Moosung^ORCID,Shin Dongkyoo^ORCID

Abstract

North Korean cyber-attack groups such as Kimsuky, Lazarus, Andariel, and Venus 121 continue to attempt spear-phishing APT attacks that exploit social issues, including COVID-19. Thus, along with the worldwide pandemic of COVID-19, related threats also persist in cyberspace. In January 2022, a hacking attack, presumed to be Kimsuky, a North Korean cyber-attack group, intending to steal research data related to COVID-19. The problem is that the activities of cyber-attack groups are continuously increasing, and it is difficult to accurately identify cyber-attack groups and attack origins only with limited analysis information. To solve this problem, it is necessary to expand the scope of data analysis by using BGP archive data. It is necessary to combine infrastructure and network information to draw correlations and to be able to classify infrastructure by attack group very accurately. Network-based infrastructure analysis is required in the fragmentary host area, such as malware or system logs. This paper studied cyber ISR and BGP and a case study of cyber ISR visualization for situational awareness, hacking trends of North Korean cyber-attack groups, and cyber-attack tracking. Through related research, we estimated the origin of the attack by analyzing hacking cases through cyber intelligence-based profiling techniques and correlation analysis using BGP archive data. Based on the analysis results, we propose an implementation of the cyber ISR visualization method based on BGP archive data. Future research will include a connection with research on a cyber command-and-control system, a study on the cyber battlefield area, cyber ISR, and a traceback visualization model for the origin of the attack. The final R&D goal is to develop an AI-based cyber-attack group automatic identification and attack-origin tracking platform by analyzing cyber-attack behavior and infrastructure lifecycle.

Funder

Agency for Defense Development

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/11/24/4142/pdf

Reference39 articles.

1. Joint Cybersecurity Advisory (2020). North Korean Advanced Persistent Threat Focus: Kimsuky.

2. Joint Cybersecurity Advisory (2020). Guidance on the North Korean Cyber Threat.

3. Kim, H.K., Kim, H.J., and No, Y.H. (2021). KISA Cyber Security Issue Report: Q4 2020, Korea Internet & Security Agency (KISA).

4. Miller, K.S. (2019). ATP 2-01.3 Intelligence Preparation of the Battlefield.

5. Scott, K.D. (2018). Joint Publication (JP) 3-12 Cyberspace Operation.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. State-of-the-Art in Cyber Situational Awareness: A Comprehensive Review and Analysis;KSII Transactions on Internet and Information Systems;2024-05-31

2. Advanced Persistent Threat Group Correlation Analysis via Attack Behavior Patterns and Rough Sets;Electronics;2024-03-18

3. Correction: Youn et al. Research on Cyber ISR Visualization Method Based on BGP Archive Data through Hacking Case Analysis of North Korean Cyber-Attack Groups. Electronics 2022, 11, 4142;Electronics;2023-12-12

4. Cyber-Resilience Evaluation Methods Focusing on Response Time to Cyber Infringement;Sustainability;2023-09-07

5. A Study on Detection of Malicious Behavior Based on Host Process Data Using Machine Learning;Applied Sciences;2023-03-23