As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.
S.N.Swamy and S.R.Kota, "An Empirical Study on System Level Aspects of Internet of Things (IoT),"IEEE Access, Vol.8, pp.188082-188134, 2020.
Hassannataj Joloudari, J., Haderbadi, M., Mashmool, A., GhasemiGol, M., Shahab, S., and Mosavi, A., “Early detection of the advanced persistent threat attack using performance analysis of deep learning”, arXiv e-prints, 2020.
Chen, P., Desmet, L., Huygens, C., “A Study on Advanced Persistent Threats,” Communications and Multimedia Security. CMS 2014, Lecture Notes in Computer Science, Vol.8735. Springer.
Gustavo Gonzalez-Granadillo, Susana Gonzalez-Zarzosa, Rodrigo Diaz, “Security Information and Event Managment (SIEM): Analysis, Trends, and Usage in Critical Infrastructures,” Sensors, Vol.21, No.14, 2021,
Md Sahrom Abu, Siti Rahayu Selamat, Aswami Ariffin, Robiah Yusof, “Cyber Threat Intelligence – Issue and Challenges,” Indonesian Journal of Electrical Emgineering and Computer Science, Vol.10, No.1, April 2018, pp.371-379.
Hussam Mohammed, Hathan Clarke, Fudong Li, “An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data,” Journal of Digital Forensics, Security and Law, Vol.11, No.2, 2016, pp.137-152.
A. Alenezi, H. Atlam, R. Alsagri, M. Alassafi, and G. Wills, “IoT Forensics: A State-of-the-Art Review, Challenges and Future Directions,” Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), pp.106-115.
H.Lee, "Intrusion Artifact Acquisition Method based on IoT Botnet Malware," Journal of The Korea Internet of Things Society, Vol.7, No.3, pp.1-8, 2021.
Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis, “A Survey on the Internet of Things (IoT)Forensics: Challenges, Approaches, and Open Issues,”IEEE COMMUNICATIONS SURVEYS & TUTORIALS, Vol.22, No.2, pp.1191-1221, SECOND QUARTER 2020.
MISP, Open Source Threat Intelligence and Sharing Platform, “https://www.misp-project.org”.
IntelMQ, “https://intelmq.readthedocs.io”.
TheHive, “https://thehive-project.org”.
Cortex, “https://github.com/TheHive-Project/Cortex”.
Splunk, “https://www.splunk.com”.
CyberTriage, “https://www.cybertriage.com”
Google GRR, “https://github.com/google/grr”
Elastic Security, “https://www.elastic.com/security”