본문 바로가기
  • Home

Analysis of Cyber Incident Artifact Data Enrichment Mechanism for SIEM

  • Journal of Internet of Things and Convergence
  • Abbr : JKIOTS
  • 2022, 8(5), pp.1-9
  • Publisher : The Korea Internet of Things Society
  • Research Area : Engineering > Computer Science > Internet Information Processing
  • Received : July 20, 2022
  • Accepted : September 5, 2022
  • Published : October 31, 2022

Lee, Hyung Woo 1

1한신대학교

Accredited

ABSTRACT

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

Citation status

* References for papers published after 2022 are currently being built.