발간년도 : [2024]
| 논문정보 |
|
| 논문명(한글) |
[Vol.19, No.3] A Study of APT Detection using Dynamic Analysis in VM |
|
| 논문투고자 |
Se Yul Lee |
|
| 논문내용 |
According to the 2023 annual report by the NCSC(National Cyber Security Center) in NIS(National Intelligence Service), North Korea APT(Advanced Persistent Threat) group, KIMSUKY, impersonated south korea and USA Think Tank to launch phishing attacks on experts in the political, diplomatic, and security fields. Past incidents, such as the 2014 hacking of the KHNP(Korea Hydro & Nuclear Power Plant), documentary malware, and NAVER phishing sites in June 2023, illustrate the increasing sophistication of their Cyber-attacks. As we transition into the cloud era, and must always be prepared for advance APT groups. In this paper, we propose a method for detecting C&C server based on transport layer in isolated environment of the VM(Virtual Machine). We collected samples from MalwareBazaar that malware sharing platform. MalwareBazzar’s KIMSUKY sample is dynamic analysis in the VM. As can be seen from the experimental results of 3 samples communication attempt with the C&C server were confirmed based on the operation method of the Transport layer. This means that APT Intelligence is possible by comparing the address of the detected C&C server with the analysis report ant the results of the automated analysis site, and the distribution and spread path has been analyzed through identification of similar malware. In other words, we experimentally demonstrated the possibility of providing a malware detection solution by considering the factors and network characteristics of the VM. |
|
| 첨부논문 |
|
|
|
|
|
자료실 > 논문지 
