A Study for Cyber Situation Awareness System Development with Threat Hunting

Lee, Jaeyeon; Choi, Jeongin; Park, Sanghyun; Kim, Byeongjin; Hyun, Dae-Won; Kim, Gwanyoung

doi:2018.21.6.807

J. KIMS Technol > Volume 21(6); 2018 > Article

Research Paper

Journal of the Korea Institute of Military Science and Technology 2018;21(6):807-816.
DOI: https://doi.org/10.9766/KIMST.2018.21.6.807

A Study for Cyber Situation Awareness System Development with Threat Hunting

Jaeyeon Lee, Jeongin Choi, Sanghyun Park, Byeongjin Kim, Dae-Won Hyun, Gwanyoung Kim

C2.Comm. R&D Center C4I.Cyber Team, Hanwha Systems Co. Ltd.

위협 헌팅을 적용한 사이버 상황인식 시스템 개발에 관한 연구

이재연, 최정인, 박상현, 김병진, 현대원, 김관영

한화시스템(주) 지휘통제.통신연구소 C4I.사이버팀

Abstract

Threat hunting is defined as a process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. The main concept of threat hunting is to find out weak points and remedy them before actual cyber threat has occurred. And HMM(Hunting Maturity Matrix) is suggested to evolve hunting processes with five levels, therefore, CSOC(Cyber Security Operations Center) can refer HMM how to make them safer from complicated and organized cyber attacks. We are developing a system for cyber situation awareness system with pro-active threat hunting process called unMazeTM. With this unMaze, it can be upgraded CSOC's HMM level from initial level to basic level. CSOC with unMaze do threat hunting process not only detecting existing cyber equipment post-actively, but also proactively detecting cyber threat by fusing and analyzing cyber asset data and threat intelligence.

Key Words: Threat hunting, CSOC, Cyber Situation Awareness System, Real-Time Threat Information Gathering, Cyber Asset Management, Cyber COP