문광석, 허준범,

Vol. 34, No. 5, pp. 949-959, 10월. 2024
10.13089/JKIISC.2024.34.5.949, Full Text:
Keywords: CTI, OSINT, Threat, Honeypot, risk management
Abstract

Recently, as enterprises utilize the cloud and artificial intelligence, it is becoming increasingly difficult to protect exposed interfaces with existing perimeter security methods. Accordingly, zero trust-based comprehensive risk management is becoming necessary. Most enterprises use vulnerability inspection and bug bounty (security vulnerability reporting system) as basic risk management methods, but it is difficult to effectively respond to unpredictable problems such as zero-day attacks or open source vulnerabilities with these methods alone. Therefore, in this paper, we propose a risk response technique for the entire enterprise that links external OSINT (open source information) and CTI of national government agencies to detect threats through CTI (cyber threat intelligence) and collects the enterprise’s own CTI. As a result of comparing the method of threat detection and blocking that collects the enterprise’s own CTI by configuring a honeypot for effective threat detection and links it to the CTI of an external government agency, the proposed technique showed a 65.8% higher performance improvement in detection accuracy and verified the effect of reducing the number of attackers in the organization through this method

Statistics
Cite this article