유현수, 김환국,

Vol. 34, No. 6, pp. 1601-1609, 12월. 2024
10.13089/JKIISC.2024.34.6.1601, Full Text:
Keywords: Cyber Threat Intelligence, STIX/TAXII, Response Strategy, Automation
Abstract

This paper proposes an automated system for detecting and managing security threats by incorporating SOAR technology for intelligent cybersecurity. The objective of the study is to analyze external STIX/TAXII-based data to build Cyber Threat Intelligence (CTI), thereby accurately assessing the risk levels of internal assets and establishing effective response strategies. The proposed system consists of four main components: CTI collection and normalization, CTI-based TTP mapping, internal asset CPE identification, and risk assessment and response strategy formulation. The information collection method involves gathering publicly available external threat intelligence and normalizing it for storage in a CTI integrated database. Additionally, a rule-based mapping algorithm is utilized to derive risk levels and response strategies based on key information such as CVE, CPE, CVSS, and TTP. As a result, the automated system proposed in this paper demonstrates the capability to analyze approximately 2,300 reports within one hour and achieve a high detection accuracy of 99.74%.

Statistics
Cite this article