º¸¾È Á¦Ç°Á¤º¸
Ú¸ »çÀ̹öÀ§Çù Á¤º¸°øÀ¯ ±Ô°Ý °³Á¤¾È ¹ßÇ¥ | 2014.08.05 | ||
»çÀ̹öÀ§Çù Á¤º¸°øÀ¯ ±Ô°Ý STIX/TAXIIÀÇ ¾÷µ¥ÀÌÆ® ¹öÀü ¹ßÇ¥ [º¸¾È´º½º ¹Î¼¼¾Æ] Ú¸ ±¹Åä¾Èº¸ºÎ´Â(DHS) MITRE¸¦ ÅëÇØ »çÀ̹öÀ§Çù Á¤º¸°øÀ¯ ±Ô°ÝÀÎ STIX/TAXIIÀÇ ¾÷µ¥ÀÌÆ® ¹öÀüÀ» ¹ßÇ¥Çß´Ù. MITRE´Â Áö³ 5¿ù »çÀ̹öÀ§Çù Á¤º¸Ç¥Çö ±Ô°ÝÀÎ STIX¸¦ ±âÁ¸ ¹öÀü 1.0.1¿¡¼ ÇöÀç ¹öÀü 1.1À¸·Î 1³â¿© ¸¸¿¡ ¾÷µ¥ÀÌÆ®ÇßÀ¸¸ç, 7¿ù¿¡´Â Ú¸ »çÀ̹öÀ§Çù Á¤º¸Àü¼Û ±Ô°ÝÀÎ TAXII ¼öÁ¤º»À» ¹ßÇ¥Çß´Ù. À̹ø ¾÷µ¥ÀÌÆ®¿¡¼´Â TAXIIÀÇ XML ¸Þ½ÃÁö Á¤º¸ Àü¼ÛÀ» À§ÇÑ ¹ÙÀεù ºÎºÐÀ» Æ÷ÇÔÇÑ 2°¡Áö ¹ÙÀεù ½ºÆå ¿À·ù¸¦ ¼öÁ¤ÇÏ°í, STIXÀÇ 8°³ ÁÖ¿ä ±¸¼º¿ä¼Òµé¿¡ ÀÏ°ýÀûÀ¸·Î À̸§(Title), ¼³¸í(Description), ¿ä¾à¼³¸í(Short Description) ¼Ó¼ºÀ» Ãß°¡ÇØ ÅëÀϼºÀ» ºÎ¿©ÇÏ°í ±¸¼º¿ä¼Ò ÆľÇÀÇ ÀÌÇصµ¸¦ ³ô¿´´Ù.
¡ãSTIXÀÇ 8°³ ÁÖ¿ä ±¸¼º¿ä¼Ò°£ÀÇ °ü°èµµ ¶ÇÇÑ, STIXÀÇ 8°³ ÁÖ¿ä ±¸¼º¿ä¼Òµé Áß °ø°Ý±â¹ý °ü·Ã ±¸Á¶Ã¼ÀÎ TTP(Tactics, Techniques and Procedure)¿¡ ½Äº°ÀÚ °ü·Ã(id ¹× idref) Á¤º¸ÀÇ ºÎ¿©°¡ ÇÊ¿äÇÑ Ç׸ñÀÌ ÀÖÀ½À» ÀνÄÇÏ°í ½Äº°ÀÚ¸¦ ºÎ¿©Çß´Ù. ÀÌ¿Í ÇÔ²² STIXÀÇ 8°³ ÁÖ¿ä ±¸¼º¿ä¼Òµé Áß °ø°ÝÀÚ °ü·Ã ±¸Á¶Ã¼ÀÎ Threatr Actor¿¡ °ø°ÝÀÚÀÇ Á¤±³ÇÔÀ» Ç¥ÇöÇϱâ À§ÇØ sophistication ¼Ó¼ºÀ» Ãß°¡ÇßÀ¸¸ç, ¿øº»¹®¼¸¦ ±× ¿ªÇÒ µî¿¡ µû¶ó º¼ ¼ö ÀÖµµ·Ï Á¤º¸Ãâó ¼Ó¼ºÀ» °³¼±Çß´Ù. [Ãâó] 1. https://taxii.mitre.org/specifications/version1.1/ 2. http://stix.mitre.org/about/documents/STIX_Whitepaper_v1.1.pdf 3. http://stix.mitre.org/language/version1.1/ 4. http://stix.mitre.org/language/version1.1/xsddocs/XMLSchema/ttp/1.1/ttp.html 5. http://stix.mitre.org/language/version1.1/STIX_1.1_Release_Notes.pdf 6.http://stix.mitre.org/language/version1.1/xsddocs/XMLSchema/threat_actor/1.1/threat_actor.html [¿ë¾î¼³¸í] MITRE : ¹Ì ¿¬¹æÁ¤ºÎÀÇ Áö¿øÇÏ¿¡ R&D»ç¾÷À» ÆîÄ¡´Â ºñ¿µ¸®´Üü STIX(The Structured Threat Information eXpression) : »çÀ̹öÀ§Çù Á¤º¸Ç¥Çö ±Ô°Ý TAXII(Trusted Automated eXchange of Indicator Information) : »çÀ̹öÀ§Çù Á¤º¸Àü¼Û ±Ô°Ý °ü·Ã TTP ¼Ó¼º : °ø°ÝÆÐÅÏ(Attack Patterns) ¹× ¾Ç¼ºÄÚµå(Malware), ¾Ç¼ºÇàÀ§(Exploits), °ø°Ý±â¹Ý (Infrastructure) ¡æ ¿¹¸¦ µé¸é, Attack PatternsÀº ½Äº°ÀÚ¸¦ ºÎ¿©¹ÞÀº ´ÜÀ§ Attack PatternÀÇ Á¶ÇÕµé·Î ±¸¼º. À̸¦ ÅëÇØ ÀÚÄ© ºÐ¼®°¡º°·Î ´Ù¾çÇÏ°Ô ±â¼úµÉ ¼ö ÀÖ¾ú´ø °ø°Ý±â¹ý¿¡ ´ëÇÑ ÀÛ¼ºÀÌ ·¹°íó·³ ±Ô°ÝÈµÈ ´ÜÀ§Á¤º¸µéÀÇ Á¶ÇÕÀ¸·Î ±¸¼ºÀÌ °¡´ÉÇÏ°Ô µÈ´Ù.
|
|||