US 12,452,295 B1
Ai multi-domain integrated system and method for automatic generation of cyber crisis scenario
Seo Yeon Kim, Naju-si (KR); Joon Hyung Lim, Naju-si (KR); Dong Hwan Oh, Naju-si (KR); Tae Eun Kim, Naju-si (KR); Sae Woom Lee, Naju-si (KR); Seul Ki Choi, Naju-si (KR); and Tae Hyeon Kim, Naju-si (KR)
Assigned to KOREA INTERNET & SECURITY AGENCY, Naju-si (KR)
Filed by KOREA INTERNET & SECURITY AGENCY, Naju-si (KR)
Filed on Apr. 18, 2025, as Appl. No. 19/183,089.
Claims priority of application No. 10-2025-0021397 (KR), filed on Feb. 19, 2025.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1441 (2013.01) 17 Claims
OG exemplary drawing
 
1. A method for automatically generating a cyber crisis scenario, performed by a computing system, the method comprising:
classifying types of content included in a cyber crisis report and extracting image data and text data from the cyber crisis report;
inputting the image data into an image processing model and extracting attack procedure/behavior information included in the image data using an analysis result of the image data obtained from the image processing model;
inputting the text data into a text processing model and generating structured attack procedure-related data from each attack procedure included in the text data using an analysis result of the text data obtained from the text processing model;
generating threat behavior data corresponding to the attack procedure-related data using unique identification information of Tactics, Techniques, and Procedures (TTPs) defined in the MITRE ATT&CK framework, and merging the threat behavior data with the attack procedure-related data;
matching the attack procedure-related data to the attack procedure/behavior information and generating a cyber crisis scenario template; and
automatically generating a cyber crisis scenario by combining the cyber crisis scenario template with execution elements corresponding to the threat behavior data included in the cyber crisis scenario template.