|
RansomSOC: A More Effective Security Operations Center to
Detect and Respond to Ransomware Attacks Yousik Lee1 and
Samuel Woo2+
1ESCRYPT GmbH, Gyeonggi-do
13494, South Korea 2Dankook University, Gyeonggi-do
16890, South Korea Abstract As modern vehicles converge with
information and communication technology (ICT), an increasing number of
software packages are being installed in vehicles. The software can generate
an audit log whenever an event occurs, and by using this, the condition of
the vehicle can be understood easily. However, vehicle forensics is not well
established in the automotive industry. In particular, it is difficult to
properly understand the situation at the time of a crime using a vehicle or a
traffic accident. Vehicles are obliged to be equipped with events and data
recorders (EDRs) to infer certain situations, but there can be difficulties
in interpreting data when the vehicle does not use a standard[1]ized protocol, or to the method of acquisition
of data in non-canonical situations has not yet been systematically
processed. In this study, we have proposed a systematic data acquisition and
analysis method for the EDR. We demonstrated the efficiency of our proposed
method through experiments on mass-production vehicles. Keywords: Vehicle forensics, Automotive forensics, Event
Data Recorder (EDR), +: Corresponding author: Samuel Woo Journal of Internet Services and
Information Security (JISIS), 12(3): 76-86, August 2022 |