Various researches are underway to respond to cybersecurity threats. Research on security threat modeling focuses on the definition and classification of security threats. Through security threat modeling, security threats can be accurately identified and classified, and security threat analysis can be performed more efficiently. Most of the security threat modeling currently developed identifies threats from a high-level perspective (eg, Denial of Service, Repudiation, Information disclosure etc). However, there are various techniques for generating each threat. Various techniques can be applied even if only the technology for intruding and infecting malware for generating a threat of Denial of Service is seen. As described above, from a high-level perspective, even if a security threat is identified, if a countermeasure is not actually prepared, more detailed information can be requested as a developer or an analyst.
Therefore, this paper proposes a model for analyzing security threats in detail. The proposed model categorized the threat techniques that could be included into 7 categories. As a result, the procedure for continuously operating the analysis model of security threats and its effect are shown. The analysis modeling of this paper can be used to understand the trends and current status of security threats that are occurring, which can be useful for preparing countermeasures. I also presented a method that can be used to generate and verify test cases for Penetration Test.