Estimating Risk Boundaries for Persistent and Stealthy Cyber-Attacks

Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense Pub Date : 2015-10-12 DOI:10.1145/2809826.2809830

M. S. Awan, P. Burnap, O. Rana

{"title":"Estimating Risk Boundaries for Persistent and Stealthy Cyber-Attacks","authors":"M. S. Awan, P. Burnap, O. Rana","doi":"10.1145/2809826.2809830","DOIUrl":null,"url":null,"abstract":"Increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made network infrastructure more vulnerable to security breaches. Moreover, cyber-attacks involving advanced evasion techniques often bypass security controls, and even if detected at a later time could still remain in the system for a long time without any monitorable trace. Such types of cyber-attacks are costing billions of dollars to the organizations across the globe. This dynamic and complex threat landscape demands a network administrator to understand the nature, patterns and risks of cyber-attacks targeting the network infrastructure so that appropriate measures could be introduced. In this paper we propose: (i) a framework to formally characterize the features of such advanced persistent threats, (ii) propose a security metric to calculate risk based on characteristics of such threats, and (iii) estimate risk boundaries for persistent and stealthy cyber-attacks. We validate and analyze the application of our proposed risk framework using real-world traffic logs acquired from an Intrusion Detection/Prevention System.","PeriodicalId":303467,"journal":{"name":"Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2809826.2809830","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Increasingly mature, stealthy and dynamic techniques and attack vectors used by cyber criminals have made network infrastructure more vulnerable to security breaches. Moreover, cyber-attacks involving advanced evasion techniques often bypass security controls, and even if detected at a later time could still remain in the system for a long time without any monitorable trace. Such types of cyber-attacks are costing billions of dollars to the organizations across the globe. This dynamic and complex threat landscape demands a network administrator to understand the nature, patterns and risks of cyber-attacks targeting the network infrastructure so that appropriate measures could be introduced. In this paper we propose: (i) a framework to formally characterize the features of such advanced persistent threats, (ii) propose a security metric to calculate risk based on characteristics of such threats, and (iii) estimate risk boundaries for persistent and stealthy cyber-attacks. We validate and analyze the application of our proposed risk framework using real-world traffic logs acquired from an Intrusion Detection/Prevention System.

查看原文本刊更多论文

评估持续和隐形网络攻击的风险边界

网络犯罪分子使用的越来越成熟、隐蔽和动态的技术和攻击媒介，使网络基础设施更容易受到安全漏洞的攻击。此外，涉及先进规避技术的网络攻击通常会绕过安全控制，即使后来被发现，也可能在系统中停留很长时间而没有任何可监测的痕迹。这种类型的网络攻击给全球的组织造成了数十亿美元的损失。这种动态和复杂的威胁环境要求网络管理员了解以网络基础设施为目标的网络攻击的性质、模式和风险，以便引入适当的措施。在本文中，我们提出:(i)正式表征此类高级持续威胁特征的框架，(ii)提出基于此类威胁特征计算风险的安全度量，以及(iii)估计持续和隐形网络攻击的风险边界。我们使用从入侵检测/防御系统获得的真实流量日志来验证和分析我们提出的风险框架的应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense

自引率

0.00%

发文量