Security and Integrity Analysis Using Indicators

2012 International Conference on Cyber Security Pub Date : 2012-12-14 DOI:10.1109/CyberSecurity.2012.23

S. Hassan, R. Guha

{"title":"Security and Integrity Analysis Using Indicators","authors":"S. Hassan, R. Guha","doi":"10.1109/CyberSecurity.2012.23","DOIUrl":null,"url":null,"abstract":"Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP.","PeriodicalId":162858,"journal":{"name":"2012 International Conference on Cyber Security","volume":"129 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecurity.2012.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP.

查看原文本刊更多论文

使用指标的安全性和完整性分析

今天的计算机系统不断受到对手的攻击，他们正在寻找机会主义的方法来获取访问和泄露数据，造成破坏或混乱，或利用计算机为自己所用。无论动机是什么，这些攻击通常不只是针对一个设备，而是以某种方式相关的一系列计算机系统(例如银行系统)。能够理解攻击者的战术、技术或过程(TTP)，并在其他系统上重用这些知识，对于帮助检测攻击者的活动(他们可能在哪些地方进行了其他安全破坏)，以及帮助追赶和关闭攻击者，使其免受持续威胁至关重要。使用指标作为定义各种ttp组成部分的一种方式，可以作为帮助共享情报的工具。模拟演示了创建恶意软件二进制文件以执行https命令和控制(C2)的指示器生命周期。使用此模拟，可以演示在系统分析之后如何生成和定义指标，以及如何在搜索相同TTP的其他系统上使用这些指标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 International Conference on Cyber Security

自引率

0.00%

发文量