A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies

2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2017-06-19 DOI:10.1109/CyberSA.2017.8073398

Aunshul Rege, Z. Obradovic, N. Asadi, B. Singer, Nicholas Masceri

{"title":"A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies","authors":"Aunshul Rege, Z. Obradovic, N. Asadi, B. Singer, Nicholas Masceri","doi":"10.1109/CyberSA.2017.8073398","DOIUrl":null,"url":null,"abstract":"Current approaches to cybersecurity are response-driven and ineffective as they do not account for adaptive adversarial behavior and dynamic decision-making. Using empirical evidence of observations done at the US Industrial Control Systems Computer Emergency Response Team's (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL), this paper identifies how adversaries carry out, and adapt during, cyberattacks. This paper employs a unique mixed methods approach of qualitative observations and quantitative data science to address three objectives: (i) providing a quantitative framework for temporal analysis of the cyberattack processes by creating a time series representation of the qualitative data, (ii) employing data science methods, such as hierarchical clustering analysis, on the generated time series data to complement and supplement our understanding of cyberattack processes, and (iii) understanding how adversaries adapt during the disruptions by defenders.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2017.8073398","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Current approaches to cybersecurity are response-driven and ineffective as they do not account for adaptive adversarial behavior and dynamic decision-making. Using empirical evidence of observations done at the US Industrial Control Systems Computer Emergency Response Team's (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL), this paper identifies how adversaries carry out, and adapt during, cyberattacks. This paper employs a unique mixed methods approach of qualitative observations and quantitative data science to address three objectives: (i) providing a quantitative framework for temporal analysis of the cyberattack processes by creating a time series representation of the qualitative data, (ii) employing data science methods, such as hierarchical clustering analysis, on the generated time series data to complement and supplement our understanding of cyberattack processes, and (iii) understanding how adversaries adapt during the disruptions by defenders.

查看原文本刊更多论文

使用多学科框架和方法的网络入侵链的时间评估

目前的网络安全方法是响应驱动的，无效的，因为它们没有考虑适应性对抗行为和动态决策。本文利用在爱达荷国家实验室(INL)举行的美国工业控制系统计算机应急响应小组(ICS-CERT)红队-蓝队网络安全培训演习中观察到的经验证据，确定了对手如何在网络攻击期间进行和适应。本文采用定性观察和定量数据科学的独特混合方法来解决三个目标:(i)通过创建定性数据的时间序列表示，为网络攻击过程的时间分析提供定量框架;(ii)在生成的时间序列数据上采用数据科学方法，如分层聚类分析，以补充和补充我们对网络攻击过程的理解;(iii)了解防御者在中断期间对手如何适应。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

自引率

0.00%

发文量