使用广泛的行为探针来面对横向运动

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) Pub Date : 2016-12-01 DOI:10.1109/ICITST.2016.7856688

Alessandro Greco, A. Caponi, G. Bianchi

{"title":"使用广泛的行为探针来面对横向运动","authors":"Alessandro Greco, A. Caponi, G. Bianchi","doi":"10.1109/ICITST.2016.7856688","DOIUrl":null,"url":null,"abstract":"The fast evolving nature and the growing complexity of modern offensive techniques used in Advanced Persistent Threats attacks calls for innovative approaches to defense techniques. Common network monitoring solutions fail in case of attacks able to remain silent and quietly control the network for long periods of time. Indeed, such type of attacks requires the deployment of security functionality able to recognize the so called lateral movements, exploited by the attackers to spread the infection inside the network. The implementation of a distributed monitoring infrastructure exploiting innovative detection approaches allows to overcome the lack of a single monitoring point and successfully detect complex behavior of lateral movements. In this paper we demonstrate how to effectively use eXtended Finite State Machine patterns to face a set of commonly used lateral movement techniques, including IP spoofing ones.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Facing lateral movements using widespread behavioral probes\",\"authors\":\"Alessandro Greco, A. Caponi, G. Bianchi\",\"doi\":\"10.1109/ICITST.2016.7856688\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The fast evolving nature and the growing complexity of modern offensive techniques used in Advanced Persistent Threats attacks calls for innovative approaches to defense techniques. Common network monitoring solutions fail in case of attacks able to remain silent and quietly control the network for long periods of time. Indeed, such type of attacks requires the deployment of security functionality able to recognize the so called lateral movements, exploited by the attackers to spread the infection inside the network. The implementation of a distributed monitoring infrastructure exploiting innovative detection approaches allows to overcome the lack of a single monitoring point and successfully detect complex behavior of lateral movements. In this paper we demonstrate how to effectively use eXtended Finite State Machine patterns to face a set of commonly used lateral movement techniques, including IP spoofing ones.\",\"PeriodicalId\":258740,\"journal\":{\"name\":\"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2016.7856688\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2016.7856688","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

高级持续威胁攻击中使用的现代攻击技术的快速发展性质和日益增长的复杂性要求创新的防御技术方法。常见的网络监控解决方案，在攻击发生后，能够保持静默，长时间地悄无声息地控制网络。事实上，这种类型的攻击需要部署能够识别所谓的横向移动的安全功能，攻击者利用横向移动在网络内传播感染。分布式监测基础设施的实施利用了创新的检测方法，克服了单个监测点的不足，成功地检测了横向运动的复杂行为。在本文中，我们演示了如何有效地使用扩展有限状态机模式来面对一组常用的横向移动技术，包括IP欺骗技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Facing lateral movements using widespread behavioral probes

The fast evolving nature and the growing complexity of modern offensive techniques used in Advanced Persistent Threats attacks calls for innovative approaches to defense techniques. Common network monitoring solutions fail in case of attacks able to remain silent and quietly control the network for long periods of time. Indeed, such type of attacks requires the deployment of security functionality able to recognize the so called lateral movements, exploited by the attackers to spread the infection inside the network. The implementation of a distributed monitoring infrastructure exploiting innovative detection approaches allows to overcome the lack of a single monitoring point and successfully detect complex behavior of lateral movements. In this paper we demonstrate how to effectively use eXtended Finite State Machine patterns to face a set of commonly used lateral movement techniques, including IP spoofing ones.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

自引率

0.00%

发文量