{"title":"使用指标的安全性和完整性分析","authors":"S. Hassan, R. Guha","doi":"10.1109/CyberSecurity.2012.23","DOIUrl":null,"url":null,"abstract":"Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP.","PeriodicalId":162858,"journal":{"name":"2012 International Conference on Cyber Security","volume":"129 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Security and Integrity Analysis Using Indicators\",\"authors\":\"S. Hassan, R. Guha\",\"doi\":\"10.1109/CyberSecurity.2012.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP.\",\"PeriodicalId\":162858,\"journal\":{\"name\":\"2012 International Conference on Cyber Security\",\"volume\":\"129 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 International Conference on Cyber Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSecurity.2012.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecurity.2012.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
