利用CTI数据了解真实世界的网络攻击

Mauro Allegretta, G. Siracusano, Roberto González, Pelayo Vallina, M. Gramaglia
{"title":"利用CTI数据了解真实世界的网络攻击","authors":"Mauro Allegretta, G. Siracusano, Roberto González, Pelayo Vallina, M. Gramaglia","doi":"10.23919/WONS57325.2023.10061921","DOIUrl":null,"url":null,"abstract":"The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.","PeriodicalId":380263,"journal":{"name":"2023 18th Wireless On-Demand Network Systems and Services Conference (WONS)","volume":"103 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Using CTI Data to Understand Real World Cyberattacks\",\"authors\":\"Mauro Allegretta, G. Siracusano, Roberto González, Pelayo Vallina, M. Gramaglia\",\"doi\":\"10.23919/WONS57325.2023.10061921\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.\",\"PeriodicalId\":380263,\"journal\":{\"name\":\"2023 18th Wireless On-Demand Network Systems and Services Conference (WONS)\",\"volume\":\"103 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 18th Wireless On-Demand Network Systems and Services Conference (WONS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/WONS57325.2023.10061921\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 18th Wireless On-Demand Network Systems and Services Conference (WONS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/WONS57325.2023.10061921","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

网络威胁情报(CTI)数据的取证分析对于企业和企业了解网络安全系统中可能出现的问题至关重要。此外,网络犯罪分子使用的技术的快速发展需要多个合作伙伴之间的合作,以提供有效的安全机制。STIX已成为以结构化格式共享CTI数据的工业标准,允许来自世界各地的实体交换信息,以扩大该领域的知识库。在这项工作中,我们阐明了合作伙伴之间共享的这些数据集中所包含的信息类型。我们分析了一个大型真实世界的STIX数据集,并确定了CTI数据报告的趋势。然后,我们深入研究了数据集中发现的两种攻击模式:命令与控制和恶意软件下载。我们发现这些数据不仅对取证分析有用,而且可以用来提高对新攻击的保护。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Using CTI Data to Understand Real World Cyberattacks
The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信