{"title":"迈向进攻性网络反情报:采用以目标为中心的高级持续威胁观点","authors":"J. Sigholm, Martin Bang","doi":"10.1109/EISIC.2013.37","DOIUrl":null,"url":null,"abstract":"Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats\",\"authors\":\"J. Sigholm, Martin Bang\",\"doi\":\"10.1109/EISIC.2013.37\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.\",\"PeriodicalId\":229195,\"journal\":{\"name\":\"2013 European Intelligence and Security Informatics Conference\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 European Intelligence and Security Informatics Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EISIC.2013.37\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 European Intelligence and Security Informatics Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EISIC.2013.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats
Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
