Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats

2013 European Intelligence and Security Informatics Conference Pub Date : 2013-08-12 DOI:10.1109/EISIC.2013.37

J. Sigholm, Martin Bang

{"title":"Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats","authors":"J. Sigholm, Martin Bang","doi":"10.1109/EISIC.2013.37","DOIUrl":null,"url":null,"abstract":"Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 European Intelligence and Security Informatics Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EISIC.2013.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

迈向进攻性网络反情报:采用以目标为中心的高级持续威胁观点

尽管目前使用的传统网络防御策略对于缓解广泛的常见威胁是必要的，但它们并不适合于防范具有高级系统利用技术和现有但尚未发现的软件漏洞知识的持久对抗者。应对这些对手造成的威胁需要一个快速和进攻性的网络反情报(CCI)过程，以及更有效的组织间信息交换。本文提出了一个基于数据挖掘、异常检测和广泛共享网络威胁数据的技术工具和技术的进攻性CCI框架。该框架被置于军事情报的独特背景下，以实现未来CCI的整体，进攻性和以目标为中心的观点。所提供的主要贡献是:(i)弥合CCI中涉及的各种行动者之间差距的综合流程，(ii)支持检测和识别网络间谍活动引起的数据泄漏的应用技术架构，以及(iii)推断出的情报界要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2013 European Intelligence and Security Informatics Conference

自引率

0.00%

发文量