Pub Date : 2016-10-24DOI: 10.1109/cyconus.2016.7836618
Amanda Joyce, Nathaniel Evans
{"title":"International cyber incident repository system: information sharing on a global scale","authors":"Amanda Joyce, Nathaniel Evans","doi":"10.1109/cyconus.2016.7836618","DOIUrl":"https://doi.org/10.1109/cyconus.2016.7836618","url":null,"abstract":"","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"604 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130335276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836616
J. Dykstra, S. R. Orr
Researchers have shown that human decision making in complex environments like cyber is a significant risk factor. Unfortunately, much work on cyber situational awareness has been technology-focused, despite the ultimate importance of human decisions, especially in crisis situations like real-time cyber-attacks and data breaches. Cybersecurity practitioners and leaders require an appropriate framework to help decision makers at all levels guide and act while managing risk in unexpected and dynamic situations. Without such a framework, failure to enlighten the unknown leads to heightened risk, uncertainty, and insecurity. The ability to establish context, adapt, and apply the most appropriate decision-making style to unique situations increases the likelihood of security. We offer an application of the Cynefin Framework, a sensemaking solution, to cybersecurity which allows practitioners and leaders to identify the context and appropriate response type in complex situations using the cause-and-effect relationship. We also illustrate how orienting oneself in the five Cynefin domains – disorder, obvious, complicated, complex, and chaotic – can help manage risk. By comparing Cynefin to other decision-making frameworks, we show how this framework is uniquely appropriate for acting through complexity and risk in cyber.
{"title":"Acting in the unknown: the cynefin framework for managing cybersecurity risk in dynamic decision making","authors":"J. Dykstra, S. R. Orr","doi":"10.1109/CYCONUS.2016.7836616","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836616","url":null,"abstract":"Researchers have shown that human decision making in complex environments like cyber is a significant risk factor. Unfortunately, much work on cyber situational awareness has been technology-focused, despite the ultimate importance of human decisions, especially in crisis situations like real-time cyber-attacks and data breaches. Cybersecurity practitioners and leaders require an appropriate framework to help decision makers at all levels guide and act while managing risk in unexpected and dynamic situations. Without such a framework, failure to enlighten the unknown leads to heightened risk, uncertainty, and insecurity. The ability to establish context, adapt, and apply the most appropriate decision-making style to unique situations increases the likelihood of security. We offer an application of the Cynefin Framework, a sensemaking solution, to cybersecurity which allows practitioners and leaders to identify the context and appropriate response type in complex situations using the cause-and-effect relationship. We also illustrate how orienting oneself in the five Cynefin domains – disorder, obvious, complicated, complex, and chaotic – can help manage risk. By comparing Cynefin to other decision-making frameworks, we show how this framework is uniquely appropriate for acting through complexity and risk in cyber.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114747247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836625
Anna Rotondo
Cyber activities, particularly those of a cross-border nature, have not yet been subjected to international regulation despite the fact that cyberspace has become a strategic domain for all States. This lack puts at risk the efficacy of national defence strategies inasmuch as the decision maker remains inactive because assailed by the so-called response crises. That is the dilemma arising from the doubt that in case of a cyber threat, or cyber attack, any operative choice may lead to a violation of international law. In this scenario States are obliged to reconsider new defence strategies and theories of deterrence such as that of deterrence by denial, which is primarily based on the concept of resilience in order to reassure service continuity in the aftermath of destructive events, especially when they are unpredictable. In the silence of international law active defense strategies seem to be a sustainable legal-functional solution for the targeted State which does not wish to remain defenseless, but only if these strategies do not reach the threshold of unlawful conducts. However the reaction against in coming cyber attacks remains a tangled problem for the targeted State because if on the one hand the customary international law on direct responsibility is almost never applied, on the other hand the discipline of indirect responsibility doesn’t give any contribution to the decision maker who has to choose for a prompt option of reaction.
{"title":"Countering cyber threats: answers from international law","authors":"Anna Rotondo","doi":"10.1109/CYCONUS.2016.7836625","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836625","url":null,"abstract":"Cyber activities, particularly those of a cross-border nature, have not yet been subjected to international regulation despite the fact that cyberspace has become a strategic domain for all States. This lack puts at risk the efficacy of national defence strategies inasmuch as the decision maker remains inactive because assailed by the so-called response crises. That is the dilemma arising from the doubt that in case of a cyber threat, or cyber attack, any operative choice may lead to a violation of international law. In this scenario States are obliged to reconsider new defence strategies and theories of deterrence such as that of deterrence by denial, which is primarily based on the concept of resilience in order to reassure service continuity in the aftermath of destructive events, especially when they are unpredictable. In the silence of international law active defense strategies seem to be a sustainable legal-functional solution for the targeted State which does not wish to remain defenseless, but only if these strategies do not reach the threshold of unlawful conducts. However the reaction against in coming cyber attacks remains a tangled problem for the targeted State because if on the one hand the customary international law on direct responsibility is almost never applied, on the other hand the discipline of indirect responsibility doesn’t give any contribution to the decision maker who has to choose for a prompt option of reaction.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117183162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836614
Bruce D. Caulkins, Karla A. Badillo-Urquiola, Patricia S. Bockelman, Rebecca A. Leis
This paper contributes to the ongoing efforts in the cybersecurity community to strengthen cyber workforce development by providing an overview of key gaps and proposing practical education strategies. Leveraging documented incidents from defense, industry, and academia and the rest of the United States government, we identify emerging cyber-education opportunities highlighting human-centric elements using a gap analysis approach. We closely examine the National Initiative for Cybersecurity Education’s (NICE) National Cybersecurity Workforce Framework (NCWF) as well as the Department of Homeland Security’s (DHS) National Initiative for Cybersecurity Careers and Studies (NICCS) educational framework. These documents provide a foundation for current and future research with cybersecurity workforce development. Next, the paper outlines a pilot education program launched at the University of Central Florida (UCF), designed to address the unique challenges of the human dimension in cybersecurity. The purpose of highlighting this pilot program is to provide an example of human-centric cyber-educational curriculum. The present paper offers a launching point for further discussion about the human side of cybersecurity, closing with considerations of the “lessons learned” from early responses to the UCF program from the program’s inaugural student cohort.
{"title":"Cyber workforce development using a behavioral cybersecurity paradigm","authors":"Bruce D. Caulkins, Karla A. Badillo-Urquiola, Patricia S. Bockelman, Rebecca A. Leis","doi":"10.1109/CYCONUS.2016.7836614","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836614","url":null,"abstract":"This paper contributes to the ongoing efforts in the cybersecurity community to strengthen cyber workforce development by providing an overview of key gaps and proposing practical education strategies. Leveraging documented incidents from defense, industry, and academia and the rest of the United States government, we identify emerging cyber-education opportunities highlighting human-centric elements using a gap analysis approach. We closely examine the National Initiative for Cybersecurity Education’s (NICE) National Cybersecurity Workforce Framework (NCWF) as well as the Department of Homeland Security’s (DHS) National Initiative for Cybersecurity Careers and Studies (NICCS) educational framework. These documents provide a foundation for current and future research with cybersecurity workforce development. Next, the paper outlines a pilot education program launched at the University of Central Florida (UCF), designed to address the unique challenges of the human dimension in cybersecurity. The purpose of highlighting this pilot program is to provide an example of human-centric cyber-educational curriculum. The present paper offers a launching point for further discussion about the human side of cybersecurity, closing with considerations of the “lessons learned” from early responses to the UCF program from the program’s inaugural student cohort.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128943785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836609
Siim Alatalu
Cyber has been on NATO’s agenda since 2002, with clear mandates and taskings from Summits and Ministerials on how to develop its capacity in the area. Yet, despite an increasingly cyber-dependent world and visible progress on the Alliance’s civilian side, NATO has had no visible track record on how this change in the way the world does business has had an impact on its key military structure and enabler for collective defence - the NATO Command Structure (NCS). At their July 2016 Summit in Warsaw the NATO Heads of State and Government declared cyber to become an operational domain for the Alliance. The paper argues that in order to cope with the new situation and to deliver on the commitment NATO needs to consider establishing a Cyber Command within the NCS. This is a matter of urgency especially as within the new domain the Alliance will need to face an increasingly challenging cyber threat landscape. In addition, it will also need to live up to its current Strategic Concept by addressing all the three core areas – collective defence, crisis management and cooperative security – in cyber. Last but not least, it would play an increasing role for the Alliance in terms of its deterrence posture.
{"title":"NATO’s new cyber domain challenge","authors":"Siim Alatalu","doi":"10.1109/CYCONUS.2016.7836609","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836609","url":null,"abstract":"Cyber has been on NATO’s agenda since 2002, with clear mandates and taskings from Summits and Ministerials on how to develop its capacity in the area. Yet, despite an increasingly cyber-dependent world and visible progress on the Alliance’s civilian side, NATO has had no visible track record on how this change in the way the world does business has had an impact on its key military structure and enabler for collective defence - the NATO Command Structure (NCS). At their July 2016 Summit in Warsaw the NATO Heads of State and Government declared cyber to become an operational domain for the Alliance. The paper argues that in order to cope with the new situation and to deliver on the commitment NATO needs to consider establishing a Cyber Command within the NCS. This is a matter of urgency especially as within the new domain the Alliance will need to face an increasingly challenging cyber threat landscape. In addition, it will also need to live up to its current Strategic Concept by addressing all the three core areas – collective defence, crisis management and cooperative security – in cyber. Last but not least, it would play an increasing role for the Alliance in terms of its deterrence posture.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127590445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836630
Panayotis A. Yannakogeorgos, Eneken Tikk
Our re-reinterpretation of Stuxnet to connect the dot between geopolitics and technology tell a different story with a secondary set of lessons. We believe Stuxnet deserves a broader legal and political analysis for the purposes of critical thinking about how cyberspace is used to achieve international security objectives from legal and political angles. In particular, we seek to address a gap in the literature, asking whether the worm was authorized under article 41 of the UN charter as a sanctions enforcement tool through an interpretation of UNSC resolutions and related documents of the International Atomic Energy Agency (IAEA). If such authorization exists (and we believe it might), Stuxnet would qualify as a lawful action under international law, targeting Iran’s nuclear equipment and software pursuant to international sanctions.
{"title":"Stuxnet as cyber-enabled sanctions enforcement","authors":"Panayotis A. Yannakogeorgos, Eneken Tikk","doi":"10.1109/CYCONUS.2016.7836630","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836630","url":null,"abstract":"Our re-reinterpretation of Stuxnet to connect the dot between geopolitics and technology tell a different story with a secondary set of lessons. We believe Stuxnet deserves a broader legal and political analysis for the purposes of critical thinking about how cyberspace is used to achieve international security objectives from legal and political angles. In particular, we seek to address a gap in the literature, asking whether the worm was authorized under article 41 of the UN charter as a sanctions enforcement tool through an interpretation of UNSC resolutions and related documents of the International Atomic Energy Agency (IAEA). If such authorization exists (and we believe it might), Stuxnet would qualify as a lawful action under international law, targeting Iran’s nuclear equipment and software pursuant to international sanctions.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126636940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836623
Brian M. Mazanec, Patricia Shamai
This paper addresses the question of whether a stigma associated with cyber warfare could ever emerge. It examines whether there would be enough of a mass ‘reaction’ to the prospect of cyber warfare and would this then promote an international response and international consensus towards the control and proscription of cyber weapons? The authors unpack the norms associated with cyber warfare and relate these to research addressing the development of the stigmatization of WMD. Comparing the WMD threat with that of cyber warfare, we argue that at present while cyber warfare is characterized as unique, a stigma does not exist towards the threat of cyber warfare. This is because the cyber threat is secretive, diffuse and lacks a clear definition. Cyber threats range in scale, effect and lack an association with “mass destruction”. For these reasons it has been difficult to gather international consensus to constrain cyber threats. We argue that cyber norms do matter and greater attention needs to be paid to ways in which a stigma fostering these norms can develop. We offer some suggestions and stress that further knowledge and understanding of this subject can enhance academic and policy insight to address cyber warfare threats within the context of changing world politics.
{"title":"Stigmatizing cyber war: mission impossible?","authors":"Brian M. Mazanec, Patricia Shamai","doi":"10.1109/CYCONUS.2016.7836623","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836623","url":null,"abstract":"This paper addresses the question of whether a stigma associated with cyber warfare could ever emerge. It examines whether there would be enough of a mass ‘reaction’ to the prospect of cyber warfare and would this then promote an international response and international consensus towards the control and proscription of cyber weapons? The authors unpack the norms associated with cyber warfare and relate these to research addressing the development of the stigmatization of WMD. Comparing the WMD threat with that of cyber warfare, we argue that at present while cyber warfare is characterized as unique, a stigma does not exist towards the threat of cyber warfare. This is because the cyber threat is secretive, diffuse and lacks a clear definition. Cyber threats range in scale, effect and lack an association with “mass destruction”. For these reasons it has been difficult to gather international consensus to constrain cyber threats. We argue that cyber norms do matter and greater attention needs to be paid to ways in which a stigma fostering these norms can develop. We offer some suggestions and stress that further knowledge and understanding of this subject can enhance academic and policy insight to address cyber warfare threats within the context of changing world politics.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131031291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836619
Elsa B. Kania
The advent of the cyber domain has introduced a new dimension into warfare and complicated existing strategic concepts, provoking divergent responses within different national contexts and strategic cultures. Although current theories regarding cyber deterrence remain relatively nascent, a comparison of U.S. and Chinese strategic thinking highlights notable asymmetries between their respective approaches. While U.S. debates on cyber deterrence have primarily focused on the deterrence of cyber threats, Chinese theorists have also emphasized the potential importance of cyber capabilities to enhance strategic deterrence. Whereas the U.S. government has maintained a consistent declaratory policy for response, Beijing has yet to progress toward transparency regarding its cyber strategy or capabilities. However, certain PLA strategists, informed by a conceptualization of deterrence as integrated with warfighting, have advocated for the actualization of deterrence through engaging in cyber attacks. Regardless of whether these major cyber powers' evolving strategic thinking on cyber deterrence will prove logically consistent or feasibly operational, their respective perspectives will certainly shape their attempts to achieve cyber deterrence. Ultimately, cyber deterrence may continue to be "what states make of it," given conditions of "cyber anarchy" and prevailing uncertainties regarding cyber conflict. Looking forward, future strategic stability in Sino-U.S. cyber interactions will require mitigation of the misperceptions and heightened risks of escalation that could be exacerbated by these divergent strategic approaches.
{"title":"Cyber deterrence in times of cyber anarchy - evaluating the divergences in U.S. and Chinese strategic thinking","authors":"Elsa B. Kania","doi":"10.1109/CYCONUS.2016.7836619","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836619","url":null,"abstract":"The advent of the cyber domain has introduced a new dimension into warfare and complicated existing strategic concepts, provoking divergent responses within different national contexts and strategic cultures. Although current theories regarding cyber deterrence remain relatively nascent, a comparison of U.S. and Chinese strategic thinking highlights notable asymmetries between their respective approaches. While U.S. debates on cyber deterrence have primarily focused on the deterrence of cyber threats, Chinese theorists have also emphasized the potential importance of cyber capabilities to enhance strategic deterrence. Whereas the U.S. government has maintained a consistent declaratory policy for response, Beijing has yet to progress toward transparency regarding its cyber strategy or capabilities. However, certain PLA strategists, informed by a conceptualization of deterrence as integrated with warfighting, have advocated for the actualization of deterrence through engaging in cyber attacks. Regardless of whether these major cyber powers' evolving strategic thinking on cyber deterrence will prove logically consistent or feasibly operational, their respective perspectives will certainly shape their attempts to achieve cyber deterrence. Ultimately, cyber deterrence may continue to be \"what states make of it,\" given conditions of \"cyber anarchy\" and prevailing uncertainties regarding cyber conflict. Looking forward, future strategic stability in Sino-U.S. cyber interactions will require mitigation of the misperceptions and heightened risks of escalation that could be exacerbated by these divergent strategic approaches.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134188292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836628
A. Cattaruzza, Didier Danet, Stéphane Taillat, A. Laudrain
Inherently linked to States’ sovereignty and its relationship with third-party stakeholders, the governance of cyberspace has become a subject of great debate and controversies. One of the most prominent of them -the dominance of the United States as an hegemon- has raised concerns and triggered diverging reactions within the international community. Looking at recent events such as the invalidation of the Safe Harbor Agreement through the lenses of the balance of power, we found that the reassertion of States in cyberspace is dependent on the political significance given to cyberspace as both a transnational realm and an American-dominated space. If most States have adopted a balancing policy vis-à-vis the US by means of either critical cooperation (EU, France) or what could be described as a form of containment (Russia, China), some others pursue free-riding policies (Ireland, Luxembourg), causing regional struggles. We suggest that, given this fragmentation of the Web, regulation of cyberspace would be best served through a multilateral mode of governance which could enhance collective security.
{"title":"Sovereignty in cyberspace: Balkanization or democratization","authors":"A. Cattaruzza, Didier Danet, Stéphane Taillat, A. Laudrain","doi":"10.1109/CYCONUS.2016.7836628","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836628","url":null,"abstract":"Inherently linked to States’ sovereignty and its relationship with third-party stakeholders, the governance of cyberspace has become a subject of great debate and controversies. One of the most prominent of them -the dominance of the United States as an hegemon- has raised concerns and triggered diverging reactions within the international community. Looking at recent events such as the invalidation of the Safe Harbor Agreement through the lenses of the balance of power, we found that the reassertion of States in cyberspace is dependent on the political significance given to cyberspace as both a transnational realm and an American-dominated space. If most States have adopted a balancing policy vis-à-vis the US by means of either critical cooperation (EU, France) or what could be described as a form of containment (Russia, China), some others pursue free-riding policies (Ireland, Luxembourg), causing regional struggles. We suggest that, given this fragmentation of the Web, regulation of cyberspace would be best served through a multilateral mode of governance which could enhance collective security.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"518 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116241790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-01DOI: 10.1109/CYCONUS.2016.7836624
J. D. Mireles, Jin-Hee Cho, Shouhuai Xu
Parsing through large amounts of network traffic to extract attack signatures is a complex and time consuming process. It is an even harder process to piece together those signatures to formulate an attack narrative. An attack narrative can be defined as the set of attack signatures, that when combined provides an overview of the attack and the attacker themselves. In this paper, we propose a framework for extracting attack narratives from traffic datasets. Within this framework, we propose the re-examination of packet grepping for attack signatures in network traffic as a viable, fast, and effective means to extract attack narratives from large amounts of network traffic. By combining attack signature packet grepping with Mandiant’s Attack Lifecycle Model, we increase the effectiveness of packet grepping and create a methodology that is simple and powerful for constructing attack narratives. In order to show the effectiveness of the framework, we conduct a case study by using the 2015 National Collegiate Cyber Defense Competition (NCCDC) network traffic. Our preliminary results show that the framework is promising.
{"title":"Extracting attack narratives from traffic datasets","authors":"J. D. Mireles, Jin-Hee Cho, Shouhuai Xu","doi":"10.1109/CYCONUS.2016.7836624","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836624","url":null,"abstract":"Parsing through large amounts of network traffic to extract attack signatures is a complex and time consuming process. It is an even harder process to piece together those signatures to formulate an attack narrative. An attack narrative can be defined as the set of attack signatures, that when combined provides an overview of the attack and the attacker themselves. In this paper, we propose a framework for extracting attack narratives from traffic datasets. Within this framework, we propose the re-examination of packet grepping for attack signatures in network traffic as a viable, fast, and effective means to extract attack narratives from large amounts of network traffic. By combining attack signature packet grepping with Mandiant’s Attack Lifecycle Model, we increase the effectiveness of packet grepping and create a methodology that is simple and powerful for constructing attack narratives. In order to show the effectiveness of the framework, we conduct a case study by using the 2015 National Collegiate Cyber Defense Competition (NCCDC) network traffic. Our preliminary results show that the framework is promising.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"173 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133873194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: