{"title":"早期针对性攻击防范","authors":"Chia-Mei Chen, Peng-Yu Yang, Ya-Hui Ou, H. Hsiao","doi":"10.1109/WAINA.2014.134","DOIUrl":null,"url":null,"abstract":"Targeted cyber attacks play a critical role in disrupting network infrastructure and information privacy. Based on the incident investigation, Intelligence gathering is the first phase of such attacks. To evade detection, hacker may make use of botnet, a set of zombie machines, to gain the access of a target and the zombies send the collected results back to the hacker. Even though the zombies would be blocked by detection system, the hacker, using the access information obtained from the botnet, would login the target from another machine without being noticed by the detection system. Such information gathering tactic can evade detection and the hacker grants the initial access to the target. The proposed defense system analyzes multiple logs from the network and extracts the reconnaissance attack sequences related to targeted attacks. State-based model is adopted to model the steps of the above early phase attack performed by multiple scouts and an intruder and such attack events in a long time frame becomes significant in the state-aware model. The results show that the proposed system can identify the attacks at the early stage efficiently to prevent further damage in the networks.","PeriodicalId":424903,"journal":{"name":"2014 28th International Conference on Advanced Information Networking and Applications Workshops","volume":"128 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Targeted Attack Prevention at Early Stage\",\"authors\":\"Chia-Mei Chen, Peng-Yu Yang, Ya-Hui Ou, H. Hsiao\",\"doi\":\"10.1109/WAINA.2014.134\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Targeted cyber attacks play a critical role in disrupting network infrastructure and information privacy. Based on the incident investigation, Intelligence gathering is the first phase of such attacks. To evade detection, hacker may make use of botnet, a set of zombie machines, to gain the access of a target and the zombies send the collected results back to the hacker. Even though the zombies would be blocked by detection system, the hacker, using the access information obtained from the botnet, would login the target from another machine without being noticed by the detection system. Such information gathering tactic can evade detection and the hacker grants the initial access to the target. The proposed defense system analyzes multiple logs from the network and extracts the reconnaissance attack sequences related to targeted attacks. State-based model is adopted to model the steps of the above early phase attack performed by multiple scouts and an intruder and such attack events in a long time frame becomes significant in the state-aware model. The results show that the proposed system can identify the attacks at the early stage efficiently to prevent further damage in the networks.\",\"PeriodicalId\":424903,\"journal\":{\"name\":\"2014 28th International Conference on Advanced Information Networking and Applications Workshops\",\"volume\":\"128 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-05-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 28th International Conference on Advanced Information Networking and Applications Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2014.134\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 28th International Conference on Advanced Information Networking and Applications Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2014.134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Targeted cyber attacks play a critical role in disrupting network infrastructure and information privacy. Based on the incident investigation, Intelligence gathering is the first phase of such attacks. To evade detection, hacker may make use of botnet, a set of zombie machines, to gain the access of a target and the zombies send the collected results back to the hacker. Even though the zombies would be blocked by detection system, the hacker, using the access information obtained from the botnet, would login the target from another machine without being noticed by the detection system. Such information gathering tactic can evade detection and the hacker grants the initial access to the target. The proposed defense system analyzes multiple logs from the network and extracts the reconnaissance attack sequences related to targeted attacks. State-based model is adopted to model the steps of the above early phase attack performed by multiple scouts and an intruder and such attack events in a long time frame becomes significant in the state-aware model. The results show that the proposed system can identify the attacks at the early stage efficiently to prevent further damage in the networks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
