Aunshul Rege, Z. Obradovic, N. Asadi, B. Singer, Nicholas Masceri
{"title":"使用多学科框架和方法的网络入侵链的时间评估","authors":"Aunshul Rege, Z. Obradovic, N. Asadi, B. Singer, Nicholas Masceri","doi":"10.1109/CyberSA.2017.8073398","DOIUrl":null,"url":null,"abstract":"Current approaches to cybersecurity are response-driven and ineffective as they do not account for adaptive adversarial behavior and dynamic decision-making. Using empirical evidence of observations done at the US Industrial Control Systems Computer Emergency Response Team's (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL), this paper identifies how adversaries carry out, and adapt during, cyberattacks. This paper employs a unique mixed methods approach of qualitative observations and quantitative data science to address three objectives: (i) providing a quantitative framework for temporal analysis of the cyberattack processes by creating a time series representation of the qualitative data, (ii) employing data science methods, such as hierarchical clustering analysis, on the generated time series data to complement and supplement our understanding of cyberattack processes, and (iii) understanding how adversaries adapt during the disruptions by defenders.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies\",\"authors\":\"Aunshul Rege, Z. Obradovic, N. Asadi, B. Singer, Nicholas Masceri\",\"doi\":\"10.1109/CyberSA.2017.8073398\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Current approaches to cybersecurity are response-driven and ineffective as they do not account for adaptive adversarial behavior and dynamic decision-making. Using empirical evidence of observations done at the US Industrial Control Systems Computer Emergency Response Team's (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL), this paper identifies how adversaries carry out, and adapt during, cyberattacks. This paper employs a unique mixed methods approach of qualitative observations and quantitative data science to address three objectives: (i) providing a quantitative framework for temporal analysis of the cyberattack processes by creating a time series representation of the qualitative data, (ii) employing data science methods, such as hierarchical clustering analysis, on the generated time series data to complement and supplement our understanding of cyberattack processes, and (iii) understanding how adversaries adapt during the disruptions by defenders.\",\"PeriodicalId\":365296,\"journal\":{\"name\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2017.8073398\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2017.8073398","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies
Current approaches to cybersecurity are response-driven and ineffective as they do not account for adaptive adversarial behavior and dynamic decision-making. Using empirical evidence of observations done at the US Industrial Control Systems Computer Emergency Response Team's (ICS-CERT) Red Team-Blue Team cybersecurity training exercise held at Idaho National Laboratory (INL), this paper identifies how adversaries carry out, and adapt during, cyberattacks. This paper employs a unique mixed methods approach of qualitative observations and quantitative data science to address three objectives: (i) providing a quantitative framework for temporal analysis of the cyberattack processes by creating a time series representation of the qualitative data, (ii) employing data science methods, such as hierarchical clustering analysis, on the generated time series data to complement and supplement our understanding of cyberattack processes, and (iii) understanding how adversaries adapt during the disruptions by defenders.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
