从流量数据集中提取攻击叙述

2016 International Conference on Cyber Conflict (CyCon U.S.) Pub Date : 2016-10-01 DOI:10.1109/CYCONUS.2016.7836624

J. D. Mireles, Jin-Hee Cho, Shouhuai Xu

{"title":"从流量数据集中提取攻击叙述","authors":"J. D. Mireles, Jin-Hee Cho, Shouhuai Xu","doi":"10.1109/CYCONUS.2016.7836624","DOIUrl":null,"url":null,"abstract":"Parsing through large amounts of network traffic to extract attack signatures is a complex and time consuming process. It is an even harder process to piece together those signatures to formulate an attack narrative. An attack narrative can be defined as the set of attack signatures, that when combined provides an overview of the attack and the attacker themselves. In this paper, we propose a framework for extracting attack narratives from traffic datasets. Within this framework, we propose the re-examination of packet grepping for attack signatures in network traffic as a viable, fast, and effective means to extract attack narratives from large amounts of network traffic. By combining attack signature packet grepping with Mandiant’s Attack Lifecycle Model, we increase the effectiveness of packet grepping and create a methodology that is simple and powerful for constructing attack narratives. In order to show the effectiveness of the framework, we conduct a case study by using the 2015 National Collegiate Cyber Defense Competition (NCCDC) network traffic. Our preliminary results show that the framework is promising.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"173 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Extracting attack narratives from traffic datasets\",\"authors\":\"J. D. Mireles, Jin-Hee Cho, Shouhuai Xu\",\"doi\":\"10.1109/CYCONUS.2016.7836624\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Parsing through large amounts of network traffic to extract attack signatures is a complex and time consuming process. It is an even harder process to piece together those signatures to formulate an attack narrative. An attack narrative can be defined as the set of attack signatures, that when combined provides an overview of the attack and the attacker themselves. In this paper, we propose a framework for extracting attack narratives from traffic datasets. Within this framework, we propose the re-examination of packet grepping for attack signatures in network traffic as a viable, fast, and effective means to extract attack narratives from large amounts of network traffic. By combining attack signature packet grepping with Mandiant’s Attack Lifecycle Model, we increase the effectiveness of packet grepping and create a methodology that is simple and powerful for constructing attack narratives. In order to show the effectiveness of the framework, we conduct a case study by using the 2015 National Collegiate Cyber Defense Competition (NCCDC) network traffic. Our preliminary results show that the framework is promising.\",\"PeriodicalId\":358914,\"journal\":{\"name\":\"2016 International Conference on Cyber Conflict (CyCon U.S.)\",\"volume\":\"173 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Cyber Conflict (CyCon U.S.)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CYCONUS.2016.7836624\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Cyber Conflict (CyCon U.S.)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CYCONUS.2016.7836624","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

对大量网络流量进行解析提取攻击特征是一个复杂且耗时的过程。将这些签名拼凑起来，形成攻击叙事，是一个更加困难的过程。攻击叙述可以定义为一组攻击签名，当它们结合在一起时，可以提供攻击和攻击者本身的概述。在本文中，我们提出了一个从流量数据集中提取攻击叙述的框架。在此框架内，我们建议重新检查网络流量中的攻击签名的数据包抓取，作为从大量网络流量中提取攻击叙述的可行，快速和有效的方法。通过将攻击签名数据包抓取与Mandiant的攻击生命周期模型相结合，我们提高了数据包抓取的有效性，并创建了一种简单而强大的方法来构建攻击叙述。为了证明该框架的有效性，我们利用2015年全国大学网络防御竞赛(NCCDC)的网络流量进行了案例研究。我们的初步结果表明，该框架是有希望的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Extracting attack narratives from traffic datasets

Parsing through large amounts of network traffic to extract attack signatures is a complex and time consuming process. It is an even harder process to piece together those signatures to formulate an attack narrative. An attack narrative can be defined as the set of attack signatures, that when combined provides an overview of the attack and the attacker themselves. In this paper, we propose a framework for extracting attack narratives from traffic datasets. Within this framework, we propose the re-examination of packet grepping for attack signatures in network traffic as a viable, fast, and effective means to extract attack narratives from large amounts of network traffic. By combining attack signature packet grepping with Mandiant’s Attack Lifecycle Model, we increase the effectiveness of packet grepping and create a methodology that is simple and powerful for constructing attack narratives. In order to show the effectiveness of the framework, we conduct a case study by using the 2015 National Collegiate Cyber Defense Competition (NCCDC) network traffic. Our preliminary results show that the framework is promising.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference on Cyber Conflict (CyCon U.S.)

自引率

0.00%

发文量