{"title":"针对高度针对性攻击的网络欺骗方法的使用和评估案例研究","authors":"Alexandria Farar, Hayretdin Bahsi, Bernhards Blumbergs","doi":"10.1109/CYBERINCIDENT.2017.8054640","DOIUrl":null,"url":null,"abstract":"Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization’s network topology, services and resources.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks\",\"authors\":\"Alexandria Farar, Hayretdin Bahsi, Bernhards Blumbergs\",\"doi\":\"10.1109/CYBERINCIDENT.2017.8054640\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization’s network topology, services and resources.\",\"PeriodicalId\":298850,\"journal\":{\"name\":\"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CYBERINCIDENT.2017.8054640\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CYBERINCIDENT.2017.8054640","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks
Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization’s network topology, services and resources.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
