通过使用网络杀伤链提取基于网络的攻击叙事:一项复制研究

IF 1 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS IT-Information Technology Pub Date : 2022-02-18 DOI:10.1515/itit-2021-0059
Aaron Weathersby, M. Washington
{"title":"通过使用网络杀伤链提取基于网络的攻击叙事:一项复制研究","authors":"Aaron Weathersby, M. Washington","doi":"10.1515/itit-2021-0059","DOIUrl":null,"url":null,"abstract":"Abstract The defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.","PeriodicalId":43953,"journal":{"name":"IT-Information Technology","volume":null,"pages":null},"PeriodicalIF":1.0000,"publicationDate":"2022-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Extracting network based attack narratives through use of the cyber kill chain: A replication study\",\"authors\":\"Aaron Weathersby, M. Washington\",\"doi\":\"10.1515/itit-2021-0059\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract The defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.\",\"PeriodicalId\":43953,\"journal\":{\"name\":\"IT-Information Technology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.0000,\"publicationDate\":\"2022-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IT-Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1515/itit-2021-0059\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IT-Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1515/itit-2021-0059","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1

摘要

计算机网络的防御要求防御者既要了解攻击何时发生,又要了解攻击者更大的战略目标。在本文中,我们通过复制Mireles等人先前的研究“从流量数据集中提取攻击叙述”来探索这个主题。[a] thanasiades, N.,等。,入侵检测与测试方法,在第一届IEEE国际信息安全研讨会。2003,IEEE: Darmstadt,德国。在他们最初的研究中,Mireles等人。提出了一个框架,将特定的网络攻击模型(Mandiant生命周期模型)和单个攻击签名的识别连接到一个过程中,以便在他们所谓的攻击叙述中提供对攻击者的更高层次的洞察。在我们的研究中,我们既复制了原作者的工作,又通过整合Mireles等人的许多建议推动了研究的发展。前提是这样可以提高他们的研究水平。通过我们的分析,我们确认了这样一个概念,即攻击叙述可以提供超越个人网络攻击审查的额外见解。我们还通过洛克希德·马丁公司的网络杀伤链来探索他们的框架,从而建立了他们建议的一个领域。虽然我们发现这个概念是新颖的,并且可能有用,但我们发现复制Mireles等人的清晰度存在挑战。描述。在我们的研究中,我们确定需要进一步研究描述攻击叙述的其他组成部分,包括网络攻击的非线性性质以及身份和归属问题。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Extracting network based attack narratives through use of the cyber kill chain: A replication study
Abstract The defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IT-Information Technology
IT-Information Technology COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
3.80
自引率
0.00%
发文量
29
期刊最新文献
Wildfire prediction for California using and comparing Spatio-Temporal Knowledge Graphs Machine learning in AI Factories – five theses for developing, managing and maintaining data-driven artificial intelligence at large scale Machine learning applications Machine learning in sensor identification for industrial systems Machine learning and cyber security
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1