From TTP to IoC: Advanced Persistent Graphs for Threat Hunting
نویسندگان
چکیده
Defenders fighting against Advanced Persistent Threats need to discover the propagation area of an adversary as quickly possible. This discovery takes place through a phase incident response operation called Threat Hunting, where defenders track down attackers within compromised network. In this article, we propose formal model that dissects and abstracts elements attack, from both attacker defender perspectives. leads construction two persistent graphs on common set objects components allowing for (1) omniscient actor compare, attacker, gap in knowledge perceptions; (2) become aware traces left targeted network; (3) improve quality Hunting by identifying false-positives adapting logging policy be oriented investigations. challenge using attack campaign mimicking APT29, real-world threat, scenario designed MITRE Corporation. We measure defensive architecture experimentally then determine most effective strategy exploit data collected order extract actionable Cyber Intelligence, finally unveil attacker.
منابع مشابه
Anatomy of an advanced persistent threat
More often than not, we expect attackers to follow a path that reflects a preconceived notion of how we think they will behave. As mammals, we tend to fear what we can see, and with cyber security, it is difficult to visualize or even imagine what an attacker can do or even how patient or sophisticated they can be. Furthermore, we may dismiss what could be deemed as too complicated and/or impla...
متن کاملMaximizing the effectiveness of an advanced persistent threat
As a new type of cyber attacks, advanced persistent threats (APTs) pose a severe threat to modern society. This paper focuses on the assessment of the risk of APTs. Based on a dynamic model characterizing the time evolution of the state of an organization, the organization’s risk is defined as its maximum possible expected loss, and the risk assessment problem is modeled as a constrained optimi...
متن کاملAdvanced Persistent Threat: Malicious Code Hidden in PDF Documents
Advanced Persistent Threat (APT) in recent years has become a very popular choice to steal information of specific targets using the vulnerabilities on the targets’ machine. APT involves a set of complex phases, which are difficult to detect and often initiated with spear phishing in the early stage of invasion. To help defend against APT, it is important to study the malformed Portable Documen...
متن کاملSherlock Holmes and the Case of the Advanced Persistent Threat
An Advanced Persistent Threat (APT) is a targeted attack against a high-value asset or a physical system. Drawing from analogies in the Sherlock Holmes stories of Sir Arthur Conan Doyle, we illustrate potential strategies of deception and evasion available in this setting, and caution against overly narrow characterization of APTs.
متن کاملAn advanced persistent threat in 3G networks: Attacking the home network from roaming networks
The HLR/AuC is considered to be one of the most important network elements of a 3G network. It can serve up to five million subscribers and at least one transaction with HLR/AuC is required for every single phone call or data session. This paper presents experimental results and observations that can be exploited to perform a novel distributed denial of service attack in 3G networks that target...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Network and Service Management
سال: 2021
ISSN: ['2373-7379', '1932-4537']
DOI: https://doi.org/10.1109/tnsm.2021.3056999