A Reasoning Method of Cyber-Attack Attribution Based on Threat Intelligence
نویسندگان
چکیده
With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution. Keywords—Reasoning, Bayesian networks, cyber-attack attribution, kill chain, threat intelligence.
منابع مشابه
Cyber Threats Foresight Against Iran Based on Attack Vector
Cyber threats have been extraordinary increased in recent years. Cyber attackers, including government agencies or hackers, have made significant advances in the use of various tools for attacking target systems in some countries particularly on Islamic republic of Iran. The complexity of cyber threats and the devastating effects of them on critical systems highlights necessity of cyber thr...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملAn Authorization Framework for Database Systems
Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most im...
متن کاملMachine-assisted Cyber Threat Analysis Using Conceptual Knowledge Discovery
Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our v...
متن کاملVers un regroupement multicritères comme outil d'aide à l'attribution d'attaque dans le cyber-espace. (A multi-criteria clustering approach to support attack attribution in cyberspace)
In the recent years, the security community has observed a paradigm shift in the nature of attack phenomena in the Internet. Many security experts have acknowledged the fact that the cyber-crime scene is becoming increasingly organized and more consolidated. As organized crime has always gone where money could be made, cyber-criminals have, not surprisingly, developed an underground economy by ...
متن کامل