Top

Published in:

2018 | OriginalPaper | Chapter

34. A Cognitive and Concurrent Cyber Kill Chain Model

Authors : Muhammad Salman Khan, Sana Siddiqui, Ken Ferens

Published in: Computer and Network Security Essentials

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

A cyber kill chain is a traditional model to analyze cyber security threats, whether there is a malware inside a computer system, covert and illegitimate channels found on a network, or an insider threat. This model has been used by cyber security professionals extensively, however, has found little attention in the academic domain. Further, with the evolution of the threat landscape into more advanced and persistent threats, this model has been challenged due to its weakness to incorporate advanced threats that are able to change their signatures, behaviors and can hide inside a computing node and remain undetected by masquerading their true nature. This chapter describes the traditional kill chain model in detail; discusses weaknesses of this model; proposes a new kill chain analytical model that supports concurrent analysis of threat stages, as opposed to sequential analysis of the existing kill chain model; and explains how the new model mimics the human mental process of threat analysis with examples. The proposed cyber kill chain model strengthens the analysis model of cyber security experts and enriches cyber professionals’ understanding of threats and attacks holistically.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Accountability for Federated Clouds

next chapter Defense Methods Against Social Engineering Attacks

Hutchins, E., Cloppert, M., & Amin, R. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In Proceedings of leading issues in information warfare and security research.

NTT Group Security. (2016). 2016 NTT Group–Global threat intelligence report (Online). Available: https://www.nttgroupsecurity.com

Achleitner, S., Porta, T. L., McDaniel, P., Sugrim, S., Krishnamurthy, S. V., & Chadha, R. (2016, October). Cyber deception: Virtual networks to defend insider reconnaissance. In Proceedings of the 8th ACM CCS international workshop on managing insider security threats.

PhishMe. (2016, June 4). Q1 2016 sees 93% of phishing emails contain ransomware (Online). Available: https://phishme.com

Cobb, S., & Lee, A. (2014, October). Malware is called malicious for a reason: The risks of weaponizing code. In Proceedings of 6th IEEE international conference on cyber conflict (CyCon 2014).

Harbison, C. (2016, March 29). New ransomware installers can infect computers without users clicking anything, say researchers. iDigitalTimes (Online). Available: http://www.idigitaltimes.com

Brandt, A. (2016, April 25). Android Towelroot Exploit used to deliver “Dogspectus” ransomware (Online). Available: https://www.bluecoat.com

Rivlin, A., Mehra, D., Uyeno, H., & Pidathala, V. (2016, June). System and method of detecting delivery of malware using cross-customer data. U.S. Patent US9363280-B1, 7.

Mansoori, M., Hirose, Y., Welch, I., & Choo, K.-K. R. (2016, March). Empirical analysis of impact of HTTP referer on malicious website behaviour and delivery. In Proceedings of IEEE 30th international conference on advanced information networking and applications (AINA).

10.

Taylor, T., Xin, H., Wang, T., Jang, J., Stoecklin, M. P., Monrose, F., & Sailer, R. (2016, March). Detecting malicious exploit kits using tree-based similarity searches. In Proceedings of the 6th ACM conference on data and application security and privacy (CODASPY).

11.

Sood, A. K., & Enbody, R. J. (2011). Malvertising–exploiting web advertising. Computer Fraud and Security, 2011(4), 11–16.CrossRef

12.

Sanzgiri, A., & Dasgupta, D. (2016). Classification of insider threat detection techniques. In Proceedings of the 11th annual cyber and information security research conference.

13.

Fang, Y., & Tung, Y.-Y. (2014, January). Patcher: An online service for detecting, viewing and patching web. In Proceedings of IEEE 47th Hawaii international conference on system science.

14.

Salas, M. I. P., & Martins, E. (2015). A black-box approach to detect vulnerabilities in web services using penetration testing. IEEE Latin America Transactions, 13(3), 707–712.CrossRef

15.

University of Maryland. (2015, October 28). Researchers find vulnerabilities in use of certificates for web security: Study finds website admins not revoking certificates, browsers not checking certificate revocation status (Online). Available: www.sciencedaily.com

16.

Kwon, B. J., Srinivas, V., Deshpande, A., & Dumitras, T. (2017, November). Catching worms, Trojan horses and PUPs: Unsupervised detection of silent delivery campaigns. In Proceedings of network and distributed system security symposium.

17.

Taylor, T., Snow, K. Z., Otterness, N., & Monrose, F. (2016, February). Cache, trigger, impersonate: Enabling context-sensitive honeyclient analysis on-the-wire. In Proceedings of network and distributed system security symposium (NDSS).

18.

Jin, X., Xunchao, H., Ying, K., Wenliang, D., & Yin, H. (2014, November). Code injection attacks on HTML5-based mobile Apps: Characterization, detection and mitigation. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security.

19.

Stringhini, G., Hohlfeld, O., Kruegel, C., & Vigna, G. (2014, June). The Harvester, the Botmaster, and the Spammer: On the relations between the different actors in the spam landscape. In Proceedings of the 9th ACM symposium on information, computer and communications security.

20.

Khan, M. S., Ferens, K., & Kinsner, W. (2015). Multifractal singularity spectrum for cognitive cyber defence in internet time series. International Journal of Software Science and Computational Intelligence, 7(3), 17–45.CrossRef

21.

Yadav, T., & Mallari, R. A. (2016, June). Technical aspects of cyber kill chain. In Proceedings of international symposium on security in computing and communication.

22.

NIST. National Vulnerability Database, DHS/NCCIC/US-CERT (Online). Available: https://nvd.nist.gov/. Accessed 29 December 2016.

23.

Cabaj, K., & Mazurczyk, W. (2016). Using software-defined networking for ransomware mitigation: The case of CryptoWall. IEEE Network, 30(6), 14–20.CrossRef

24.

Na, S., Kim, T., & Kim, H. (2016, November). A study on the classification of common vulnerabilities and exposures using Naive Bayes. In Proceedings of the international conference on broadband and wireless computing, communication and applications.

25.

Zhang, N., Yuan, K., Naveed, M., Zhou, X., & Wang, X. (2015, May). Leave me alone: App-level protection against runtime information gathering on android. In Proceedings of 2015 IEEE symposium on security and privacy.

26.

Muthuramalingam, S., Thangavel, M., & Sridhar, S. (2016). A review on digital sphere threats and vulnerabilities. Combating Security Breaches and Criminal Activity in the Digital Sphere, 1(21).

27.

Durumeric, Z., Kasten, J., Adrian, D., Halderman, A. J., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., & Paxson, V. (2014, November). The matter of Heartbleed. In Proceedings of the 2014 conference on internet measurement conference.

28.

Lee, R. P., Markantonakis, K., & Akram, R. N. (2016, May). Binding hardware and software to prevent firmware modification and device counterfeiting. In Proceedings of the 2nd ACM international workshop on cyber-physical system security.

29.

Novotny, M. (2016, June). Cryptanalytical attacks on cyber-physical systems. In Proceedings of 5th IEEE mediterranean conference on embedded computing (MECO).

30.

Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., & Wagner, D. (2016, June). Smart locks: Lessons for securing commodity internet of things devices. In Proceedings of the 11th ACM on Asia conference on computer and communications security.

31.

Xue, Y. L. (2014, March). Systems and methods for pre-installation detection of malware on mobile devices. Patent US9256738-B2.

32.

Fraley, J. B., & Cannady, J. (2016, October). Enhanced detection of advanced malicious software. In Proceedings of IEEE annual conference on ubiquitous computing, electronics and mobile communication conference (UEMCON).

33.

Alert Logic. (2016, December 30). The cyber kill chain: Understanding advanced persistent threats (Online). Available: https://www.alertlogic.com

34.

Payet, L. (2014, February 9). Hearthstone add-ons, cheating tools come with data-stealing malware. Symantec Corporation (Online). Available: https://www.symantec.com

35.

Khan, M. S., Ferens, K., & Kinsner, W. (2015, July). A cognitive multifractal approach to characterize complexity of non-stationary and malicious DNS data traffic using adaptive sliding window. In Proceedings of IEEE 14th international conference on cognitive informatics and cognitive computing (ICCI*CC).

36.

Goel, V., & Perlroth, N. (2016, December). Yahoo says 1 billion user accounts were hacked (Online). Available: http://www.nytimes.com

37.

Siddiqui, S., Khan, M. S., Ferens, K., & Kinsner, W. (2016). Detecting advanced persistent threats using fractal dimension based machine learning classification. In Proceedings of the 2016 ACM on international workshop on security and privacy analytics.

38.

Ussath, M., Jaeger, D., Cheng, F., & Meinel, C. (2016, March). Advanced persistent threats: Behind the scenes. In Proceedings of IEEE 2016 annual conference on information science and systems (CISS).

39.

Dell Secureworks. (2014). Understand the threat (Online). Available: http://www.secureworks.com/

40.

Greene, T. (2016, August). Why the ‘cyber kill chain’ needs an upgrade (Online). Available: http://www.networkworld.com

41.

Laliberte, M. (2016, September). A new take on the cyber kill chain (Online). Available:https://www.secplicity.org

42.

Happa, J., & Fairclough, G. (2016). A model to facilitate discussions about cyber attacks. In M. Taddeo & L. Glorioso (Eds.), Ethics and policies for cyber operations (Vol. 124, pp. 169–185).

43.

Grahn, K., Westerlund, M., & Pulkkis, G. (2017). Analytics for network security: A survey and taxonomy. In I. M. Alsmadi, G. Karabatis, & A. Aleroud (Eds.), Information fusion for cyber-security analytics (Vol. 691, pp. 175–193). New York: Springer International Publishing.

44.

Jasper, S. E. (2016, November). U.S. cyber threat intelligence sharing frameworks. International Journal of Intelligence and CounterIntelligence, 30, 53–65.CrossRef

45.

Rashid, F. Y. (2016, November). How IBM’s Watson will change cybersecurity (Online). Available: http://www.infoworld.com

46.

Wang, Y., Widrow, B., Zadeh, L. A., Howard, N., Wood, S., Bhavsar, V. C., Budin, G., Chan, C., Fiorini, R. A., Gavrilova, M. L., & Shell, D. F. (2016). Cognitive intelligence: Deep learning, thinking, and reasoning by brain-inspired systems. International Journal of Cognitive Informatics and Natural Intelligence (IJCINI), 10(4), 1–20.CrossRef

47.

Thuraisingham, B., Kantarcioglu, M., Hamlen, K., Khan, L., Finin, T., Joshi, A., Oates, T., & Bertino, E. (2016, July). A data driven approach for the science of cyber security: Challenges and directions. In Proceedings of IEEE 17th international conference on information reuse and integration.

48.

Ruefle, R., Dorofee, A., & Mundie, D. (2014). Computer security incident response team development and evolution. IEEE Security and Privacy, 12(5), 16–26.CrossRef

49.

Sivaprasad, A., & Jangale, S. (2012, March). A complete study on tools and techniques for digital forensic analysis. In Proceedings of 2012 IEEE international conference on computing, electronics and electrical technologies (ICCEET).

Title: A Cognitive and Concurrent Cyber Kill Chain Model
Authors: Muhammad Salman Khan
Sana Siddiqui
Ken Ferens
Publisher: Springer International Publishing
Book: Computer and Network Security Essentials
Print ISBN: 978-3-319-58423-2

Electronic ISBN: 978-3-319-58424-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-58424-9_34

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"