nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Framework of Cyber Attack Attribution Based on Threat Intelligence

verfasst von : Li Qiang, Yang Zeming, Liu Baoxu, Jiang Zhengwei, Yan Jian

Erschienen in: Interoperability, Safety and Security in IoT

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the rapid growth of information technology, more and more devices are connected to the network. Cyber security environment has become increasingly complicated. In the face of advanced threats, such as targeted attack and advanced persistent threat, traditional security measures of accumulating security devices to protect relevant systems and networks had been proved to be an unqualified failure. Aiming at this situation, this paper proposed a framework of cyber attack attribution based on threat intelligence. At first, after surveying and analyzing related academic research and industry solutions, this paper used the local advantage model to analysis the process of cyber attack. According to the definitions of seven steps in intrusion kill chains and six phases of F2T2EA model, this model proposed a method of collecting threat intelligence data and detecting and response to cyber attacks, so as to achieve the goals of early-warming, processing detection and response and posting attribution analysis, and finally to reverse the security situation. Then, this paper designed a framework of cyber attack attribution based on threat intelligence. The framework is composed by Start of analysis, Threat intelligence and Attribution analysis. The three main parts indicated the architecture of cyber attack attribution. Finally, we tested the framework by practical case. The case study shows that the proposed framework can provide some help in attribution analysis.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Formulating A Global Identifier Based on Actor Relationship for the Internet of Things

Nächstes Kapitel UML Modeling of Cross-Layer Attack in Wireless Sensor Networks

Trend Micro. Targetted Attacks (2016). http://www.trendmicro.com/vinfo/us/security/definition/targeted-attacks

Wheeler, D.A., Larsen, G.N.: Techniques for cyber attack attribution. No. IDA-P-3792. Institute for Defense Analyses, Alexandria, VA (2003)

Ryu, J., Na, J.: Security requirement for cyber attack traceback. In: Fourth International Conference on Networked Computing and Advanced Information Management, NCM 2008, vol. 2. IEEE (2008)

Hunker, J., Hutchinson, B., Margulies, J.: Role and challenges for sufficient cyber-attack attribution. In: Institute for Information Infrastructure Protection, pp. 5–10 (2008)

Tony Code. Attributions and Arrests: Lessons from Chinese Hacker (2015). https://www.fireeye.com/blog/executive-perspective/2015/12/attributions_andarr.html

Gartner. Definition: Threat Intelligence (2013). https://www.gartner.com/doc/2487216/definition-threat-intelligence

Gervais, P.: Nine Cyber Security Trends for 2016 (2015). http://www.prweb.com/releases/2015/12/prweb13125922.htm

Tirpak, J.A.: Find, fix, track, target, engage, assess. Air Force Mag. 83(7), 24–29 (2000)

U.S. Department of Defence. Joint Publication 3-60 Joint Targeting (2007). http://www.bits.de/NRANEU/others/jp-doctrine/jp3_60(07).pdf

10.

Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Leading Issues in Information Warfare and Security Research, vol. 1, p. 80 (2011)

11.

Caltagirone, S., Pendergast, A., Betz, C.: The diamond model of intrusion analysis. In: Center for Cyber Intelligence Analysis and Threat Research, Hanover, MD (2013)

12.

Rid, T., Buchanan, B.: Attributing cyber attacks. J. Strateg. Stud. 38(1-2), 4–37 (2015)CrossRef

13.

Kaspersky. Kaspersky Lab Technology Leadership (2014). http://www.kaspersky.com/other/custom-html/b2b-ddos-prevention/pdf/kaspersky-technology-leadership.pdf

14.

Kaspersky. Kaspersky Security Intelligence Services (2014). http://media.kaspersky.com/en/business-security/enterprise/Kaspersky_Security_Intelligence_Services_Threat_Intelligence_Services.pdf

15.

FireEye. FireEye Threat Intelligence Engine (2015). https://www.fireeye.com/products/dynamic-threat-intelligence/threat-intelligence-engine.html

16.

FireEye. FireEye Intelligence Center (2015). https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/ds-fireeye-intelligence-center.pdf

17.

Dell SecureWorks. Ever-Evolving Security Threat Landscape (2014). http://www.isaca.org/chapters3/Atlanta/AboutOurChapter/Documents/ISACAATL-062014-EverevolvingSecurityThreatLandscape.pdf

18.

Dell SecureWorks. Counter Threat Platform (2016). https://www.secureworks.com/capabilities/counter-threat-platform

19.

IBM Security. IBM X-Force Threat Intelligence (2016). http://www-03.ibm.com/security/xforce/

20.

Qiang, L., et al.: A reasoning method of cyber-attack attribution based on threat intelligence. World Acad. Sci. Eng. Technol. Int. J. Comput. Electr. Autom. Control Inf. Eng. 10(5), 773–777 (2016)

Titel: Framework of Cyber Attack Attribution Based on Threat Intelligence
verfasst von: Li Qiang
Yang Zeming
Liu Baoxu
Jiang Zhengwei
Yan Jian
Verlag: Springer International Publishing
Buch: Interoperability, Safety and Security in IoT
Print ISBN: 978-3-319-52726-0

Electronic ISBN: 978-3-319-52727-7

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-52727-7_11

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"