Weitere Kapitel dieses Buchs durch Wischen aufrufen
A deception is often enabled by cloaking or disguising the true intent and corresponding actions of the perpetrating actor. In cyber deception, the degree to which actions are disguised or cloaked is typically called “covertness.” In this chapter, we describe a novel approach to quantifying cyber covertness, a specific attribute of malware relative to specific alert logic that the defender uses. We propose that the covertness of an offensive cyber operation in an adversarial environment is derived from the probability that the operation is detected by the defender. We show that this quantitative concept can be computed using Covertness Block Diagrams that are related to classical reliability block diagrams used for years in the reliability engineering community. This requires methods for modeling the malware and target network defenses that allow us to calculate a quantitative measure of covertness which is interpreted as the probability of detection. Called the Covertness Score, this measure can be used by attackers to design a stealthier method of completing their mission as well as by defenders to understand the detection limitations of their defenses before they are exploited.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
US Army. Joint technical coordinating group for munitions effectiveness program office.
David D Lynch and Institution of Electrical Engineers. Introduction to RF stealth. Scitech, 2004.
Dave MacEslin. Methodology for Determining EW JMEM. TECH TALK, page 32, 2006.
George Cybenko and Jason Syverson. Quantitative foundations for information operations, 2007.
David E. Sanger. Syria War Stirs New U.S. Debate on Cyberattacks. http://www.nytimes.com/2014/02/25/world/middleeast/obama-worried-about-effects-of-waging-cyberwar-in-syria.html, Feb 2014. Accessed: 2015-11-11.
US Department of Defense. The Department of Defense Cyber Strategy, 2015.
Mark A Gallagher and Michael Horta. Cyber Joint Munitions Effectiveness Manual (JMEM). M& SJ, 8:5e14, 2013.
US Army. Joint Publication 3–13: Information Operations, Nov 2014.
Molly B. Walker. New DoD program office to create cyber equivalent of the Joint Munitions Effectiveness Manual. http://www.fiercegovernmentit.com/story/new-dod-program-office-create-cyber-equivalent-joint-munitions-effectivenes/2015-10-14, Oct 2015. Accessed: 2015-11-20.
http://www.iseclab.org/projects/ttanalyze/. TTAnalyze: A tool for analyzing malware, 2015.
Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiao-yong Zhou, and XiaoFeng Wang. Effective and efficient malware detection at the end host. In USENIX security symposium, pages 351–366, 2009.
Daniel Bilar et al. Statistical structures: Fingerprinting malware for classification and analysis. Proceedings of Black Hat Federal 2006, 2006.
Marko Čepin. Reliability block diagram. In Assessment of Power System Reliability, pages 119–123. Springer, 2011.
http://www8.hp.com/us/en/software-solutions/siem-security-information-eventmanagement/. HP ArcSight ESM, 2015.
http://www.splunk.com/. Splunk Operational Intelligence Platform, 2015.
http://www.flowtraq.com/. FlowTraq Network Security, Monitoring, Analysis, and Forensics, 2015.
http://www.snort.com/. Snort Intrusion Prevention System, 2015.
http://www.mcafee.com/us/. McAfee Intel Security Suite, 2015.
http://www.tripwire.com/. Tripwire Advanced Cyber Threat Detection, 2015.
HP Enterprise Security. HP ArcSight ESM: powered by CORR-Engine, September 2012.
Sandeep Yadav, Ashwath Kumar Krishna Reddy, a.L. Narasimha Reddy, and Supranamaya Ranjan. Detecting algorithmically generated malicious domain names. Proceedings of the 10th annual conference on Internet measurement - IMC ’10, page 48, 2010.
Open Malware. http://openmalware.org, 2014.
VirusShare. http://virusshare.com, 2014.
The VirusWatch Archives. http://lists.clean-mx.com/pipermail/viruswatch/, 2014.
Cuckoo Sandbox. http://www.cuckoosandbox.org/, 2014.
Microsoft Developer Network. http://msdn.microsoft.com/en-us/library/, 2014.
Nicole Perlroth. Intelligence Start-Up Goes Behind Enemy Lines to Get Ahead of Hackers. www.nytimes.com/2015/09/14/technology/intelligence-start-up-goes-behind-enemy-lines-to-get-ahead-of-hackers.html, Sep 2015. Accessed: 2015-11-11.
Ben Elgin, Dune Lawrence, and Michael Riley. Neiman Marcus Hackers Set Off 60,000 Alerts While Bagging Credit Card Data. http://www.bloomberg.com/bw/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data, Feb 2014. Accessed: 2015-11-11.
Elizabeth R DeLong, David M DeLong, and Daniel L Clarke-Pearson. Comparing the areas under two or more correlated receiver operating characteristic curves: a nonparametric approach. Biometrics, pages 837–845, 1988.
Michael O Ball. Computational complexity of network reliability analysis: An overview. Reliability, IEEE Transactions on, 35(3):230–239, 1986.
Thomas M Cover and Joy A Thomas. Elements of information theory. John Wiley & Sons, 2012.
- Quantifying Covertness in Deceptive Cyber Operations
Neuer Inhalt/© ITandMEDIA, Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung/© astrosystem | stock.adobe.com