nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

Quantifying Covertness in Deceptive Cyber Operations

verfasst von : George Cybenko, Gabriel Stocco, Patrick Sweeney

Erschienen in: Cyber Deception

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A deception is often enabled by cloaking or disguising the true intent and corresponding actions of the perpetrating actor. In cyber deception, the degree to which actions are disguised or cloaked is typically called “covertness.” In this chapter, we describe a novel approach to quantifying cyber covertness, a specific attribute of malware relative to specific alert logic that the defender uses. We propose that the covertness of an offensive cyber operation in an adversarial environment is derived from the probability that the operation is detected by the defender. We show that this quantitative concept can be computed using Covertness Block Diagrams that are related to classical reliability block diagrams used for years in the reliability engineering community. This requires methods for modeling the malware and target network defenses that allow us to calculate a quantitative measure of covertness which is interpreted as the probability of detection. Called the Covertness Score, this measure can be used by attackers to design a stealthier method of completing their mission as well as by defenders to understand the detection limitations of their defenses before they are exploited.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Cyber Security Deception

Nächstes Kapitel Design Considerations for Building Cyber Deception Systems

such as www.4shared.com.

US Army. Joint technical coordinating group for munitions effectiveness program office.

David D Lynch and Institution of Electrical Engineers. Introduction to RF stealth. Scitech, 2004.

Dave MacEslin. Methodology for Determining EW JMEM. TECH TALK, page 32, 2006.

George Cybenko and Jason Syverson. Quantitative foundations for information operations, 2007.

David E. Sanger. Syria War Stirs New U.S. Debate on Cyberattacks. http://www.nytimes.com/2014/02/25/world/middleeast/obama-worried-about-effects-of-waging-cyberwar-in-syria.html, Feb 2014. Accessed: 2015-11-11.

US Department of Defense. The Department of Defense Cyber Strategy, 2015.

Mark A Gallagher and Michael Horta. Cyber Joint Munitions Effectiveness Manual (JMEM). M& SJ, 8:5e14, 2013.

US Army. Joint Publication 3–13: Information Operations, Nov 2014.

Molly B. Walker. New DoD program office to create cyber equivalent of the Joint Munitions Effectiveness Manual. http://www.fiercegovernmentit.com/story/new-dod-program-office-create-cyber-equivalent-joint-munitions-effectivenes/2015-10-14, Oct 2015. Accessed: 2015-11-20.

10.

http://www.iseclab.org/projects/ttanalyze/. TTAnalyze: A tool for analyzing malware, 2015.

11.

Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiao-yong Zhou, and XiaoFeng Wang. Effective and efficient malware detection at the end host. In USENIX security symposium, pages 351–366, 2009.

12.

Daniel Bilar et al. Statistical structures: Fingerprinting malware for classification and analysis. Proceedings of Black Hat Federal 2006, 2006.

13.

Marko Čepin. Reliability block diagram. In Assessment of Power System Reliability, pages 119–123. Springer, 2011.

14.

RG Bennetts. Analysis of reliability block diagrams by boolean techniques. Reliability, IEEE Transactions on, 31(2):159–166, 1982.CrossRefMATH

15.

http://www8.hp.com/us/en/software-solutions/siem-security-information-eventmanagement/. HP ArcSight ESM, 2015.

16.

http://www.splunk.com/. Splunk Operational Intelligence Platform, 2015.

17.

http://www.flowtraq.com/. FlowTraq Network Security, Monitoring, Analysis, and Forensics, 2015.

18.

http://www.snort.com/. Snort Intrusion Prevention System, 2015.

19.

http://www.mcafee.com/us/. McAfee Intel Security Suite, 2015.

20.

http://www.tripwire.com/. Tripwire Advanced Cyber Threat Detection, 2015.

21.

HP Enterprise Security. HP ArcSight ESM: powered by CORR-Engine, September 2012.

22.

Sandeep Yadav, Ashwath Kumar Krishna Reddy, a.L. Narasimha Reddy, and Supranamaya Ranjan. Detecting algorithmically generated malicious domain names. Proceedings of the 10th annual conference on Internet measurement - IMC ’10, page 48, 2010.

23.

Open Malware. http://openmalware.org, 2014.

24.

VirusShare. http://virusshare.com, 2014.

25.

The VirusWatch Archives. http://lists.clean-mx.com/pipermail/viruswatch/, 2014.

26.

Cuckoo Sandbox. http://www.cuckoosandbox.org/, 2014.

27.

Microsoft Developer Network. http://msdn.microsoft.com/en-us/library/, 2014.

28.

Nicole Perlroth. Intelligence Start-Up Goes Behind Enemy Lines to Get Ahead of Hackers. www.nytimes.com/2015/09/14/technology/intelligence-start-up-goes-behind-enemy-lines-to-get-ahead-of-hackers.html, Sep 2015. Accessed: 2015-11-11.

29.

Ben Elgin, Dune Lawrence, and Michael Riley. Neiman Marcus Hackers Set Off 60,000 Alerts While Bagging Credit Card Data. http://www.bloomberg.com/bw/articles/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-while-bagging-credit-card-data, Feb 2014. Accessed: 2015-11-11.

30.

Elizabeth R DeLong, David M DeLong, and Daniel L Clarke-Pearson. Comparing the areas under two or more correlated receiver operating characteristic curves: a nonparametric approach. Biometrics, pages 837–845, 1988.

31.

Michael O Ball. Computational complexity of network reliability analysis: An overview. Reliability, IEEE Transactions on, 35(3):230–239, 1986.

32.

Thomas M Cover and Joy A Thomas. Elements of information theory. John Wiley & Sons, 2012.

Titel: Quantifying Covertness in Deceptive Cyber Operations
verfasst von: George Cybenko
Gabriel Stocco
Patrick Sweeney
Verlag: Springer International Publishing
Buch: Cyber Deception
Print ISBN: 978-3-319-32697-9

Electronic ISBN: 978-3-319-32699-3

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-32699-3_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner