Title

Security And Integrity Analysis Using Indicators

Keywords

Forensics; Indicators; Integrity; Security

Abstract

Computer systems today are under constant attack by adversaries that are looking for opportunistic ways to gain access and exfiltrate data, cause disruption or chaos, or leverage the computer for their own use. Whatever the motives are, these attacks typically occur not just against one device but a series of computer systems that relate in some manner (i.e. banking systems). Being able to understand the attackers tactics, techniques, or procedures (TTP) and reuse the knowledge against other systems becomes critical to help detect the attackers movement, where they may have conducted other security breaches, and to help play catch-up and close down the attacker from persistent threat. Using Indicators as a way to define components of the various TTPs can act as a tool to help share intelligence. A simulation was conducted demonstrating the indicator lifecycle in which a malware binary was created to perform a https command and control (C2). Using this simulation, it was possible to demonstrate how indicators were produced and defined after system analysis as well as how they could be consumed on other systems searching for the same TTP. © 2012 IEEE.

Publication Date

1-1-2012

Publication Title

Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

Number of Pages

127-135

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/CyberSecurity.2012.23

Socpus ID

84881033621 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84881033621

This document is currently not available here.

Share

COinS