Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains

6th International Conference on Information Warfare and Security, ICIW 2011

Volumn , Issue , 2011, Pages 113-125

  Hutchins, Eric ^a   Cloppert, Michael ^a   Amin, Rohan ^a  

^a LOCKHEED MARTIN   (United States)

Author keywords

APT; Computer network defense; Incident response; Intelligence; Intrusion detection; Threat

Indexed keywords

CHAINS; COMPUTER NETWORKS; COMPUTER VIRUSES; ITERATIVE METHODS; KNOWLEDGE MANAGEMENT; NATIONAL SECURITY; NETWORK SECURITY; RISK ASSESSMENT;

ADVANCED PERSISTENT THREAT"; ANTI VIRUS; COMPUTER NETWORK DEFENSE; INCIDENT RESPONSE; INTELLIGENCE; INTRUSION DETECTION SYSTEMS; INTRUSION-DETECTION; KILL CHAIN; NETWORK DEFENSE; THREAT;

INTRUSION DETECTION;

EID: 84863432533     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. Adobe. APSA09-01: Security Updates available for Adobe Reader and Acrobat versions 9 and earlier, February 2009. URL http://www.adobe.com/support/security/advisories/apsa09-01.html.
2. Duran F, Conrad, S. H, Conrad, G. N, Duggan, D. P and Held E. B. Building A System For Insider Security. IEEE Security & Privacy, 7(6):30-38, 2009. doi: 10.1109/MSP.2009.111.
3. Epstein, Keith, and Elgin, Ben. Network Security Breaches Plague NASA, November 2008. URL http://www.businessweek.com/print/magazine/content/0_48/b4110072404167.htm.
4. LTC Ashton Hayes. Defending Against the Unknown: Antiterrorism and the Terrorist Planning Cycle. The Guardian, 10(1):32-36, 2008. URL http://www.jcs.mil/content/files/2009-04/04130915524_ spring2008.pdf.
5. Krekel, Bryan. Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, October 2009. URL http://www.uscc.gov/researchpapers/2009/NorthropGrumma_ PR_Cybe_Pape_FINA_Approved%20Repor_16Oct2009.pdf.
6. Lewis, James Andrew Holistic Approaches to Cybersecurity to Enable Network Centric Operations, April 2008. URL http://armedservices.house.gov/pdfs/TUTC040108/Lewi_Testimony040108.pdf.
7. Mandiant. M-Trends: The Advanced Persistent Threat, January 2010. URL http://www.mandiant.com/products/services/m-trends.
8. Microsoft. Microsoft Security Bulletin MS09-017: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340), May 2009a. URL http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx.
9. Microsoft. Microsoft Security Advisory (969136): Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution, April 2009b. URL http://www.microsoft.com/technet/security/advisory/969136.mspx.
10. Sarandis Mitropoulos, Dimitrios Patsosa, and Christos Douligeris. On Incident Handling and Response: A stateof- the-art approach. Computers & Security, 5:351-370, July 2006. URL http://dx.doi.org/10.1016/j.cose.2005.09.006.
11. National Institute of Standards and Technology. Special Publication 800-61: Computer Security Incident Handling Guide, March 2008. URL http://csrc.nist.gov/publications/PubsSPs.html.
12. National Research Council. Countering the Threat of Improvised Explosive Devices: Basic Research Opportunities (Abbreviated Version), 2007. URL http://books.nap.edu/catalog.php?recor_id=11953.
13. Sakuraba, T. Domyo, S, Chou Bin-Hui and Sakurai, K. Exploring Security Countermeasures along the Attack Sequence. In Proc. Int. Conf. Information Security and Assurance ISA 2008, pages 427-432, 2008. doi:10.1109/ISA.2008.112.
14. Stamos, Alex. "Aurora" Response Recommendations, February 2010. URL https://www.isecpartners./com/files/iSE_Auror_Respons_Recommendations.pdf.
15. Tirpak, John A. Find, Fix, Track, Target, Engage, Assess. Air Force Magazine, 83:24-29, 2000. URL http://www.airforce-magazine.com/MagazineArchive/Pages/2000/July%202000/0700find.aspx.
16. UK-NISCC. National Infrastructure Security Co-ordination Centre: Targeted Trojan Email Attacks, June 2005. URL https://www.cpni.gov.uk/docs/ttea.pdf.
17. United States Army Training and Doctrine Command. A Military Guide to Terrorism in the Twenty-First Century, August 2007. URL http://www.dtic.mil/srch/doc?collection=t3&id=ADA472623.
18. US-CERT. Technical Cyber Security Alert TA05-189A: Targeted Trojan Email Attacks, July 2005. URL http://www.us-cert.gov/cas/techalerts/TA05-189A.html.
19. U.S.-China Economic and Security Review Commission. 2008 Report to Congress of the U.S. China Economic and Security Review Commission, November 2008. URL http://www.uscc.gov/annua_report/2008/annua_repor_ful_08.pdf.
20. U.S.-China Economic and Security Review Commission. 2009 Report to Congress of the U.S.-China Economic and Security Review Commission, November 2009. URL http://www.uscc.gov/annua_report/2009/annua_repor_ful_09.pdf.
21. U.S. Department of Defense. Joint Publication 3-13 Information Operations, February 2006. URL http://www.dtic.mil/doctrine/ne_pubs/jp_13.pdf.
22. U.S. Department of Defense. Joint Publication 3-60 Joint Targeting, April 2007. URL http://www.dtic.mil/doctrine/ne_pubs/jp_60.pdf.
23. Willison, Robert and Siponen. Mikko Overcoming the insider: reducing employee computer crime through Situational Crime Prevention. Communications of the ACM, 52(9):133-137, 2009. doi: http://doi.acm. org/10.1145/1562164.1562198.