http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Bahrami, Pooneh Nikkhah,Dehghantanha, Ali,Dargahi, Tooska,Parizi, Reza M.,Choo, Kim-Kwang Raymond,Javadi, Hamid H.S. Korea Information Processing Society 2019 Journal of information processing systems Vol.15 No.4
The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.
Pooneh Nikkhah Bahrami,Ali Dehghantanha,Tooska Dargahi,Reza M. Parizi,Kim-Kwang Raymond Choo,Hamid H. S. Javadi 한국정보처리학회 2019 Journal of information processing systems Vol.15 No.4
The need for cyber resilience is increasingly important in our technology-dependent society where computingdevices and data have been, and will continue to be, the target of cyber-attackers, particularly advancedpersistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to bemore sophisticated, having access to significantly more resources and time to facilitate their attacks, which inmost cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors oftenutilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus,having up-to-date and detailed information of APT’s tactics, techniques, and procedures (TTPs) facilitates thedesign of effective defense strategies as the focus of this paper. Specifically, we posit the importance oftaxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attackcampaigns is fragmented across practitioner, government (including intelligence/classified), and academicpublications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APTcampaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to “decompose” anycomplex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze morethan 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incidentresponse and cyber threat hunting by aiding in understanding of the potential attacks to organizations as wellas which attacks may surface. In addition, the taxonomy can allow national security and intelligence agenciesand businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailedinformation about the campaigns. It can also notify future security policies and mitigation strategy formulation.