A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing

Duncan, Adrian; Creese, Sadie; Goldsmith, Michael

doi:10.1109/cybersecpods.2019.8885401

Cited by 8 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Over the last few years, attack methods [8][9][10][11][12][13] have grown with the evolution of fundamental technology and architecture of applications (e.g. JavaScript attacks [20], and attacks on cloudcomputing services [21]), and hence the update [14] of OWASP Top 10 as illustrated in Table 1 below.…”

Section: Methodology In Owasp Risk Ratingmentioning

confidence: 99%

Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Li¹

2020

AETiC

View full text Add to dashboard Cite

The delivery of a framework in place for secure application development is of real value for application development teams to integrate security into their development life cycle, especially when a mobile or web application moves past the scanning stage and focuses increasingly on the remediation or mitigation phase based on static application security testing (SAST). For the first time, to the author’s knowledge, the industry-standard Open Web Application Security Project (OWASP) top 10 vulnerabilities and CWE/SANS top 25 most dangerous software errors are synced up in a matrix with Checkmarx vulnerability queries, producing an application security framework that helps development teams review and address code vulnerabilities, minimise false positives discovered in static scans and penetration tests, targeting an increased accuracy of the findings. A case study is conducted for vulnerabilities scanning of a proof-of-concept mobile malware detection app. Mapping the OWASP/SANS with Checkmarx vulnerabilities queries, flaws and vulnerabilities are demonstrated to be mitigated with improved efficiency.

show abstract

Section: Methodology In Owasp Risk Ratingmentioning

confidence: 99%

Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Li¹

2020

AETiC

View full text Add to dashboard Cite

show abstract

“…В работе [5] описано решение задачи противодействия атакам на сервисы облачных вычислений со стороны инсайдеров, для чего комбинируется пара методов путем их наложения. Первый основан на классическом дереве атак, примененном к внутренней среде облачных сервисов; второй представляет собой, так называемую, цепочку уничтожения, вышедшую из концепции ведения боевых действий и заключающуюся в отслеживании степени продвижения атаки к заданным целям.…”

Section: обзор релевантных работunclassified

Methods Combining for Identifying of Insiders in Large Information Systems

2024

Cybersecurity Issues

View full text Add to dashboard Cite

Цель исследования: изыскание направлений повышения эффективности противодействия инсайдерам в больших информационных системах за счет комбинирования способов их выявления.Методы исследования: аналитический обзор релевантных научных публикаций, концептуальное моделирование, формализация, категориальный подход, экспертное и теоретическое комбинирование, синтез, алгоритмизация.Полученные результаты: получен обобщенный список и разработана частично формализованная модель объединения качественно различных способов выявления инсайдеров в больших информационных системах; предложен экспертный прогноз 21 комбинации из 7 указанных способов, дана теоретическая оценка успешности их сочетания; синтезирован комбинированный способ выявления инсайдеров, алгоритм которого задан в виде псевдокода.Научная новизна работы определяется авторским подходом к комбинированию способов на основе категориального пространства, которое имеет оси вдоль следующих пар антагонистических элементов: нормальное vs аномальное, статическое vs динамическое, субъект vs объект. Большинство комбинаций способов предложены впервые.

show abstract

“…We clarify the nature and state of the insiders with respect to and with reference to the cloud ecosystem. [7] Symptomatic Insider:…”

Section: Of Trade Secretsmentioning

confidence: 99%

A Review: Insider Attack in New Normal

Chitre¹

2022

IJSREM

View full text Add to dashboard Cite

Technology brings comfort and makes our work easy, but it may come with a cost of your data breach. The Covid-19 crises have fundamentally changed ways of working as many companies are extending the remote working policies that become necessary during the pandemic. Static, network-based security parameters will no longer be sufficient. The security dynamic among users, assets and resources must be protected. Keywords:- Insider attack, new normal, cyber security

show abstract

A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing

Cited by 8 publications

References 7 publications

Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Vulnerabilities Mapping based on OWASP-SANS: A Survey for Static Application Security Testing (SAST)

Methods Combining for Identifying of Insiders in Large Information Systems

A Review: Insider Attack in New Normal

Contact Info

Product

Resources

About