Technical Aspects of Cyber Kill Chain

Yadav, Tarun; Mallari, Rao Arvind

doi:10.1007/978-3-319-22915-7_40

Cited by 154 publications

(101 citation statements)

References 4 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We assume APT scenarios for host intrusion detection: an attacker illegitimately gains access to a system and plans to remain there for an extended period of time without being detected. The attacker may conduct the attack in several phases and use a variety of techniques during each phase [131]. The goal of UNICORN is to detect such attacks at any stage by interpreting the provenance generated by the host.…”

Section: Threat Modelmentioning

confidence: 99%

“…To simulate APT attacks, we follow the typical cyber kill chain model that consists of roughly 7 nonexclusive phases, i.e., reconnaissance (identify a target and explore its vulnerabilities), weaponize (design a backdoor and a penetration plan), delivery (deliver the weapon), exploitation (victim triggers the vulnerability), installation (install the backdoor or malware), command and control (C&C) (give remote instructions to the victim), and actions on objectives [131].…”

Section: Supply Chain Attack Scenariosmentioning

confidence: 99%

See 1 more Smart Citation

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats

Han¹,

Pasquier²,

Bates³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

129

111

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are difficult to detect due to their "low-and-slow" attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomalybased APT detector that effectively leverages data provenance analysis. From modeling to detection, UNICORN tailors its design specifically for the unique characteristics of APTs. Through extensive yet time-efficient graph analysis, UNICORN explores provenance graphs that provide rich contextual and historical information to identify stealthy anomalous activities without predefined attack signatures. Using a graph sketching technique, it summarizes long-running system execution with space efficiency to combat slow-acting attacks that take place over a long time span. UNICORN further improves its detection capability using a novel modeling approach to understand long-term behavior as the system evolves. Our evaluation shows that UNICORN outperforms an existing state-of-the-art APT detection system and detects reallife APT scenarios with high accuracy.

show abstract

Section: Threat Modelmentioning

confidence: 99%

Section: Supply Chain Attack Scenariosmentioning

confidence: 99%

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats

Han¹,

Pasquier²,

Bates³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

129

111

View full text Add to dashboard Cite

show abstract

“…After delivery of the malware, intruders' code should be triggered on the target machine by running the malicious application or exploiting a system vulnerability [20], [23], [31]. A successful exploitation may lead to exfiltration of private information, injection of code into web applications, log keystrokes, steal passwords, steal cookies or download other modules that may perform intended malicious activities.…”

Section: Exploitationmentioning

confidence: 99%

“…This is a mechanism by which a malware registers to its Command and Control (C&C) server [20], [23], [31], [36], [81]. Malware are registering on a C&C domain to receive commands or upload exfiltrated data.…”

Section: Command and Control (C2)mentioning

confidence: 99%

“…Cyber Kill Chain (CKC) is one of the most widely used operational threat intelligence models to explain intrusion campaigns activities [23], [31]. CKC is based on the kill chain tactic of the US military's F2T2EA (find, fix, track, target, engage and assess) [20], and contains seven stages/steps as shown on Figure 1 [20], [23], [31]- [34]. Reconnaissance includes the identification, selection and profiling of potential targets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans

show abstract

Cybersecurity of Industrial Cyber‐Physical Systems

Gallais

Imine

2022

Digitalization and Control of Industrial Cyber‐Physical Systems

View full text Add to dashboard Cite

Technical Aspects of Cyber Kill Chain

Cited by 154 publications

References 4 publications

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Cybersecurity of Industrial Cyber‐Physical Systems

Contact Info

Product

Resources

About