Thinking about intrusion kill chains as mechanisms

Spring, Jonathan M.; Hatleback, Eric

doi:10.1093/cybsec/tyw012

Cited by 7 publications

(12 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…44 For a high-level, strategic introduction to computer security see Shimeall and Spring (2013). 45 See Spring and Hatleback (2017) for a detailed account. the underlying cause, the heuristic is useful for designing effective experimentation.…”

Section: Indexing Beyond the Science Of Computingmentioning

confidence: 99%

A refinement to the general mechanistic account

Hatleback

Spring

2019

Euro Jnl Phil Sci

Self Cite

View full text Add to dashboard Cite

Phyllis Illari and Jon Williamson propose a formulation for a general mechanistic account, the purpose of which is to capture the similarities across mechanistic accounts in the sciences. Illari and Williamson extract insight from mechanisms in astrophysics-which are notably different from the typical biological mechanisms discussed in the literature on mechanisms-to show how their general mechanistic account accommodates mechanisms across various sciences. We present argumentation that demonstrates why an amendment is necessary to the ontology (entities and activities) referred to by the general mechanistic account provided by Illari and Williamson. The amendment is required due to the variability of some components in computing mechanisms: the very same component serves as either entity or activity, both between levels and within the same level of the explanatory hierarchy. We argue that the proper ontological account of these mechanistic components involves disambiguation via explicitly indexing them as entities or activities.

show abstract

Section: Indexing Beyond the Science Of Computingmentioning

confidence: 99%

A refinement to the general mechanistic account

Hatleback

Spring

2019

Euro Jnl Phil Sci

Self Cite

View full text Add to dashboard Cite

show abstract

“…One popular model of the steps any adversary must take in a successful attack is the intrusion kill chain (Hutchins et al 2011). Spring and Hatleback (2017) argue that the kill chain can be considered a mechanistic explanation of an attack. The kill chain model decomposes an attack into seven steps, which in this case are most naturally understood as activities.…”

Section: Computer Network Attacks-lockheed Martin's Intrusion Kill Chainmentioning

confidence: 99%

“…The kill chain model avoids the challenge of the changeability of software and adversary responsiveness with a strategy similar in some respects to the criminal Fig. 2 Kill chain diagram, following Spring and Hatleback (2017). Circles are entities, arrows are activities, where delivery (3) can take two paths, one targeting the computer, and another targeting the human (i.e., social engineering such as phishing).…”

Section: Computer Network Attacks-lockheed Martin's Intrusion Kill Chainmentioning

confidence: 99%

Building General Knowledge of Mechanisms in Information Security

Spring

Illari

2018

Philos. Technol.

Self Cite

View full text Add to dashboard Cite

We show how more general knowledge can be built in information security, by the building of knowledge of mechanism clusters, some of which are multifield. By doing this, we address in a novel way the longstanding philosophical problem of how, if at all, we come to have knowledge that is in any way general, when we seem to be confined to particular experiences. We also address the issue of building knowledge of mechanisms by studying an area that is new to the mechanisms literature: the methods of what we shall call mechanism discovery in information security. This domain offers a fascinating novel constellation of challenges for building more general knowledge. Specifically, the building of stable communicable mechanistic knowledge is impeded by the inherent changeability of software, which is deployed by malicious actors constantly changing how their software attacks, and also by an ineliminable secrecy concerning the details of attacks not just by attackers (black hats), but also by information security defenders (white hats) as they protect their methods from both attackers and commercial competitors. We draw out ideas from the work of the mechanists Darden, Craver, and Glennan to yield an approach to how general knowledge of mechanisms can be painstakingly built. We then use three related examples of active research problems from information security (botnets, computer network attacks, and malware analysis) to develop philosophical thinking about building general knowledge using mechanisms, and also apply this to develop insights for information security. We show that further study would be instructive both for practitioners (who might welcome the help in conceptualizing what they do) and for philosophers (who will find novel insights into building general knowledge of a highly changeable domain that has been neglected within philosophy of science).

show abstract

“…atak celu. Proces ten równie opisuj Spring, Hatleback (2017) oraz Khan, Siddiqui i Ferens (2018). Natomiast Hahn, Thomas, Lozano, Cardenas (2015) wskazuj na sze faz w tzw.…”

Section: Cykl Ycia Ataku Cybernetycznego W Literaturzeunclassified

“…Zdefiniowany w pracy ogólny cykl ataku wyró nia si od publikowanych w literaturze 17 opisów cyklu ycia ataku cybernetycznego dodanymi dwoma fazami: identyfikacji potrzeb atakuj cego oraz zako czenia ataku. Ponadto, w odró nieniu od dotychczasowego uj cia przez innych badaczy, w przyj tym w pracy cyklu ycia ataku czyn- 17 Coleman, 2012;Hutchinsi in., 2011;Hahn i in., 2015;Spring, Hatleback, 2017 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 30 60 90 120 150 180 210 240 270 3 3 3 3 3 3 3 3 3 3 3 P7 1 0.75 0.5 0.25 0 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 90 180 270 360 450 540 630 720 810 3 3 3 3 3 3 3 3 3 3 3 no ci: a) uruchomienie, b) ewentualna instalacja kodu z o liwego oraz c) dowodzenie, kierowanie i sterowanie wyst puj jako jedna faza. Takie uj cie umo liwia rozwa anie tej w a nie fazy jako wyodr bnionego cyklu ycia, nie trac c jednocze nie ca ego procesu ataku z pola widzenia.…”

Section: Podsumowanieunclassified

The General Cyber-Attack Life Cycle and Its Continuous-Time Markov Chain Model

Hoffman

2018

Ekonomiczne Problemy Usług

View full text Add to dashboard Cite

Ogólny cykl ycia ataku cybernetycznego i jego markowowski model JEL: C02, C6, D81, L86 S owa kluczowe: atak cybernetyczny, cyberatak, cykl ycia ataku cybernetycznego, proces Markowa dyskretny w stanach, a cuch Markowa z ci g ym parametrem Streszczenie. W pracy zaproponowano ogólny cykl ycia ataku cybernetycznego, który wyró nia si od publikowanych w literaturze zasadniczo dwiema dodatkowymi fazami: identyfikacji potrzeb atakuj cego oraz zako czenia ataku cybernetycznego. Na bazie zdefiniowanego cyklu ycia ataku przedstawiono stochastyczny model opisuj cy jego funkcjonowanie. Model bazuje na jednorodnym a cuchu Markowa z ci g ym czasem. Wprowadzenie W historii przest pczo ci komputerowej by o ju wiele spektakularnych cyberataków, które opisywano zarówno w prasie, jak i szeroko omawiano w wielu periodykach naukowych. Ogó spo ecze stwa dowiedzia si tylko o tych najbardziej spektakularnych i/lub wyrafinowanych, i jednocze nie interesuj cych. Ale statystyki prowadzone przez dostawców systemów antywirusowych pokazuj , e sumaryczna liczba ataków w skali sieci globalnej to rz d tysi cy dziennie. To pokazuje, e w dzisiejszych czasach cyberataki to w a ciwie ju codzienno , a najgorsze jest to, e wci b dzie ich przybywa. Mo na powiedzie , e cyberprzest pcy to gangsterzy XXI wieku, przed którymi, na obecnym etapie rozwoju technologicznego, powszechno ci urz dze komputerowych, ale i niefrasobliwo ci u ytkowników, bardzo trudno si obroni. Do tej pory wiele pa stw, firm, organizacji, jak i zwyk ych ludzi, bole nie tego do wiadczy o.

show abstract

Thinking about intrusion kill chains as mechanisms

Cited by 7 publications

References 21 publications

A refinement to the general mechanistic account

A refinement to the general mechanistic account

Building General Knowledge of Mechanisms in Information Security

The General Cyber-Attack Life Cycle and Its Continuous-Time Markov Chain Model

Contact Info

Product

Resources

About