MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network
- PDF / 1,806,120 Bytes
- 27 Pages / 439.37 x 666.142 pts Page_size
- 48 Downloads / 136 Views
MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network Ankang Ju 1
1
& Yuanbo Guo & Tao Li
1
Received: 29 July 2019 / Revised: 7 June 2020 / Accepted: 28 July 2020 # Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract
The emerging cyber security threats pose many challenges to security analysts of enterprise multimedia environments when analysts attempting to analyze and reconstruct advanced persistent threats (APTs). APTs analysis activities are both time-consuming and labor-intensive. Attack modeling technology represented by kill chain can reduce the burden of manual provenience analysis. However, existing Cyber Kill Chain models represent attacks as several stages solidly, and they cannot reflect the characteristics of progressive penetration. It is difficult for security analysts to automate the correlation analysis of attack events in practical usage. In this paper, we first analyze current Cyber Kill Chain models and heterogeneous data sources for APTs detection. Then we propose MCKC (Modified Cyber Kill Chain model) that can be used for standardized correlation analysis. MCKC organizes sub-chains into a recursive structure, and different kill chain penetration processes in the same attack scenario are better connected The proposed MCKC model offers a novel approach for bi-directional attack analysis: forward analysis and backward reasoning which can facilitate threat detection effectively without relying too much on expert knowledge. The advantage of MCKC model is that it is more suitable for cognitive reasoning and APTs scenario reconstruction. Compared with existing models MCKC gives a feasible technological process for threat analysis. The result of case study shows that the modified kill chain model is effective in discovering security events and reconstructing APT attacks. Keywords Cyber kill chain model . APT detection . Bi-directional analysis
1 Introduction In the last decades, the dependence throughout modern societies on information and communication technology (ICT) has continued to rise [3]. Vulnerabilities in the supporting ICT
* Ankang Ju [email protected]
1
Zhengzhou Institute of Information Science and Technology, Zhengzhou 450001, China
Multimedia Tools and Applications
assets threatened the cyber activities that are performed within modern societies. Organizations need to protect their assets against a variety of threat actors that range from cyber criminals to nation states. At the more advanced and persistent end of this threat actor spectrum, actors are often described as Advanced Persistent Threats (APTs). As can be seen from the recent APT attacks [4], the enterprise multimedia networks have become the main target of attacks. The main reason is that the value of data information within enterprise multimedia networks attract hackers to launch network attacks. The network threat brings potential risk for the multimedia enterprise network, and it faces complex security challenges. APTs mainly aims to de
Data Loading...
