Logo des Repositoriums

Auflistung nach Schlagwort "IDS"

1 - 3 von 3
  • Zeitschriftenartikel
    Extracting network based attack narratives through use of the cyber kill chain: A replication study
    (it - Information Technology: Vol. 64, No. 1-2, 2022) Weathersby, Aaron; Washington, Mark
    The defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.
  • Konferenzbeitrag
    Fallstricke bei der Inhaltsanalyse von Mails: Beispiele, Ursachen und Lösungsmöglichkeiten
    (SICHERHEIT 2018, 2018) Ullrich, Steffen
    E-Mail ist eine der Hauptangriffswege zur Infektion mit Malware und zum Phishing von Zugangsdaten. Waren Mails vor 1996 auf ASCII-Zeichen und eine Zeilenlänge von 1000 Zeichen beschränkt, so ermöglicht die Nutzung der MIME-Standards heute die Abbildung beliebiger Zei- chenkodierungen und binärer Anhänge innerhalb der ursprünglichen Beschränkungen. Die durch die Komplexität und Flexibilität dieser Standards bedingten Implementationsdifferenzen ermögli- chen jedoch die Konstruktion von Mails, welche unterschiedlich in Sicherheits- und Endsystemen interpretiert werden. Wir haben exemplarisch untersucht, wie dadurch die Analyse in existenten Sicherheitsprodukten umgangen werden kann und welche Möglichkeiten es gibt, dieses Problem in der Praxis zu addressieren.
  • Konferenzbeitrag
    A Testing Framework Architecture for Automotive Intrusion Detection Systems
    (Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Corbett, Christopher; Basic, Tobias; Lukaseder, Thomas; Kargl, Frank
    Vehicles are the target of a rising number of hacking attacks. The integration of in-vehicle intrusion detection systems is a common approach to increase the overall system security. However, testing and evaluating these systems is difficult due to the lack of tools to generate realistic benign and malicious workloads as well as sharing these workloads with other researchers. Currently, test- ing tools are predominantly intended for Network Intrusion Detection System (NIDS) in company or industrial networks where their usefulness became apparent. Yet, in the automotive domain, development of testing tools is still in the early stages. Existing non-commercial automotive tools only focus on one specific bus technology each. However, in-vehicle communication exceeds bus technology boundaries and a testing tool must cover multiple technologies. We propose a framework architecture concept for in-vehicle NIDS testing and evaluation to enable the creation of realistic network traffic and attacks in consideration of automotive specific challenges. Our concept provides the opportunity to share data without additional anonymization effort therefore improving cooperation and reproducibility of testing results.