Logo des Repositoriums

Auflistung nach Schlagwort "Snort"

1 - 2 von 2
  • Zeitschriftenartikel
    Extracting network based attack narratives through use of the cyber kill chain: A replication study
    (it - Information Technology: Vol. 64, No. 1-2, 2022) Weathersby, Aaron; Washington, Mark
    The defense of a computer network requires defenders to both understand when an attack is taking place and understand the larger strategic goals of their attackers. In this paper we explore this topic through the replication of a prior study “Extracting Attack Narratives from Traffic Datasets” by Mireles et al. [Athanasiades, N., et al., Intrusion detection testing and benchmarking methodologies, in First IEEE International Workshop on Information Assurance. 2003, IEEE: Darmstadt, Germany]. In their original research Mireles et al. proposed a framework linking a particular cyber-attack model (the Mandiant Life Cycle Model) and identification of individual attack signatures into a process as to provide a higher-level insight of an attacker in what they termed as attack narratives. In our study we both replicate the original authors work while also moving the research forward by integrating many of the suggestions Mireles et al. provided that would have improved their study. Through our analysis, we confirm the concept that attack narratives can provide additional insight beyond the review of individual cyber-attacks. We also built upon one of their suggested areas by exploring their framework through the lens of Lockheed Martin Cyber Kill Chain. While we found the concept to be novel and potentially useful, we found challenges replicating the clarity Mireles et al. described. In our research we identify the need for additional research into describing additional components of an attack narrative including the nonlinear nature of cyber-attacks and issues of identity and attribution.
  • Konferenzbeitrag
    Systematische Ableitung von Signaturen durch Wiederverwendung am Beispiel von Snort
    (SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2008) Schmerl, Sebastian; Rietz, René; König, Hartmut
    Die Wirksamkeit von Intrusion Detection Systemen mit Signaturanalyse hängt entscheidend von der Präzision der verwendeten Signaturen ab. Die Ursachen unpräziser Signaturen sind hauptsächlich der Signaturableitung zuzuschreiben. Die Spezifikation einer Signatur ist aufwendig und fehleranfällig. Methoden für ein systematisches Vorgehen existieren bisher kaum. In diesem Papier stellen wir einen Ansatz zur systematischen Ableitung von Signaturen durch Wiederverwendung von Signaturen bzw. Signaturfragmenten vor, der ursprünglich für Multi- Step-Attacken entwickelt wurde. Wir zeigen, dass er auch für Single-Step-Attacken genutzt werden kann. Dazu verwenden wir Snort-Signaturen.