We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network.
- Authors
Ju, Ankang; Guo, Yuanbo; Li, Tao
- Abstract
The emerging cyber security threats pose many challenges to security analysts of enterprise multimedia environments when analysts attempting to analyze and reconstruct advanced persistent threats (APTs). APTs analysis activities are both time-consuming and labor-intensive. Attack modeling technology represented by kill chain can reduce the burden of manual provenience analysis. However, existing Cyber Kill Chain models represent attacks as several stages solidly, and they cannot reflect the characteristics of progressive penetration. It is difficult for security analysts to automate the correlation analysis of attack events in practical usage. In this paper, we first analyze current Cyber Kill Chain models and heterogeneous data sources for APTs detection. Then we propose MCKC (Modified Cyber Kill Chain model) that can be used for standardized correlation analysis. MCKC organizes sub-chains into a recursive structure, and different kill chain penetration processes in the same attack scenario are better connected The proposed MCKC model offers a novel approach for bi-directional attack analysis: forward analysis and backward reasoning which can facilitate threat detection effectively without relying too much on expert knowledge. The advantage of MCKC model is that it is more suitable for cognitive reasoning and APTs scenario reconstruction. Compared with existing models MCKC gives a feasible technological process for threat analysis. The result of case study shows that the modified kill chain model is effective in discovering security events and reconstructing APT attacks.
- Subjects
MULTIMEDIA communications; COGNITIVE analysis; CYBER physical systems; PROGRESSIVE collapse; SECURITIES analysts; INTERNET security
- Publication
Multimedia Tools & Applications, 2020, Vol 79, Issue 39/40, p29923
- ISSN
1380-7501
- Publication type
Article
- DOI
10.1007/s11042-020-09444-x