论文信息 - Towards a definition of cyberspace tactics, techniques and procedures

Towards a definition of cyberspace tactics, techniques and procedures

Cybersecurity professionals often speak of tactics, techniques and procedures (TTPs) when describing the activities of threat actors, yet these terms are not as well defined in cybersecurity as in military doctrine. Systems that use artificial intelligence (AI) and machine learning (ML) to address cybersecurity problems could better determine adversarial intent and future actions by connecting sequences of actions to threat actor intent. In this paper, we define TTPs in relation to cybersecurity and present a model of TTPs for cyberspace operations that is useful to both humans and synthetic agents. We then describe how these can be applied to real-world cyberspace operations, using advanced persistent threat (APT) 28's Pawn Storm campaign as an exemplar. Finally, we show how we've approached the development of ML algorithms to provide predictive analytics based on large security datasets.

[1] Douglas Otis,et al. Operation Pawn Storm Using Decoys to Evade Detection , 2014 .

[2] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[3] Eric Michael Hutchins,et al. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[4] J. A. Battaglia,et al. Finding Cyber Threats with ATT&CK-Based Analytics , 2017 .