论文信息 - Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats

Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats

Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.

Johan Sigholm | Martin Bang | J. Sigholm | Martin Bang

[1] Allen Welsh Dulles,et al. The craft of intelligence , 1963 .

[2] Michael Herman,et al. Intelligence power in peace and war , 1996 .

[3] Tod Hoffman. Intelligence Power in Peace and War , 1997 .

[4] Richards J. Heuer,et al. Psychology of Intelligence Analysis , 1999 .

[5] Azriel Lorber. Misguided Weapons: Technological Failure and Surprise on the Battlefield , 2002 .

[6] Robert M. Clark,et al. Intelligence Analysis: A Target-Centric Approach , 2003 .

[7] Simin Nadjm-Tehrani,et al. ADWICE - Anomaly Detection with Real-Time Incremental Clustering , 2004, ICISC.

[8] J. Frey. The 9/11 Commission Report: Final Report of the National Commission on Terrorist attacks upon the United States , 2004 .

[9] Charles M. Vest,et al. The Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction: Report to the President of the United States , 2005 .

[10] Christopher J. Novak,et al. 2009 Data Breach Investigations Report , 2009 .

[11] Matthew M Hurley,et al. For and from Cyberspace: Conceptualizing Cyber Intelligence, Surveillance, and Reconnaissance , 2012 .

[12] Johan Sigholm,et al. Best-effort Data Leakage Prevention in inter-organizational tactical MANETs , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[13] Rob Johnston. Analytic Culture in the U.S. Intelligence Community: An Ethnographic Study , 2012 .

[14] Richard Stone. A call to cyber arms. , 2013, Science.