A Cognitive and Concurrent Cyber Kill Chain Model

A cyber kill chain is a traditional model to analyze cyber security threats, whether there is a malware inside a computer system, covert and illegitimate channels found on a network, or an insider threat. This model has been used by cyber security professionals extensively, however, has found little attention in the academic domain. Further, with the evolution of the threat landscape into more advanced and persistent threats, this model has been challenged due to its weakness to incorporate advanced threats that are able to change their signatures, behaviors and can hide inside a computing node and remain undetected by masquerading their true nature. This chapter describes the traditional kill chain model in detail; discusses weaknesses of this model; proposes a new kill chain analytical model that supports concurrent analysis of threat stages, as opposed to sequential analysis of the existing kill chain model; and explains how the new model mimics the human mental process of threat analysis with examples. The proposed cyber kill chain model strengthens the analysis model of cyber security experts and enriches cyber professionals’ understanding of threats and attacks holistically.

[1]  Heng Yin,et al.  Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation , 2014, CCS.

[2]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[3]  Eliane Martins,et al.  A Black-Box Approach to Detect Vulnerabilities in Web Services Using Penetration Testing , 2015, IEEE Latin America Transactions.

[4]  Fabian Monrose,et al.  Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire , 2016, NDSS.

[5]  Arvind Mallari Rao,et al.  Technical Aspects of Cyber Kill Chain , 2015, SSCC.

[6]  Elisa Bertino,et al.  A Data Driven Approach for the Science of Cyber Security: Challenges and Directions , 2016, 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI).

[7]  Tudor Dumitras,et al.  Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns , 2016, NDSS.

[8]  Martin Novotny Cryptanalytical attacks on cyber-physical systems , 2016 .

[9]  Magnus Westerlund,et al.  Analytics for Network Security: A Survey and Taxonomy , 2017 .

[10]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[11]  Audrey J. Dorofee,et al.  Computer Security Incident Response Team Development and Evolution , 2014, IEEE Security & Privacy.

[12]  Richard J. Enbody,et al.  Malvertising – exploiting web advertising , 2011 .

[13]  Andrew Lee,et al.  Malware is called malicious for a reason: The risks of weaponizing code , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[14]  M. Thangavel,et al.  A Review on Digital Sphere Threats and Vulnerabilities , 2016 .

[15]  Wojciech Mazurczyk,et al.  Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall , 2016, IEEE Network.

[16]  Witold Kinsner,et al.  Multifractal Singularity Spectrum for Cognitive Cyber Defence in Internet Time Series , 2015, Int. J. Softw. Sci. Comput. Intell..

[17]  Scott Jasper U.S. Cyber Threat Intelligence Sharing Frameworks , 2017 .

[18]  Kim-Kwang Raymond Choo,et al.  Empirical Analysis of Impact of HTTP Referer on Malicious Website Behaviour and Delivery , 2016, 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).

[19]  Jiyong Jang,et al.  Detecting Malicious Exploit Kits using Tree-based Similarity Searches , 2016, CODASPY.

[20]  Konstantinos Markantonakis,et al.  Binding Hardware and Software to Prevent Firmware Modification and Device Counterfeiting , 2016, CPSS@AsiaCCS.

[21]  Nan Zhang,et al.  Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Jassim Happa,et al.  A Model to Facilitate Discussions About Cyber Attacks , 2017 .

[23]  Fang Yu,et al.  Patcher: An Online Service for Detecting, Viewing and Patching Web Application Vulnerabilities , 2014, 2014 47th Hawaii International Conference on System Sciences.

[24]  Richard J. Enbody,et al.  The state of HTTP declarative security in online banking websites , 2011 .

[25]  A. Sivaprasad,et al.  A complete study on tools & techniques for digital forensic analysis , 2012, 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET).

[26]  Yingxu Wang,et al.  Cognitive Intelligence: Deep Learning, Thinking, and Reasoning by Brain-Inspired Systems , 2016, Int. J. Cogn. Informatics Nat. Intell..

[27]  Taeeun Kim,et al.  A Study on the Classification of Common Vulnerabilities and Exposures using Naïve Bayes , 2016, BWCCA.

[28]  Witold Kinsner,et al.  Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification , 2016, IWSPA@CODASPY.

[29]  Witold Kinsner,et al.  A cognitive multifractal approach to characterize complexity of non-stationary and malicious DNS data traffic using adaptive sliding window , 2015, 2015 IEEE 14th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC).

[30]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[31]  Dipankar Dasgupta,et al.  Classification of Insider Threat Detection Techniques , 2016, CISRC.

[32]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).