The search functionality is under construction.
The search functionality is under construction.

Modeling Attack Activity for Integrated Analysis of Threat Information

Daiki ITO, Kenta NOMURA, Masaki KAMIZONO, Yoshiaki SHIRAISHI, Yasuhiro TAKANO, Masami MOHRI, Masakatu MORII

  • Full Text Views

    0

  • Cite this

Summary :

Cyber attacks targeting specific victims use multiple intrusion routes and various attack methods. In order to combat such diversified cyber attacks, Threat Intelligence is attracting attention. Attack activities, vulnerability information and other threat information are gathered, analyzed and organized in threat intelligence and it enables organizations to understand their risks. Integrated analysis of the threat information is needed to compose the threat intelligence. Threat information can be found in incident reports published by security vendors. However, it is difficult to analyze and compare their reports because they are described in various formats defined by each vendor. Therefore, in this paper, we apply a modeling framework for analyzing and deriving the relevance of the reports from the views of similarity and relation between the models. This paper presents the procedures of modeling incident information described in the reports. Moreover, as case studies, we apply the modeling method to some actual incident reports and compare their models.

Publication
IEICE TRANSACTIONS on Information Vol.E101-D No.11 pp.2658-2664
Publication Date
2018/11/01
Publicized
2018/08/22
Online ISSN
1745-1361
DOI
10.1587/transinf.2017ICP0015
Type of Manuscript
Special Section PAPER (Special Section on Information and Communication System Security)
Category
Forensics and Risk Analysis

Authors

Daiki ITO
  PwC Cyber Services
Kenta NOMURA
  PwC Cyber Services
Masaki KAMIZONO
  PwC Cyber Services
Yoshiaki SHIRAISHI
  Kobe University
Yasuhiro TAKANO
  Kobe University
Masami MOHRI
  Gifu University
Masakatu MORII
  Kobe University

Keyword