Skip to main content
SpringerLink
Log in

MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The emerging cyber security threats pose many challenges to security analysts of enterprise multimedia environments when analysts attempting to analyze and reconstruct advanced persistent threats (APTs). APTs analysis activities are both time-consuming and labor-intensive. Attack modeling technology represented by kill chain can reduce the burden of manual provenience analysis. However, existing Cyber Kill Chain models represent attacks as several stages solidly, and they cannot reflect the characteristics of progressive penetration. It is difficult for security analysts to automate the correlation analysis of attack events in practical usage. In this paper, we first analyze current Cyber Kill Chain models and heterogeneous data sources for APTs detection. Then we propose MCKC (Modified Cyber Kill Chain model) that can be used for standardized correlation analysis. MCKC organizes sub-chains into a recursive structure, and different kill chain penetration processes in the same attack scenario are better connected The proposed MCKC model offers a novel approach for bi-directional attack analysis: forward analysis and backward reasoning which can facilitate threat detection effectively without relying too much on expert knowledge. The advantage of MCKC model is that it is more suitable for cognitive reasoning and APTs scenario reconstruction. Compared with existing models MCKC gives a feasible technological process for threat analysis. The result of case study shows that the modified kill chain model is effective in discovering security events and reconstructing APT attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

References

  1. Amirul Aslam Ahmed, Anazida Zainal (2017): Cyber Attack Profiling Towards Critical Inftastructures Using Modified System Fault Risk Framework. UTM Computing Proceedings Innovations in Computing Technology and Applications 2

  2. Albeshri, A., Thayananthan, V.J.I.J.O.I.T, Making, D. (2018): Analytical techniques for decision making on information security for big data breaches

  3. Bada, M, Sasse, AM, Nurse, JRJ (2019). A.P.A.: Cyber security awareness campaigns: Why do they fail to change behaviour

  4. Kiran Bandla, David Westcott, https://github.com/aptnotes/data

  5. Bayley, I (2014): Challenges for a formal framework for patterns. https://link.springer.com/chapter/10.1007%2F978-3-319-04447-7_4

  6. Bryant B, Saiedian H (2017) A novel kill-chain framework for remote security log analysis with SIEM software. Computers & Security 67:198–210

    Article  Google Scholar 

  7. Caltagirone, S, Pendergast, A, Betz, C (2013): The diamond model of intrusion analysis. Center For Cyber Intelligence Analysis and Threat Research

  8. FireEye, https://www.fireeye.com/blog/threat-research/2018/04/m-trends-2018.html

  9. Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1:1–14

    Google Scholar 

  10. Khan, MS, Siddiqui, S, Ferens, K (2018): A Cognitive and Concurrent Cyber Kill Chain Model. Computer and Network Security Essentials, pp. 585–602

  11. Lallie, H.S., Debattista, K., Bal, J.: An empirical evaluation of the effectiveness of attack graphs and fault trees in cyber-attack perception. IEEE Transactions on Information Forensics and Security \, 1110–1122 (2018)

    Article  Google Scholar 

  12. Mandiant APT (2013) 1 Report

  13. Siadati, H, Memon, N (2017): Detecting structurally anomalous logins within enterprise networks. the 2017 ACM SIGSAC Conference, pp. 1273–1284

  14. Strom, BE, Battaglia, JA, Kemmerer, MS, Kupersanin, W, Miller, DP, Wampler, C, Whitley, SM, Wolf, RD (2017): Finding Cyber Threats with ATT&CK™-Based Analytics. MITRE Technical Report MTR170202. The MITRE Corporation, 2017. URL https …

  15. Syed, Z, Padia, A, Finin, T, Mathews, ML, Joshi, A (2017): UCO: a unified Cybersecurity ontology. In: AAAI Workshop: Artificial Intelligence for Cyber Security

  16. Wikipedia, https://en.wikipedia.org/wiki/Advanced_persistent_threat

Download references

Author information

Authors and Affiliations

  1. Zhengzhou Institute of Information Science and Technology, Zhengzhou, 450001, China

    Ankang Ju, Yuanbo Guo & Tao Li

Authors
  1. Ankang Ju
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuanbo Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ankang Ju.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ju, A., Guo, Y. & Li, T. MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network. Multimed Tools Appl 79, 29923–29949 (2020). https://doi.org/10.1007/s11042-020-09444-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-09444-x

Keywords

Search

Navigation