Abstract
The emerging cyber security threats pose many challenges to security analysts of enterprise multimedia environments when analysts attempting to analyze and reconstruct advanced persistent threats (APTs). APTs analysis activities are both time-consuming and labor-intensive. Attack modeling technology represented by kill chain can reduce the burden of manual provenience analysis. However, existing Cyber Kill Chain models represent attacks as several stages solidly, and they cannot reflect the characteristics of progressive penetration. It is difficult for security analysts to automate the correlation analysis of attack events in practical usage. In this paper, we first analyze current Cyber Kill Chain models and heterogeneous data sources for APTs detection. Then we propose MCKC (Modified Cyber Kill Chain model) that can be used for standardized correlation analysis. MCKC organizes sub-chains into a recursive structure, and different kill chain penetration processes in the same attack scenario are better connected The proposed MCKC model offers a novel approach for bi-directional attack analysis: forward analysis and backward reasoning which can facilitate threat detection effectively without relying too much on expert knowledge. The advantage of MCKC model is that it is more suitable for cognitive reasoning and APTs scenario reconstruction. Compared with existing models MCKC gives a feasible technological process for threat analysis. The result of case study shows that the modified kill chain model is effective in discovering security events and reconstructing APT attacks.
Similar content being viewed by others
References
Amirul Aslam Ahmed, Anazida Zainal (2017): Cyber Attack Profiling Towards Critical Inftastructures Using Modified System Fault Risk Framework. UTM Computing Proceedings Innovations in Computing Technology and Applications 2
Albeshri, A., Thayananthan, V.J.I.J.O.I.T, Making, D. (2018): Analytical techniques for decision making on information security for big data breaches
Bada, M, Sasse, AM, Nurse, JRJ (2019). A.P.A.: Cyber security awareness campaigns: Why do they fail to change behaviour
Kiran Bandla, David Westcott, https://github.com/aptnotes/data
Bayley, I (2014): Challenges for a formal framework for patterns. https://link.springer.com/chapter/10.1007%2F978-3-319-04447-7_4
Bryant B, Saiedian H (2017) A novel kill-chain framework for remote security log analysis with SIEM software. Computers & Security 67:198–210
Caltagirone, S, Pendergast, A, Betz, C (2013): The diamond model of intrusion analysis. Center For Cyber Intelligence Analysis and Threat Research
FireEye, https://www.fireeye.com/blog/threat-research/2018/04/m-trends-2018.html
Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research 1:1–14
Khan, MS, Siddiqui, S, Ferens, K (2018): A Cognitive and Concurrent Cyber Kill Chain Model. Computer and Network Security Essentials, pp. 585–602
Lallie, H.S., Debattista, K., Bal, J.: An empirical evaluation of the effectiveness of attack graphs and fault trees in cyber-attack perception. IEEE Transactions on Information Forensics and Security \, 1110–1122 (2018)
Mandiant APT (2013) 1 Report
Siadati, H, Memon, N (2017): Detecting structurally anomalous logins within enterprise networks. the 2017 ACM SIGSAC Conference, pp. 1273–1284
Strom, BE, Battaglia, JA, Kemmerer, MS, Kupersanin, W, Miller, DP, Wampler, C, Whitley, SM, Wolf, RD (2017): Finding Cyber Threats with ATT&CK™-Based Analytics. MITRE Technical Report MTR170202. The MITRE Corporation, 2017. URL https …
Syed, Z, Padia, A, Finin, T, Mathews, ML, Joshi, A (2017): UCO: a unified Cybersecurity ontology. In: AAAI Workshop: Artificial Intelligence for Cyber Security
Wikipedia, https://en.wikipedia.org/wiki/Advanced_persistent_threat
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ju, A., Guo, Y. & Li, T. MCKC: a modified cyber kill chain model for cognitive APTs analysis within Enterprise multimedia network. Multimed Tools Appl 79, 29923–29949 (2020). https://doi.org/10.1007/s11042-020-09444-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-020-09444-x