최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기情報保護學會論文誌 = Journal of the Korea Institute of Information Security and Cryptology, v.32 no.3, 2022년, pp.527 - 545
In order to effectively detect APT attacks performed by well-organized adversaries, we implemented a system to detect attacks by reconstructing attack chains of APT attacks. Our attack chain-based APT attack detection system consists of 'events collection and indexing' part which collects various ev...
Defense Advanced Research Projects Agency(DARPA), Transparent Computing (Archived), https://www.darpa.mil/program/transparent-computing, accessed on Mar. 2022
Amanda Strnad, Quy Messiter, Robert Watson, Lucian Carata, Jonathan Anderson and Brian Kidney, "Casual, adaptive, distributed, and efficient tracing system (CADETS)," AFRL-RY-WP-TR-2019-0115, BAE Systems, Sep. 2019
Michaell Gordon, Jordan Eikenberry, Anthony Eden, Jeffrey Perkins, Malavika Samak, Henny Sipma and Martin Rinard, "ClearScope: Full stack provenance graph generation for transparent computing on mobile devices," AFRL-RY-WP-TR-2020-0013, Massachusetts Institute of Technology, Jul. 2020
Josyula Rao, Yan Chen, R. Sekar, Venkat Venkatakrishnan, "Mitigating advanced and persistent threat (APT) damage by reasoning with provenance in large enterprise network (MARPLE) Program," AFRL-RY-WP-TR-2019-0285, International Business Machines Corporation, Jan. 2020
Ryan Wright, Alan Fern, Anthony Williams, James Cheney, Ghita Berrada and Sid Ahmed Benabderrahmane, "A diagnostics approach for persistence threat detection (ADAPT)," AFRL-RY-WP-TR-2019-0140, Galois, Inc., Nov. 2019
Gabriela Ciocarlie, "Tracking and analysis of causality at enterprise-level (TRACE)," ARFL-RY-WP-TR-2019-0337, SRI International, Mar. 2022
OASIS, STIX Version 2.1 Specification, https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html, accessed Mar. 2022
FireEye, "Naval Information Warfare Systems Command (NAVWAR) Awards FireEye First Place in Network Threat Detection Challenge," https://www.fireeye.com/company/press-releases/2021/naval-information-warfare-systems-command-navwar-awards-fireeye-firstplace.html, accessed on Mar. 2022
Center for Threat Informed Defense, Attack Flow, https://ctid.mitre-engenuity.org /our-work/attack- flow/" , accessed on Mar. 2022
MITRE, ATT&CK, https://attack.mitre.org/, accessed on Mar. 2022
PEStudio, https://winitor.com, accessed on Mar. 2022
KISA, "TTPs #6 Target Watering Hole Attack Strategy Analysis," Sep. 2021, https://www.krcert.or.kr/filedownload.do?attack_file_seq3277&attach_file_idEpF3277.pdf, accessed on Mar. 2022
Alfonso Valdes and Keith Skinner, "Probabilistic alert correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 54-68, Oct. 2001
Frederic Cuppens, "Managing alerts in a multi-intrusion detection environment," Proceedings of the 17th Annual Computer Security Applications Conference, pp. 22-31, Dec. 2001
Herve Debar and Andreas Wespi, "Aggregation and correlation of intrusion-detection alerts," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 85-103, Oct. 2001
Peng Ning, Yun Cui and Douglas S. Reeves, "Analyzing intensive intrusion alerts via correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 74-94, Oct. 2002
Frederic Cuppens and Alexandre Miege, "Alert correlation in a cooperative intrusion detection framework," Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 202-215, May 2002
Faeiz Alserhani, Monis Akhlaq, Irfan U. Awan, Andrea J. Cullen and Pravin Mirchandani, "MARS: multi-stage attack recognition system," 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 753-759, Apr. 2010
Benjamin Morin, Ludovic Me, Herve Debar and Mireille Ducasse, "M2D2: A formal data model for IDS alert correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 115-137, Oct. 2002
Steven T. Eckmann, Giovanni Vigna and Richard A. Kemmerer, "STATL: An attack language for state-based intrusion detection," Journal of computer security, vol. 10, no. 1-2, pp. 71-103, 2002
Bin Zhu and Ali A. Ghorbani, "Alert correlation for extracting attack strategies," International Journal on Network Security, vol. 3, no. 3, pp.244-258, Nov. 2006
Hanli Ren, Natalia Stakhanova and Ali A. Ghorbani, "An online adaptive approach to alert correlation," International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.153-172, Jul. 2010
Samuel T. King, Z. Morley Mao, Dominic G. Lucchetti and Peter M. Chen, "Enriching intrusion alerts through multi-host causality," Proceedings of Network and Distributed System Security Symposium (NDSS), Feb. 2005
Samuel T. King and Peter M. Chen, "Backtracking intrusions," Proceedings of the 2003 Symposium on Operating Systems Principles, pp. 223-236, Oct. 2003
Md Nahid Hossain et al., "SLEUTH: Real-time attack scenario reconstruction from COTS audit data," 26th USENIX Security Symposium(USENIX Security 17), pp. 487-504, Aug. 2017
Sadegh M. Milajerdi et al., "HOLMES: Real-time APT detection through correlation of suspicious information flows," 2019 IEEE Symposium on Security and Privacy, pp. 1137-1152, May 2019
Chunlin Xiong et al., "CONAN: A practical real-time APT detection system With high accuracy and efficiency," IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 1, pp. 551-565, Feb. 2020
Kexin Pei, et al., "HERCULE: Attack story reconstruction via community discovery on correlated log graph," Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 583-595, Dec. 2016
Jun Zeng, et al., "WATSON: Abstracting behaviors from audit logs via aggregation of contextual semantics," Proceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS), pp. 1-18, Feb. 2021
Cesar Ghali, Gene Tsudik and Ersin Uzun, "Needle in a haystack: Mitigating content poisoning in named-data networking," Proceedings of NDSS workshop on security of emerging networking technologies (SENT), Feb. 2014
Yang Ji, et al., "Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking," 27th USENIX Security Symposium (USENIX Security '18), pp. 1705-1722, Aug. 2018
Shiqing Ma et al., "Kernel-supported cost-effective audit logging for causality tracking," 2018 USENIX Annual Technical Conference (USENIX ATC 18), pp.241-254, Jul. 2018
MITRE ATT&CK, Data Source, https://attack.mitre.org/datasources, accessed on Oct, 2021
OTRF, OSSEM Detection Model (DM), https://github.com/OTRF/OSSEM-DM, accessed on Oct, 2021
Microsoft Sysinternals Sysmon, https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon, accessed on Jan. 2022
SwiftOnSecurity, Sysmon Config, https://github.com/SwiftOnSecurity/sytsmon-config, accessed on Jan. 2022
Neo23x0, auditd, https://github.com/Neo23x0/auditd, accessed on Jan. 2022
Suricata, https;//suricata.io, accessed on Jan. 2022
Zeek, https://zeek.org, accessed on Jan. 2022
Elastic, Elastic Common Schema, https://elastic.co/guide/en/ecs/1.12/index.html, accessed on Jan. 2022
Elastic, Elastic Stack, https://elastic.co/elastic-stack, accessed on Mar. 2022
MITRE, CAR (Cyber Analytics Repostory), https://github.com/mitre-attack/car, accessed on Mar. 2022
SigmaHQ, Sigma, https://github.com/SigmaHQ/sigma, accessed on Mar. 2022
Elastic, Elastic Detection Ruels, https://github.com/elastic/detection-rules, accessed on Mar. 2022
pfSense, https://www.pfsense.org, accessed on Jan. 2022
Pupy, https://github.com/n1nj4sec/pupy, accessed on Jul. 2021
PoshC2, https://github.com/netitude/PoshC2, accessed on Jul. 2021
Metasploit, https://github.com/rapid7/metasploit-framework, accessed on Jul. 2021
MITRE Engenuity, ATT&CK Evaluations, https://attackevals.mitre-engenuity.org. accessed on Mar. 2022
MITRE Center for Threat Informed Defense, Adversary Emulation Library, https://github.com/center-for-threat-informed-defense/adversary_emulation_library, accessed on Jul. 2021
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
Free Access. 출판사/학술단체 등이 허락한 무료 공개 사이트를 통해 자유로운 이용이 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.