AI 본문요약

엑셀 다운로드 AI-Helper

참고문헌 (50)

1. Defense Advanced Research Projects Agency(DARPA), Transparent Computing (Archived), https://www.darpa.mil/program/transparent-computing, accessed on Mar. 2022 

2. Amanda Strnad, Quy Messiter, Robert Watson, Lucian Carata, Jonathan Anderson and Brian Kidney, "Casual, adaptive, distributed, and efficient tracing system (CADETS)," AFRL-RY-WP-TR-2019-0115, BAE Systems, Sep. 2019 

3. Michaell Gordon, Jordan Eikenberry, Anthony Eden, Jeffrey Perkins, Malavika Samak, Henny Sipma and Martin Rinard, "ClearScope: Full stack provenance graph generation for transparent computing on mobile devices," AFRL-RY-WP-TR-2020-0013, Massachusetts Institute of Technology, Jul. 2020 

4. Josyula Rao, Yan Chen, R. Sekar, Venkat Venkatakrishnan, "Mitigating advanced and persistent threat (APT) damage by reasoning with provenance in large enterprise network (MARPLE) Program," AFRL-RY-WP-TR-2019-0285, International Business Machines Corporation, Jan. 2020 

5. Ryan Wright, Alan Fern, Anthony Williams, James Cheney, Ghita Berrada and Sid Ahmed Benabderrahmane, "A diagnostics approach for persistence threat detection (ADAPT)," AFRL-RY-WP-TR-2019-0140, Galois, Inc., Nov. 2019 

6. Gabriela Ciocarlie, "Tracking and analysis of causality at enterprise-level (TRACE)," ARFL-RY-WP-TR-2019-0337, SRI International, Mar. 2022 

7. OASIS, STIX Version 2.1 Specification, https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html, accessed Mar. 2022 

8. FireEye, "Naval Information Warfare Systems Command (NAVWAR) Awards FireEye First Place in Network Threat Detection Challenge," https://www.fireeye.com/company/press-releases/2021/naval-information-warfare-systems-command-navwar-awards-fireeye-firstplace.html, accessed on Mar. 2022 

9. Center for Threat Informed Defense, Attack Flow, https://ctid.mitre-engenuity.org /our-work/attack- flow/" , accessed on Mar. 2022 

10. MITRE, ATT&CK, https://attack.mitre.org/, accessed on Mar. 2022 

11. PEStudio, https://winitor.com, accessed on Mar. 2022 

12. KISA, "TTPs #6 Target Watering Hole Attack Strategy Analysis," Sep. 2021, https://www.krcert.or.kr/filedownload.do?attack_file_seq3277&attach_file_idEpF3277.pdf, accessed on Mar. 2022 

13. Alfonso Valdes and Keith Skinner, "Probabilistic alert correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 54-68, Oct. 2001 

14. Frederic Cuppens, "Managing alerts in a multi-intrusion detection environment," Proceedings of the 17th Annual Computer Security Applications Conference, pp. 22-31, Dec. 2001 

15. Herve Debar and Andreas Wespi, "Aggregation and correlation of intrusion-detection alerts," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 85-103, Oct. 2001 

16. Peng Ning, Yun Cui and Douglas S. Reeves, "Analyzing intensive intrusion alerts via correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 74-94, Oct. 2002 

17. Frederic Cuppens and Alexandre Miege, "Alert correlation in a cooperative intrusion detection framework," Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 202-215, May 2002 

18. Faeiz Alserhani, Monis Akhlaq, Irfan U. Awan, Andrea J. Cullen and Pravin Mirchandani, "MARS: multi-stage attack recognition system," 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 753-759, Apr. 2010 

19. Benjamin Morin, Ludovic Me, Herve Debar and Mireille Ducasse, "M2D2: A formal data model for IDS alert correlation," International Workshop on Recent Advances in Intrusion Detection (RAID), pp. 115-137, Oct. 2002 

20. Steven T. Eckmann, Giovanni Vigna and Richard A. Kemmerer, "STATL: An attack language for state-based intrusion detection," Journal of computer security, vol. 10, no. 1-2, pp. 71-103, 2002 

    상세보기

21. Bin Zhu and Ali A. Ghorbani, "Alert correlation for extracting attack strategies," International Journal on Network Security, vol. 3, no. 3, pp.244-258, Nov. 2006 

22. Hanli Ren, Natalia Stakhanova and Ali A. Ghorbani, "An online adaptive approach to alert correlation," International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.153-172, Jul. 2010 

23. Samuel T. King, Z. Morley Mao, Dominic G. Lucchetti and Peter M. Chen, "Enriching intrusion alerts through multi-host causality," Proceedings of Network and Distributed System Security Symposium (NDSS), Feb. 2005 

24. Samuel T. King and Peter M. Chen, "Backtracking intrusions," Proceedings of the 2003 Symposium on Operating Systems Principles, pp. 223-236, Oct. 2003 

25. Md Nahid Hossain et al., "SLEUTH: Real-time attack scenario reconstruction from COTS audit data," 26th USENIX Security Symposium(USENIX Security 17), pp. 487-504, Aug. 2017 

26. Sadegh M. Milajerdi et al., "HOLMES: Real-time APT detection through correlation of suspicious information flows," 2019 IEEE Symposium on Security and Privacy, pp. 1137-1152, May 2019 

27. Chunlin Xiong et al., "CONAN: A practical real-time APT detection system With high accuracy and efficiency," IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 1, pp. 551-565, Feb. 2020 

28. Kexin Pei, et al., "HERCULE: Attack story reconstruction via community discovery on correlated log graph," Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 583-595, Dec. 2016 

29. Jun Zeng, et al., "WATSON: Abstracting behaviors from audit logs via aggregation of contextual semantics," Proceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS), pp. 1-18, Feb. 2021 

30. Cesar Ghali, Gene Tsudik and Ersin Uzun, "Needle in a haystack: Mitigating content poisoning in named-data networking," Proceedings of NDSS workshop on security of emerging networking technologies (SENT), Feb. 2014 

31. Yang Ji, et al., "Enabling refinable cross-host attack investigation with efficient data flow tagging and tracking," 27th USENIX Security Symposium (USENIX Security '18), pp. 1705-1722, Aug. 2018 

32. Shiqing Ma et al., "Kernel-supported cost-effective audit logging for causality tracking," 2018 USENIX Annual Technical Conference (USENIX ATC 18), pp.241-254, Jul. 2018 

33. MITRE ATT&CK, Data Source, https://attack.mitre.org/datasources, accessed on Oct, 2021 

34. OTRF, OSSEM Detection Model (DM), https://github.com/OTRF/OSSEM-DM, accessed on Oct, 2021 

35. Microsoft Sysinternals Sysmon, https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon, accessed on Jan. 2022 

36. SwiftOnSecurity, Sysmon Config, https://github.com/SwiftOnSecurity/sytsmon-config, accessed on Jan. 2022 

37. Neo23x0, auditd, https://github.com/Neo23x0/auditd, accessed on Jan. 2022 

38. Suricata, https;//suricata.io, accessed on Jan. 2022 

39. Zeek, https://zeek.org, accessed on Jan. 2022 

40. Elastic, Elastic Common Schema, https://elastic.co/guide/en/ecs/1.12/index.html, accessed on Jan. 2022 

41. Elastic, Elastic Stack, https://elastic.co/elastic-stack, accessed on Mar. 2022 

42. MITRE, CAR (Cyber Analytics Repostory), https://github.com/mitre-attack/car, accessed on Mar. 2022 

43. SigmaHQ, Sigma, https://github.com/SigmaHQ/sigma, accessed on Mar. 2022 

44. Elastic, Elastic Detection Ruels, https://github.com/elastic/detection-rules, accessed on Mar. 2022 

45. pfSense, https://www.pfsense.org, accessed on Jan. 2022 

46. Pupy, https://github.com/n1nj4sec/pupy, accessed on Jul. 2021 

47. PoshC2, https://github.com/netitude/PoshC2, accessed on Jul. 2021 

48. Metasploit, https://github.com/rapid7/metasploit-framework, accessed on Jul. 2021 

49. MITRE Engenuity, ATT&CK Evaluations, https://attackevals.mitre-engenuity.org. accessed on Mar. 2022 

50. MITRE Center for Threat Informed Defense, Adversary Emulation Library, https://github.com/center-for-threat-informed-defense/adversary_emulation_library, accessed on Jul. 2021 

저자의 다른 논문 :

이경식 (1)