Pivot Attack Classification for Cyber Threat Intelligence-Reference-Cited by-同舟云学术

Pivot Attack Classification for Cyber Threat Intelligence

Published:2022-10-03 Issue:2 Volume:5 Page:91-103
ISSN:1658-7790
Container-title:Journal of Information Security and Cybercrimes Research
language:
Short-container-title:JISCR

Author:

al-Khateeb Haider¹,Salema Marques Rafael¹,Epiphaniou Gregory²,Maple Carsten²

Affiliation:

1. School of Engineering, Computing and Mathematical Sciences, University of Wolverhampton, Wolverhampton, UK

2. Warwick Manufacturing Group (WMG), The University of Warwick, Coventry, UK

Abstract

The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recognising and classifying this technique in large corporate networks is a complex task, due to the number of different events and traffic generated. In this paper, we present a pivot attack classification criteria based on perceived indicators of attack (IoA) to identify the level of connectivity achieved by the adversary. Additionally, an automatic pivot classifier algorithm is proposed to include a classification attribute to introduce a novel capability for the APIVADS pivot attack detection scheme. The new algorithm includes an attribute to differentiate between types of pivot attacks and contribute to the threat intelligence capabilities regarding the adversary modus operandi. To the best of our knowledge, this is the first academic peer-reviewed study providing a pivot attack classification criteria.

Publisher

Naif Arab University for Security Sciences

Subject

Materials Chemistry,Economics and Econometrics,Media Technology,Forestry

Reference38 articles.

1. [1] M. Ussath, D. Jaeger, Feng Cheng, and C. Meinel, “Advanced persistent threats: Behind the scenes,” in 2016 Annu. Conf. Inf. Sci. Syst. (CISS), 2016, pp. 181-186, doi: 10.1109/CISS.2016.7460498.

2. [2] MITRE, “Adversarial tactics, techniques and common knowledge,” 2020. [Online]. Available: https://attack.mitre.org/

3. [3] A. Greco, G. Pecoraro, A. Caponi, and G. Bianchi, “Advanced Widespread Behavioral Probes against Lateral Movements,” Int. J. Inf. Secur. Res., vol. 6, no. 2, pp. 651-659, June 2016, doi: 10.20533/ijisr.2042.4639.2016.0075.

4. [4] G. Apruzzese, F. Pierazzi, M. Colajanni, and M. Marchetti, “Detection and Threat Prioritization of Pivoting Attacks in Large Networks,” IEEE Trans. Emerg. Topics Comput., vol. 8, no. 2, pp. 404-415, 1 April-June 2020, doi: 10.1109/TETC.2017.2764885.

5. [5] C. Cimpanu, “NASA hacked because of unauthorized Raspberry Pi connected to its network,” June 21, 2019. [Online]. Available: https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. GeniGraph: A genetic-based novel security defense resource allocation method for interdependent systems modeled by attack graphs;Computers & Security;2024-09

2. Agriculture 4.0 and beyond: Evaluating cyber threat intelligence sources and techniques in smart farming ecosystems;Computers & Security;2024-05

3. Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2024

4. Cyber-Attack Detection Using Machine Learning Technique;Lecture Notes in Networks and Systems;2024

5. Agriculture 4.0 and Beyond: Evaluating Cyber Threat Intelligence Sources and Techniques in Smart Farming Ecosystems;2024