Global adversarial capability modeling

  title={Global adversarial capability modeling},
  author={Jonathan M. Spring and Sarah Kern and Alec Summers},
  journal={2015 APWG Symposium on Electronic Crime Research (eCrime)},
Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The… Expand
Cybersecurity incident response capabilities in the Ecuadorian financial sector
It is found that the Ecuadorian financial sector already confronts cybersecurity risks, driven by both outsiders and insiders, which result in fraud and operational failures, and there is an opportunity to establish better incident response strategies through the creation of a CSIRT and an information-sharing program. Expand
AlertVision: Visualizing Security Alerts
A novel technique for visualizing security alerts is proposed, and implemented in a system that is called AlertVision, which provides an analyst with a visual summary about the correlation between security alerts, and eventually benefits the analyst to build TI. Expand
Thinking about intrusion kill chains as mechanisms
We integrate two established modeling methods from disparate fields: mechanisms from the philosophy of science literature and intrusion kill chain modeling from the computer security literature. TheExpand
Historical Analysis of Exploit Availability Timelines
All vulnerabilities with CVE-IDs since two common repositories of public exploit data became available are analyzed and it is found that 4.1%±0.1%" of CVE-IDs have public exploit code associated with them within 365 days. Expand
Blacklist Ecosystem Analysis: Spanning Jan 2012 to Jun 2014
The results suggest that each blacklist describes a distinct sort of malicious activity and that even merging all lists there is no global ground truth to acquire. Expand
Beyond the pretty penny: the Economic Impact of Cybercrime
This article assesses the shortcomings of existing cost estimates and proposes a theoretical framework to systematically identify the short and long-term impacts of cyber crime both at the agent and societal level, which serves as the foundation to assess the economic consequences of cybercrime beyond monetary costs by focusing on the impact on economic growth. Expand
Review of Human Decision-making during Computer Security Incident Analysis
Practical advice on decision-making during computer security incident response includes standards from the IETF, ISO, FIRST, and the US intelligence community and indicates both strengths and gaps. Expand
Many organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This paper builds on prior work about prioritizing actions duringExpand
Information Security Applications
A new POC attack LightTracker is introduced which infers the victim’s location using light sensor and is shown to show the effectiveness of the attack in real world. Expand
Why Jenny can't figure out which of these messages is a covert information operation
We view foreign interference in US and UK elections via social manipulation through the lens of usable security. Our goal is to provide advice on what interventions on the socio-technical electionExpand


Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
The evolution of advanced persistent threats necessitates an intelligence-based model because in this model the defenders mitigate not just vulnerability, but the threat component of risk, too. Expand
Attack plan recognition and prediction using causal networks
  • X. Qin, Wenke Lee
  • Computer Science
  • 20th Annual Computer Security Applications Conference
  • 2004
The results demonstrate the capability of the proposed probabilistic inference approach in correlating isolated attack scenarios, identifying attack strategies and predicting future attacks. Expand
Modeling malicious domain name take-down dynamics: Why eCrime pays
Domain names drive the ubiquitous use of the Internet. Criminals and adversaries also use domain names for their enterprise. Defenders compete to remove or block such malicious domains. This is aExpand
Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP)
Purpose – Ethnographic studies of cyber attacks typically aim to explain a particular profile of attackers in qualitative terms. The purpose of this paper is to formalise some of the approaches toExpand
Cyber Fraud: Tactics, Techniques and Procedures
With millions lost each year, cyber crime has evolved from a minor nuisance to a major concern involving well-organized actors and highly sophisticated organizations. Combining the best ofExpand
The Diamond Model of Intrusion Analysis
Abstract : This paper presents a novel model of intrusion analysis built by analysts, derived from years of experience, asking the simple question, What is the underlying method to our work? TheExpand
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. FromExpand
Blacklist Ecosystem Analysis Update: 2014
The results suggest that each blacklist describes a distinct sort of malicious activity, and support the assertion that blacklisting is not a sufficient defense; an organization needs other defensive measures to add depth, such as gray listing, behavior analysis, criminal penalties, speed bumps, and organizationspecific white lists. Expand
Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing
It is found that 19% of phishing websites are recompromised within six months, and the rate of recompromise is much higher if they have been identified through web search, which means at least 18% of website compromises are triggered by these searches. Expand
Toward Realistic Modeling Criteria of Games in Internet Security
We propose that there are three types of players in the game: the computer user, the malicious actor, and the security architect. This paper is not about how to “win” the game of Internet security orExpand