Cyber Threat Analysis

  • Izzat Alsmadi


In cyber threat analysis, knowledge of internal and external vulnerabilities related to a particular system or organization is analyzed and matched against real-world cyber-attacks relevant to that system or organization. Figure 9.1 shows a model that describes threat analysis components:


  1. Akamai’s [state of the internet]/security, Q1 2017 report (2017) www.akamai.comGoogle Scholar
  2. ATP 3-60 (FM 3-60) (2015) Scholar
  3. Bano R (2010) “Muslim women ‘Radicalised’ in UK.” (Last Accessed 4 February 2010)
  4. Bertram SK (2017) F3EAD: find, fix, finish, exploit, analyze and disseminate – the alternative intelligence cycle. Digital shadowsGoogle Scholar
  5. Checkpoint (2016) How to choose your next sandboxing solutionGoogle Scholar
  6. Control Risks Group Limited (2015) Cyber threats to the Mexican financial sectorGoogle Scholar
  7. Core Security (2016) Core impact. Retrieved 23 Feb 2017
  8. Core Security (2017) DGAs in the hands of cyber-criminals, examining the state of the art in malware evasion techniquesGoogle Scholar
  9. CVE Details 2018 The ultimate security vulnerability data source.
  10. Rock DM, Wright DR (2006) Cyber Attack: The Department of Defense’s Inability to Provide Cyber Indications and Warning,
  11. Cyber Threat Analysis, general security, July 17th 2014.
  12. Cyber warfare is no computer game. M&S Journal, Summer 2013Google Scholar
  13. Deibert R (2012) Distributed Security as Cyber Strategy: Outlining a Comprehensive Approach for Canada in Cyberspace. Journal of military and strategic studies. 14Google Scholar
  14. Department of the Army. Army Techniques Publication (ATP) 3-60, 1 May 2015, 2-1.
  15. Edgar TW, Manz DO (2017) Research methods for cyber security. Elsevier Syngress, WalthamGoogle Scholar
  16. ESET (2015) Windows exploitation in 2014. Scholar
  17. ESET (2017) Windows exploitation in 2016. Scholar
  18. F3EAD: Ops/Intel Fusion “Feeds” The SOF Targeting Process, by Charles Faint and Michael Harris. Small Wars Journal, January 31, 2012Google Scholar
  19. FireEye (2013) World War C: understanding nation-state motives behind today’s advanced cyber attacks. FireEye white paper, pp 1–21Google Scholar
  20. FM 3-60 (2010) The targeting process. Department of the Army.
  21. Frei S, Artes F (2012) Cybercrime kill chain vs. defense effectiveness. NSS labs, AustinGoogle Scholar
  22. Hulnick AS (2005) Indications and warning for homeland security: seeking a new paradigm. Int J Intell Counter Intell 18(4):599–600CrossRefGoogle Scholar
  23. Immunity (2017) Canvas. Retrieved February 23, 2017, from
  24. Julian Assange (2014) OR Books announces a major new book with Julian Assange, Available: last accessed 2nd April 2014
  25. Keragala D (2016) Detecting malware and sandbox evasion techniques. SANSGoogle Scholar
  26. Montgomery J (2016) Division cyber operations. Cyber defense review, May 16th 2016Google Scholar
  27. NATO (2013) The Tallinn Manual on International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press, 215pGoogle Scholar
  28. OWASP (2018) Category: vulnerability scanning tools, Scholar
  29. Resilient Intelligent Networks (2015) 8 most common sandbox evasion techniques & the best cyber security solutions.
  30. Robinson M, Astrich C, Swanson S (2012) Cyber threat indications & warning: predict, identify, counter. Small Wars J,
  31. SANS (2003) Intrusion detection evasion: how attackers get past the burglar alarmGoogle Scholar
  32. Schmitt M (2013) Cyberspace and international law: the penumbral mist of uncertainty. Harvard, 126(176), 176–80Google Scholar
  33. Schmitt M (Ed.) (2017) “Tallinn Manual 2.0 on the International Law Applicable to Cyber War-fare, Cambridge University PressGoogle Scholar
  34. Sliwinski KF (2014) Moving beyond the European Union’s weakness as a cyber-security agent. Contemp Security Policy 35(3):468–486CrossRefGoogle Scholar
  35. Stevanovic M, Pedersen JM (2013). Machine learning for identifying botnet network trafficGoogle Scholar
  36. Talamantes A, Kight T (2017) Building a threat-based cyber team. SplunkGoogle Scholar
  37. Tan KMC, Killourhy KS, Maxion RA (2002) Undermining an anomaly-based intrusion detection system using common exploits. In: Wespi A, Vigna G, Deri L (eds) Recent advances in intrusion detection (RAID). Springer, Berlin, pp 54–73CrossRefGoogle Scholar
  38. Tier one targeting: special operations and the F3EAD process. The Havok Journal, 12 Jun 2017Google Scholar
  39. Trevithick J (2017) “Identity Intel Ops” Turn US Special Operators into Combat Detectives. thedrive.comGoogle Scholar
  40. U.S. Department of Defense (2012) Joint Operational Access Concept (JOAC) Version 1.0. United States Department of Defense, Washington, DC, Foreword.
  41. Vaida B (2003) Warning center for cyber-attacks is online, official says, daily briefing. GovExec.comGoogle Scholar
  42. Vashisht SO, Singh A (2014) Turing test in reverse: new sandbox-evasion techniques seek human interaction. FireEyeGoogle Scholar
  43. Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: ACM conference on computer and communications security (CCS), pp 255–264Google Scholar
  44. Wirtz JJ (2013) Indications and warning in an age of uncertainty. Int J Intell Counter Intell 26(3):550CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  1. 1.Texas A&M UniversitySan AntonioUSA

Personalised recommendations