Abstract
Advanced persistent threats (APTs) are not only a very prominent buzzword, but often come with a costly impact. A popular approach how to deal with APTs is the kill chain concept. We propose an extension to the kill chain, where the attacker is allowed to continue his attack even after being discovered by defenders. Meanwhile, observing defenders collect valuable intelligence which is to be used to counter future attacks. Benefits and negatives of postponed remediation are presented and related issues are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhatt, P., Yano. E.T.: Analyzing targeted attacks using hadoop applied to forensic investigation. In: Proceedings of the Eighth International Conference on Forensic Computer Science (2013)
Frei, S., Artes, F.: Cybercrime Kill Chain vs. Defense Effectiveness (2012). https://www.nsslabs.com/reports/cybercrime-kill-chain-vs-defense-effectiveness. Available 29 May 2014
Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, vol. 1 (2011)
Harris, B., Konikoff, E., Petersen, P.: Breaking the DDoS attack chain. Technical report, August 2013
Hewlett-Packard. HP attack life cycle use case methodology, Technical white paper, November 2013. http://h20195.www2.hp.com/v2/GetPDF.aspx. Available 29 May 2014
Ioannou, G., Louvieris, P., Clewley, N., Powell, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: 2013 16th International Conference on Information Fusion (FUSION), pp. 842–849. IEEE (2013)
Mandiant. M-Trends 2010: The Advanced Persistent Threat, Report (2010). https://www.mandiant.com/resources/m-trends. Available 29 May 2014
RSA. Stalking The Kill Chain, Research note (2012). http://www.emc.com/collateral/hardware/solution-overview/h11154-stalking-the-kill-chain-so.pdf. Available 29 May 2014
Dell SecureWorks. Advanced Threat Protection with Dell SecureWorks Security Services (2013). http://www.secureworks.com/assets/pdf-store/white-papers/wp-advanced-threat-protection.pdf. Available 29 May 2014
Acknowledgment
Authors would like to express gratitude to the members of Centre for Research on Cryptography and Security of Masaryk University for their valuable ideas and feedback. Special thanks go to Andriy Stetsko, Zdenek Riha and Marek Sys. This work was supported by the GAP202/11/0422 project of the Czech Science Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Bukac, V., Lorenc, V., Matyáš, V. (2014). Red Queen’s Race: APT Win-Win Game. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science(), vol 8809. Springer, Cham. https://doi.org/10.1007/978-3-319-12400-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-12400-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12399-8
Online ISBN: 978-3-319-12400-1
eBook Packages: Computer ScienceComputer Science (R0)