检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《Cybersecurity》2020年第1期103-122,共20页网络空间安全科学与技术(英文)
基 金:This work was partly funded by the Austrian security-research programme FORTE and by the Austrian Ministry for Transport,Innovation and Technology(BMvit)through the FFG project CADSP(873425).
摘 要:The attribution of cyber attacks is often neglected.The consensus still is that little can be done to prosecute the perpetrators–and unfortunately,this might be right in many cases.What is however only of limited interest for the private industry is in the center of interest for nation states.Investigating if an attack was carried out in the name of a nation state is a crucial task for secret services.Many methods,tools and processes exist for network-and computer forensics that allow the collection of traces and evidences.They are the basis to associate adversarial actions to threat actors.However,a serious problem which has not got the appropriate attention from research yet,are false flag campaigns,cyber attacks which apply covert tactics to deceive or misguide attribution attempts–either to hide traces or to blame others.In this paper we provide an overview of prominent attack techniques along the cyber kill chain.We investigate traces left by attack techniques and which questions in course of the attribution process are answered by investigating these traces.Eventually,we assess how easily traces can be spoofed and rate their relevancy with respect to identifying false flag campaigns.
关 键 词:Actor attribution Advanced persistent threats Technical indicators False flag campaigns
分 类 号:TP393.081[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.112