| Presentation | 2017-03-13 Modeling of Attack Activity for Integrated Analysis of Threat Information Kenta Nomura, Daiki Ito, Masaki Kamizono, Yoshiaki Shiraishi, Yasuhiro Takano, Masami Mohri, Yuji Hoshizawa, Masakatu Morii, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Cyber attacks targeting specific victims use multiple intrusion routes and various attack methods. In order to combat such diversified cyber attacks, Threat Intelligence which is gathered attack activities, vulnerability information, and so on and is analyzed and organized them to let us utilize are attracted attention. Integrated analysis of the threat information is needed to compose the Threat Intelligence. The threat information can be found in incident reports published by security vendors. However, it is difficult to compare these reports because they are described in various formats defined by vendors. Therefore, in this paper, we apply a modeling framework for the reports and consider deriving the relevance of the reports from similarity and relation between the models. This paper presents the procedures of modeling from the reports. Moreover, as case studies, some examples of comparisons obtained by applying the modeling method for actual incident reports are shown. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Diamond Model / Threat Intelligence / Cyber Kill Chain / Incident Report |
| Paper # | ICSS2016-47 |
| Date of Issue | 2017-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2017/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
| Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
| Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Modeling of Attack Activity for Integrated Analysis of Threat Information |
| Sub Title (in English) | |
| Keyword(1) | Diamond Model |
| Keyword(2) | Threat Intelligence |
| Keyword(3) | Cyber Kill Chain |
| Keyword(4) | Incident Report |
| 1st Author's Name | Kenta Nomura |
| 1st Author's Affiliation | Kobe University(Kobe Univ.) |
| 2nd Author's Name | Daiki Ito |
| 2nd Author's Affiliation | Kobe University(Kobe Univ.) |
| 3rd Author's Name | Masaki Kamizono |
| 3rd Author's Affiliation | PwC Cyber Services(PwC Cyber Services) |
| 4th Author's Name | Yoshiaki Shiraishi |
| 4th Author's Affiliation | Kobe University(Kobe Univ.) |
| 5th Author's Name | Yasuhiro Takano |
| 5th Author's Affiliation | Kobe University(Kobe Univ.) |
| 6th Author's Name | Masami Mohri |
| 6th Author's Affiliation | Gifu University(Gifu Univ.) |
| 7th Author's Name | Yuji Hoshizawa |
| 7th Author's Affiliation | PwC Cyber Services(PwC Cyber Services) |
| 8th Author's Name | Masakatu Morii |
| 8th Author's Affiliation | Kobe University(Kobe Univ.) |
| Date | 2017-03-13 |
| Paper # | ICSS2016-47 |
| Volume (vol) | vol.116 |
| Number (no) | ICSS-522 |
| Page | pp.pp.7-12(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-03-06 (ICSS) |