Visible to the public Cyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture

TitleCyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture
Publication TypeConference Paper
Year of Publication2018
AuthorsCho, S., Han, I., Jeong, H., Kim, J., Koo, S., Oh, H., Park, M.
Conference Name2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
Keywordsadvanced persistent threat attacks, advanced persistent threats, adversarial behavior, Analytical models, attack tactics, Chained Attacks, command and control systems, cyber common operational picture, Cyber Kill Chain, cyber kill chain based threat taxonomy, cyber situation awareness, Human Behavior, intelligent forms, Malware, Metrics, organizations cyber assets, persistent forms, pubcrawl, Reconnaissance, Resiliency, Scalability, security of data, Taxonomy, threat taxonomy, visualization, Weapons
Abstract

Over a decade, intelligent and persistent forms of cyber threats have been damaging to the organizations' cyber assets and missions. In this paper, we analyze current cyber kill chain models that explain the adversarial behavior to perform advanced persistent threat (APT) attacks, and propose a cyber kill chain model that can be used in view of cyber situation awareness. Based on the proposed cyber kill chain model, we propose a threat taxonomy that classifies attack tactics and techniques for each attack phase using CAPEC, ATT&CK that classify the attack tactics, techniques, and procedures (TTPs) proposed by MITRE. We also implement a cyber common operational picture (CyCOP) to recognize the situation of cyberspace. The threat situation can be represented on the CyCOP by applying cyber kill chain based threat taxonomy.

DOI10.1109/CyberSA.2018.8551383
Citation Keycho_cyber_2018