Emerging Threats And Countermeas

04 Sep Emerging Threats And Countermeas

Posted at 04:41h in 2Past Paper by Homework Writer

Chapter 9

Correlation

Cyber Attacks Protecting National Infrastructure, 1st ed.

• Correlation is one of the most powerful analytic methods for threat investigation

• Data comparison creates a clearer picture of adversary activity – Profile-based correlation

– Signature-based correlation

– Domain-based correlation

– Time-based correlation

• We rely on human analysis of data; no software can factor in relevant elements

C h a p te

r 9 –

C o rre

la tio

Introduction

Fig. 9.1 – Profile-based activity anomaly

C h a p te

r 9 –

C o rre

la tio

C h a p te

r 9 –

C o rre

la tio

Fig. 9.2 – Signature-based activity match

C h a p te

r 9 –

C o rre

la tio

Fig. 9.3 – Domain-based correlation of a botnet attack at two targets

C h a p te

r 9 –

C o rre

la tio

Fig. 9.4 – Time-based correlation of a botnet attack

C h a p te

r 9 –

C o rre

la tio

Fig. 9.5 – Taxonomy of correlation scenarios

Conventional Security Correlation Methods

• Threat management – data from multiple sources is correlated to identify patterns, trends, and relationships – The approach relies upon security information and event

management (SIEM)

• Commercial firewalls are underutilized

• Correlation function can be decentralized, but that often complicates the process

C h a p te

r 9 –

C o rre

la tio

C h a p te

r 9 –

C o rre

la tio

Fig. 9.6 – Correlating intrusion detection alarms with firewall policy

rules

Quality and Reliability Issues in Data Correlation

• Quality and reliability of data sources important to consider

• Service level agreements – Service level agreements guarantee quality of data

– Quality and reliability not guaranteed with volunteered data

• Without consistent, predictable, and guaranteed data delivery, correlations likely to be incorrect and data likely missing

C h a p te

r 9 –

C o rre

la tio

C h a p te

r 9 –

C o rre

la tio

Fig. 9.7 – Incorrect correlation result due to imperfect collection

• Network service providers have best vantage point for correlating data across multiple organizations, regions, etc.

• Network service providers have view of network activity that allows them to see problems

C h a p te

r 9 –

C o rre

la tio

Correlating Data to Detect a Worm

C h a p te

r 9 –

C o rre

la tio

Fig. 9.8 – Time-based correlation to detect worm

• The context of carrier infrastructure may offer best chance to perform correlation relative to a botnet

• Botnets are often widely distributed, geographically

• Sharing information on botnet tactics might help others protect themselves

C h a p te

r 9 –

C o rre

la tio

Correlating Data to Detect a Botnet

C h a p te

r 9 –

C o rre

la tio

Fig. 9.9 – Correlative depiction of a typical botnet

• For national infrastructure protection, large-scale correlation of all-source data is complicated by several factors – Data formats

– Collection targets

– Competition

• These can only be overcome with a deliberate correlation process

C h a p te

r 9 –

C o rre

la tio

Large-Scale Correlation Process

C h a p te

r 9 –

C o rre

la tio

Fig. 9.10 – Large-scale, multipass correlation process with feedback

• Organizations with national infrastructure responsibility should be encouraged to create and follow a local program of data correlation

• National-level programs might be created to correlate collected data at the highest level. This approach requires the following – Transparent operations

– Guaranteed data feeds

– Clearly defined value proposition

– Focus on situational awareness

C h a p te

r 9 –

C o rre

la tio

National Correlation Process

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Print page

Emerging Threats And Countermeas

04 Sep Emerging Threats And Countermeas

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

Are there Discounts?

Hire a tutor today CLICK HERE to make your first order

Study Help

About Us