A Flow-based Multi-agent Data Exfiltration Detection Architecture for Ultra-low Latency Networks

Marques, Rafael Salema; Epiphaniou, Gregory; Al-Khateeb, Haider; Maple, Carsten; Hammoudeh, Mohammad; Castro, Paulo André Lima de; Dehghantanha, Ali; Choo, Kim Kwang Raymond

doi:10.1145/3419103

Cited by 10 publications

(1 citation statement)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Defensive pivot attack metrics can be helpful to support defence requirements regarding pivoting prevention and network segmentation. In other words, a pivot attack classification can provide tangible security requirements alongside detection architectures [38] to reduce the attack surface, and to support network segmentation criteria based on the connectivity achievable by the opponent in specific scenarios. For example, using Fig.…”

Section: Offensive and Defensive Pivot Metricsmentioning

confidence: 99%

Pivot Attack Classification for Cyber Threat Intelligence

Al-Khateeb

Marques

Epiphaniou

et al. 2022

JISCR

Self Cite

View full text Add to dashboard Cite

The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recognising and classifying this technique in large corporate networks is a complex task, due to the number of different events and traffic generated. In this paper, we present a pivot attack classification criteria based on perceived indicators of attack (IoA) to identify the level of connectivity achieved by the adversary. Additionally, an automatic pivot classifier algorithm is proposed to include a classification attribute to introduce a novel capability for the APIVADS pivot attack detection scheme. The new algorithm includes an attribute to differentiate between types of pivot attacks and contribute to the threat intelligence capabilities regarding the adversary modus operandi. To the best of our knowledge, this is the first academic peer-reviewed study providing a pivot attack classification criteria.

show abstract

Section: Offensive and Defensive Pivot Metricsmentioning

confidence: 99%