Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System

Allen, Joey; Yang, Zheng; Landen, Matthew; Bhat, Raghav; Grover, Harsh; Chang, Andrew; Yang, Ji; Perdisci, Roberto; Lee, Wenke

doi:10.1145/3372297.3423355

Cited by 6 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work in [10] extracted causal dependencies within alerts generated by EDR systems to reconstruct attacks. The authors of [32] collected causality logs from browsers' execution history to detect watering hole attacks. Additionally, the study [9] correlated provenance from individual hosts to create an enterprise-wide causal graph for locating APTs at the enterprise level.…”

Section: Table V: Collection Of Academic Defense Methodsmentioning

confidence: 99%

“…To detect complex watering hole attacks, which are common in the initial stage of APT attacks, the authors developed MNEMOSYNE [32], a postmortem forensic analysis engine. MNEMOSYNE accurately reconstructs, investigates, and assesses the ramifications of watering hole attacks with little modification to the browser.…”

Section: Table V: Collection Of Academic Defense Methodsmentioning

confidence: 99%

“…Watering Hole (WH) This method bears semblance to a trap wherein frequently visited websites or platforms by targets are compromised [32]. The objective of attackers utilizing this technique is to exploit the trust relationship between visitors and these compromised websites.…”

Section: Common Techniques In Aptsmentioning

confidence: 99%

“…For the C2, it provides traffic encryption or obfuscation and can perplex defenders by communicating with compromised legitimate web services. Additionally, it serves as a crucial component for launching watering hole attacks [32]. The HB technique, previously detailed in part III of section II, is utilized in communication scenarios for maintaining persistent access to the target's website by the adversary.…”

Section: Name Initial Stage Communicationmentioning

confidence: 99%

See 3 more Smart Citations

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

Section: Table V: Collection Of Academic Defense Methodsmentioning

confidence: 99%

Section: Table V: Collection Of Academic Defense Methodsmentioning

confidence: 99%

Section: Common Techniques In Aptsmentioning

confidence: 99%

Section: Name Initial Stage Communicationmentioning

confidence: 99%

See 2 more Smart Citations

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…[44][45][46] Cybercrime Criminal activity either targets or uses a computer, a computer network, or a networked device. [47,48] Malware Malicious software designed to infiltrate a device without knowledge [49,50] DDoS Denial of service attack on a computer system or network that causes a service or resource tobe inaccessible to legitimate users [51][52][53][54][55] Ransomware A type of malicious program that restricts access to certain parts of files of the infected operating system and demands a ransom in exchange for removing this restriction [56][57][58][59][60] Mobile malware Its name suggests malicious software that targets explicitly the operating systems on mobile phones [61][62][63][64] Watering hole Refers to a tactic used during targeted attack campaigns where the APT is distributed through a trusted website that is usually visited by employees of the target company or entity [65,66] We contrasted this result with an international organization related to cybersecurity. We found that some of them were considered the most relevant cyberattacks in the year 2020, according to The European Union Agency for Cybersecurity (ENISA) [34].…”

Section: Type Description Referencementioning

confidence: 99%

An Exploratory Study of Cognitive Sciences Applied to Cybersecurity

et al. 2022

View full text Add to dashboard Cite

Cognitive security is the interception between cognitive science and artificial intelligence techniques used to protect institutions against cyberattacks. However, this field has not been addressed deeply in research. This study aims to define a Cognitive Cybersecurity Model by exploring fundamental concepts for applying cognitive sciences in cybersecurity. For achieving this, we developed exploratory research based on two steps: (1) a text mining process to identify main interest areas of research in the cybersecurity field and (2) a valuable review of the papers chosen in a systematic literature review that was carried out using PRISMA methodology. The model we propose tries to fill the gap in automatizing cognitive science without taking into account the users’ learning processes. Its definition is supported by the main findings of the literature review, as it leads to more in-depth future studies in this area.

show abstract

VaultBox: Enhancing the Security and Effectiveness of Security Analytics

Trivedi,

Triandopoulos

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System

Cited by 6 publications

References 31 publications

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

An Exploratory Study of Cognitive Sciences Applied to Cybersecurity

VaultBox: Enhancing the Security and Effectiveness of Security Analytics

Contact Info

Product

Resources

About