Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic
Myllyla, J., & Costin, A. (2021). Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic. In S. Balandin, Y. Koucheryavy, & T. Tyutina (Eds.), FRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT (pp. 465-474). FRUCT Oy. Proceedings of Conference of Open Innovations Association FRUCT. https://fruct.org/publications/acm29/files/Myl.pdf
© The Authors 2021
Cyber attacks have become harder to detect, causing the average detection time of a successful data breach to be over six months and typically costing the target organization nearly four million dollars. The attacks are becoming more sophisticated and targeted, leaving unprepared environments easy prey for the attackers. Organizations with working antivirus systems and firewalls may be surprised when they discover their network has been encrypted by a ransomware operator. This raises a serious question, how did the attacks go undetected? The conducted research focuses on the most common pitfalls regarding late or even non-existent detection by defining the root cause behind the failed detection. The main goal of this work is to empower defenders to set up a test environment with sufficient logging policies and simulating attacks themselves. The attack simulations will then be turned into actionable detection logic, with the help of the detection logic framework. The framework is designed to guide defenders through a quick and agile process of creating more broad detection logic with the emphasis on tactics, techniques and procedures of attacks. The results in this study approach the detection issues in a broad and general manner to help defenders understand the issue of threat detection, instead of providing readily implemented solutions. ...
Parent publication ISBN978-952-69244-5-8
ConferenceConference of Open Innovations Association
Is part of publicationFRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Myllylä, Juuso (2021)Kyberhyökkäysten havaitsemisesta on tullut entistä vaikeampaa, nostaen onnistuneen tietomurron havaitsemisajan tyypillisesti yli puoleen vuoteen, jolloin keskimäärin hyökkäys maksaa lähes neljä miljoonaa dollaria kohteelle. ...
Hyvärinen, Mikko (2016)Tausta: Hajautetut palvelunestohyökkäykset ovat jo kaksi vuosikymmentä vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa määrää vastaan vuosien varrella. Sovelluskerroksen protokollien hyökkäykset ...
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Peregrine Technical Solutions, 2020)Deficiency of correctly implemented and robust defence leaves Internet of Things devices vulnerable to cyber threats, such as adversarial attacks. A perpetrator can utilize adversarial examples when attacking Machine ...
Juvonen, Antti (University of Jyväskylä, 2014)