OSTINATO: Cross-host Attack Correlation Through Attack Activity Similarity Detection

Modern attacks against enterprises often have multiple targets inside the enterprise network. Due to the large size of these networks and increasingly stealthy attacks, attacker activities spanning multiple hosts are extremely difficult to correlate during a threat-hunting effort. In this paper, we present a method for an efficient cross-host attack correlation across multiple hosts. Unlike previous works, our approach does not require lateral movement detection techniques or host-level modifications. Instead, our approach relies on an observation that attackers have a few strategic mission objectives on every host that they infiltrate, and there exist only a handful of techniques for achieving those objectives. The central idea behind our approach involves comparing (OS agnostic) activities on different hosts and correlating the hosts that display the use of similar tactics, techniques, and procedures. We implement our approach in a tool called Ostinato and successfully evaluate it in threat hunting scenarios involving DARPA-led red team engagements spanning 500 hosts and in another multi-host attack scenario. Ostinato successfully detected 21 additional compromised hosts, which the underlying host-based detection system overlooked in activities spanning multiple days of the attack campaign. Additionally, Ostinato successfully reduced alarms generated from the underlying detection system by more than 90%, thus helping to mitigate the threat alert fatigue problemComment: 21 pages, 5 figure

The tackle in Rugby Union : understanding training and match behaviours to develop better coaching strategies for skill acquisition, performance, and injury prevention

Includes abstract.~Includes bibliographical references.Rugby Union is a popular international team sport characterised by frequent high impact bodily collisions known as the tackle. This aspect of the game exposes players to muscle damage and a high risk of injury. Tackle-related injuries account for up to 61% of all injuries during a rugby match. Furthermore, players’ ability to win the tackle contest has an influence on the outcome of the match. Given the nature and frequency of the tackle situation, tackle contact skills are a prerequisite for participation in rugby union. However, coaching and training drills prescribed to train the tackle to date are largely based on anecdotal evidence. To develop effective tackle training strategies (i.e. technical skills training, physical conditioning, training drills, and equipment) that will produce a successful outcome and reduce the risk of injury for both the ball-carrier and tackler, studying the tackle in real match situations is warranted. Therefore, in accordance with this goal the purpose of this thesis was to; (i) assess the current attitudes and behaviours of players during training and match play, and (ii) study the tackle and defensive strategies in real match situations

TESTING DECEPTION WITH A COMMERCIAL TOOL SIMULATING CYBERSPACE

Deception methods have been applied to the traditional domains of war (air, land, sea, and space). In the newest domain of cyber, deception can be studied to see how it can be best used. Cyberspace operations are an essential warfighting domain within the Department of Defense (DOD). Many training exercises and courses have been developed to aid leadership with planning and to execute cyberspace effects that support operations. However, only a few simulations train cyber operators about how to respond to cyberspace threats. This work tested a commercial product from Soar Technologies (Soar Tech) that simulates conflict in cyberspace. The Cyberspace Course of Action Tool (CCAT) is a decision-support tool that evaluates defensive deception in a wargame simulating a local-area network being attacked. Results showed that defensive deception methods of decoys and bait could be effective in cyberspace. This could help military cyber defenses since their digital infrastructure is threatened daily with cyberattacks.Marine Forces Cyberspace CommandChief Petty Officer, United States NavyChief Petty Officer, United States NavyApproved for public release. Distribution is unlimited