820 research outputs found
OSTINATO: Cross-host Attack Correlation Through Attack Activity Similarity Detection
Modern attacks against enterprises often have multiple targets inside the
enterprise network. Due to the large size of these networks and increasingly
stealthy attacks, attacker activities spanning multiple hosts are extremely
difficult to correlate during a threat-hunting effort. In this paper, we
present a method for an efficient cross-host attack correlation across multiple
hosts. Unlike previous works, our approach does not require lateral movement
detection techniques or host-level modifications. Instead, our approach relies
on an observation that attackers have a few strategic mission objectives on
every host that they infiltrate, and there exist only a handful of techniques
for achieving those objectives. The central idea behind our approach involves
comparing (OS agnostic) activities on different hosts and correlating the hosts
that display the use of similar tactics, techniques, and procedures. We
implement our approach in a tool called Ostinato and successfully evaluate it
in threat hunting scenarios involving DARPA-led red team engagements spanning
500 hosts and in another multi-host attack scenario. Ostinato successfully
detected 21 additional compromised hosts, which the underlying host-based
detection system overlooked in activities spanning multiple days of the attack
campaign. Additionally, Ostinato successfully reduced alarms generated from the
underlying detection system by more than 90%, thus helping to mitigate the
threat alert fatigue problemComment: 21 pages, 5 figure
The tackle in Rugby Union : understanding training and match behaviours to develop better coaching strategies for skill acquisition, performance, and injury prevention
Includes abstract.~Includes bibliographical references.Rugby Union is a popular international team sport characterised by frequent high impact bodily collisions known as the tackle. This aspect of the game exposes players to muscle damage and a high risk of injury. Tackle-related injuries account for up to 61% of all injuries during a rugby match. Furthermore, players’ ability to win the tackle contest has an influence on the outcome of the match. Given the nature and frequency of the tackle situation, tackle contact skills are a prerequisite for participation in rugby union. However, coaching and training drills prescribed to train the tackle to date are largely based on anecdotal evidence. To develop effective tackle training strategies (i.e. technical skills training, physical conditioning, training drills, and equipment) that will produce a successful outcome and reduce the risk of injury for both the ball-carrier and tackler, studying the tackle in real match situations is warranted. Therefore, in accordance with this goal the purpose of this thesis was to; (i) assess the current attitudes and behaviours of players during training and match play, and (ii) study the tackle and defensive strategies in real match situations
TESTING DECEPTION WITH A COMMERCIAL TOOL SIMULATING CYBERSPACE
Deception methods have been applied to the traditional domains of war (air, land, sea, and space). In the newest domain of cyber, deception can be studied to see how it can be best used. Cyberspace operations are an essential warfighting domain within the Department of Defense (DOD). Many training exercises and courses have been developed to aid leadership with planning and to execute cyberspace effects that support operations. However, only a few simulations train cyber operators about how to respond to cyberspace threats. This work tested a commercial product from Soar Technologies (Soar Tech) that simulates conflict in cyberspace. The Cyberspace Course of Action Tool (CCAT) is a decision-support tool that evaluates defensive deception in a wargame simulating a local-area network being attacked. Results showed that defensive deception methods of decoys and bait could be effective in cyberspace. This could help military cyber defenses since their digital infrastructure is threatened daily with cyberattacks.Marine Forces Cyberspace CommandChief Petty Officer, United States NavyChief Petty Officer, United States NavyApproved for public release. Distribution is unlimited
- …