Loading…

A Study of Gaps in Attack Analysis

The ability of the defender to detect and identify cyber attacks reflects the arms race nature of the cyber domain. While defenders develop new and improved techniques to detect known attacks, attackers resort to more sophisticated and stealthy techniques to perform their intrusions and evade detect...

Full description

Saved in:
Bibliographic Details
Main Authors: Okhravi,Hamad, Meiners,Chad R, Streilein,William W, Hobson,T
Format: Report
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The ability of the defender to detect and identify cyber attacks reflects the arms race nature of the cyber domain. While defenders develop new and improved techniques to detect known attacks, attackers resort to more sophisticated and stealthy techniques to perform their intrusions and evade detection. In this study, we identify the major gaps that exist in todays attack detection systems and infrastructures that impede more efficient and effective attack analysis. Attack analysis in this study refers to activities related to identification and understanding of attack methods and techniques, the capability to detect such attacks in USG, DoD, and general enterprise systems, the ability to attribute such attacks to adversaries, and the ability to predict them before they happen. Since the latter two capabilities are significantly underdeveloped, most of the focus of this study is on the identification and detection of attacks. We have reviewed recent literature to identify major gaps in attack analysis. We have then ranked these gaps based on their likelihood of impacting current systems, the extent of their impact, and the cost of developing new and improved techniques to enhance current attack analysis capabilities.