The components of the framework are logging modules, SIEM, indicators, attack tree, Kill chain, and sandbox. The logs of the previous component of layer 1 will be used by SIEM in layer 2 to show different alerts and warnings. The new framework includes layer 1, which has antivirus, NIDS/HIDS, firewall, etc. The multistage framework can be described as a multi-layer security and components. This dissertation proposed framework allows the incident response team to detect APTs more efficiently and improve the knowledge of the incident response team about the phases of the attack by identifying and detecting various indicators of the adversary’s attack. The term APT has been overloaded and means different things to different people - for example, some people refer to attacks from China, and others consider all attacks as part of the APT. A new class of threat called Advanced Persistent Threat (APT) has emerged and is described as cyber intrusions against military organisations. These incidents happen for different industries as well. The long-term and sophisticated attacks target companies, governments and political activists. The game of security cannot be successful without understanding the rules of engagement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |