Cyber Attack Thread: A Control-flow Based Approach to Deconstruct and Mitigate Cyber Threats
This work addresses the need for improved cyber threat mitigation for security practitioners and administrators, though it appears incremental as it builds on existing security mechanisms.
The paper tackles the problem of analyzing complex cyber attacks by introducing a control-flow based approach called Cyber Attack Thread, which deconstructs attacks into seven phases to understand attacker perspectives and defensive measures, particularly for APT attacks.
Attacks in cyberspace have got attention due to risk at privacy, breach of trust and financial losses for individuals as well as organizations. In recent years, these attacks have become more complex to analyze technically, as well as to detect and prevent from accessing confidential data. Although there are many methodologies and mechanisms which have been suggested for cyber-attack detection and prevention, but not from the perspective of an attacker. This paper presents the cyber-defence as hindrances, faced by the attacker, by understanding attack thread and defence possibilities with existing security mechanisms. Seven phases of Cyber Attack Thread are introduced and technical aspects are discussed with reference to APT attacks. The paper aims for security practitioner and administrators as well as for the general audience to understand the attack scenario and defensive security measures.