Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Yoram J. Meijaard; Peter-Paul Meiler; Luca Allodi

doi:10.1109/EuroSPW54576.2021.00026

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Yoram J. Meijaard
, Peter-Paul Meiler
, Luca Allodi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

Abstract

Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

Original language	English
Title of host publication	2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Publisher	Institute of Electrical and Electronics Engineers
Pages	178-190
Number of pages	13
ISBN (Electronic)	9781665410120
DOIs	https://doi.org/10.1109/EuroSPW54576.2021.00026
Publication status	Published - Sept 2021

Funding

ACKNOWLEDGEMENT This work is supported by the ITEA3 programme through the DEFRAUDIfy project funded by Rijksdienst voor On-dernemend Nederland (grant no. ITEA191010). As part of the open-review model followed on WACCO this year, all the reviews for this paper are publicly available at https://github.com/wacco-workshop/WACCO.

Funders	Funder number
Rijksdienst voor Ondernemend Nederland	ITEA191010

Keywords

Advanced Persistent Threat
Critical infrastructure
Cyber Situational Awareness
Data Model

Access to Document

10.1109/EuroSPW54576.2021.00026

Cite this

@inproceedings{1ebdd7e395584c27880e6b8bd1283cdc,

title = "Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory",

abstract = "Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.",

keywords = "Advanced Persistent Threat, Critical infrastructure, Cyber Situational Awareness, Data Model",

author = "Meijaard, \{Yoram J.\} and Peter-Paul Meiler and Luca Allodi",

year = "2021",

month = sep,

doi = "10.1109/EuroSPW54576.2021.00026",

language = "English",

pages = "178--190",

booktitle = "2021 IEEE European Symposium on Security and Privacy Workshops (EuroS\&PW)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory. / Meijaard, Yoram J.; Meiler, Peter-Paul; Allodi, Luca.
2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Institute of Electrical and Electronics Engineers, 2021. p. 178-190.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

AU - Meijaard, Yoram J.

AU - Meiler, Peter-Paul

AU - Allodi, Luca

PY - 2021/9

Y1 - 2021/9

N2 - Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

AB - Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

KW - Advanced Persistent Threat

KW - Critical infrastructure

KW - Cyber Situational Awareness

KW - Data Model

UR - https://www.scopus.com/pages/publications/85119047223

U2 - 10.1109/EuroSPW54576.2021.00026

DO - 10.1109/EuroSPW54576.2021.00026

M3 - Conference contribution

SP - 178

EP - 190

BT - 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

PB - Institute of Electrical and Electronics Engineers

ER -

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Abstract

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this