Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Yoram J. Meijaard; Peter-Paul Meiler; Luca Allodi

doi:10.1109/EuroSPW54576.2021.00026

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Yoram J. Meijaard
, Peter-Paul Meiler
, Luca Allodi

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

1 Citaat (Scopus)

Samenvatting

Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

Originele taal-2	Engels
Titel	2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Uitgeverij	Institute of Electrical and Electronics Engineers
Pagina's	178-190
Aantal pagina's	13
ISBN van elektronische versie	9781665410120
DOI's	https://doi.org/10.1109/EuroSPW54576.2021.00026
Status	Gepubliceerd - sep. 2021

Financiering

ACKNOWLEDGEMENT This work is supported by the ITEA3 programme through the DEFRAUDIfy project funded by Rijksdienst voor On-dernemend Nederland (grant no. ITEA191010). As part of the open-review model followed on WACCO this year, all the reviews for this paper are publicly available at https://github.com/wacco-workshop/WACCO.

Financiers	Financiernummer
Rijksdienst voor Ondernemend Nederland (RVO) - opdrachtgever	ITEA191010

Toegang tot document

10.1109/EuroSPW54576.2021.00026

Andere bestanden en links

Link naar publicatie in Scopus

Citeer dit

@inproceedings{1ebdd7e395584c27880e6b8bd1283cdc,

title = "Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory",

abstract = "Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.",

keywords = "Advanced Persistent Threat, Critical infrastructure, Cyber Situational Awareness, Data Model",

author = "Meijaard, \{Yoram J.\} and Peter-Paul Meiler and Luca Allodi",

year = "2021",

month = sep,

doi = "10.1109/EuroSPW54576.2021.00026",

language = "English",

pages = "178--190",

booktitle = "2021 IEEE European Symposium on Security and Privacy Workshops (EuroS\&PW)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory. / Meijaard, Yoram J.; Meiler, Peter-Paul; Allodi, Luca.
2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Institute of Electrical and Electronics Engineers, 2021. blz. 178-190.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

AU - Meijaard, Yoram J.

AU - Meiler, Peter-Paul

AU - Allodi, Luca

PY - 2021/9

Y1 - 2021/9

N2 - Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

AB - Disruptive Advanced Persistent Threats (D-APTs) are a new sophisticated class of cyberattacks targeting critical infrastructures. Whereas regular APTs are well-described in the literature, no existing APT kill chain model incorporates the disruptive actions of D-APTs and can be used to represent DAPTs in data. To this aim, the contribution of this paper is twofold: first, we review the evolution of existing APT kill chain models. Second, we present a novel D-APT model based on existing ATP models and military theory. The model describes the strategic objective setting, the operational kill chain and the tactics of the attacker, as well as the defender's critical infrastructure, processes and societal function.

KW - Advanced Persistent Threat

KW - Critical infrastructure

KW - Cyber Situational Awareness

KW - Data Model

UR - https://www.scopus.com/pages/publications/85119047223

U2 - 10.1109/EuroSPW54576.2021.00026

DO - 10.1109/EuroSPW54576.2021.00026

M3 - Conference contribution

SP - 178

EP - 190

BT - 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

PB - Institute of Electrical and Electronics Engineers

ER -

Modelling Disruptive APTs targeting Critical Infrastructure using Military Theory

Samenvatting

Financiering

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit