Computer Science
JNTUA Cyber Attacks and Threat Management Discussion

Jawaharlal Nehru Technological University

Question Description

I’m studying and need help with a Computer Science question to help me learn.

Wiki Page:

Given the vast amount of known threat indicators and level of network activity today, automation has become a necessity. It’s often difficult and time consuming for human analysts to efficiently manage large amounts of granular data and a wide range of cognitive biases. Therefore, manual threat correlation is often too slow to keep up with the amount of data generated, results include a high number of false negatives and positives, and outputs are not always reproducible.

However, performing manual threat correlation processes will remain crucial. The human brain’s ability to leverage well-formed biases and perform higher-order reasoning is essential for assessing the validity and value being provided by whatever solutions your organization uses as well as building your cyber threat management team’s knowledge base. Thus, even when automated methods are employed, the final tier of analysis typically uses these human abilities for sense-making before any actions are taken.

Image:

Conduct your own research and post something relevant about the topic such as :

Field Techniques of Comparison?

Rules for Based Matching?

What is Fuzzy Matching?

How threat actors can evade detection via threat correlation?


PPT Attached: Will Upload Textbook pdf and video links.

Unformatted Attachment Preview

Copyright © 2012, Elsevier Inc. All Rights Reserved Correlation Chapter 9 Protecting National Infrastructure, 1st ed. Cyber Attacks 1 Profile-based correlation Signature-based correlation Domain-based correlation Time-based correlation Copyright © 2012, Elsevier Inc. All rights Reserved • We rely on human analysis of data; no software can factor in relevant elements – – – – • Correlation is one of the most powerful analytic methods for threat investigation • Data comparison creates a clearer picture of adversary activity Introduction 2 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.1 – Profile-based activity anomaly 3 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.2 – Signature-based activity match 4 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.3 – Domain-based correlation of a botnet attack at two targets 5 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.4 – Time-based correlation of a botnet attack 6 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.5 – Taxonomy of correlation scenarios 7 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved • Commercial firewalls are underutilized • Correlation function can be decentralized, but that often complicates the process – The approach relies upon security information and event management (SIEM) • Threat management – data from multiple sources is correlated to identify patterns, trends, and relationships Conventional Security Correlation Methods 8 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.6 – Correlating intrusion detection alarms with firewall policy rules 9 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved • Without consistent, predictable, and guaranteed data delivery, correlations likely to be incorrect and data likely missing – Service level agreements guarantee quality of data – Quality and reliability not guaranteed with volunteered data • Quality and reliability of data sources important to consider • Service level agreements Quality and Reliability Issues in Data Correlation 10 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.7 – Incorrect correlation result due to imperfect collection 11 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved • Network service providers have best vantage point for correlating data across multiple organizations, regions, etc. • Network service providers have view of network activity that allows them to see problems Correlating Data to Detect a Worm 12 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.8 – Time-based correlation to detect worm 13 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved • The context of carrier infrastructure may offer best chance to perform correlation relative to a botnet • Botnets are often widely distributed, geographically • Sharing information on botnet tactics might help others protect themselves Correlating Data to Detect a Botnet 14 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.9 – Correlative depiction of a typical botnet 15 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved • These can only be overcome with a deliberate correlation process – Data formats – Collection targets – Competition • For national infrastructure protection, large-scale correlation of all-source data is complicated by several factors Large-Scale Correlation Process 16 Chapter 9 – Correlation Copyright © 2012, Elsevier Inc. All rights Reserved Fig. 9.10 – Large-scale, multipass correlation process with feedback 17 Chapter 9 – Correlation – – – – Copyright © 2012, Elsevier Inc. All rights Reserved Transparent operations Guaranteed data feeds Clearly defined value proposition Focus on situational awareness • Organizations with national infrastructure responsibility should be encouraged to create and follow a local program of data correlation • National-level programs might be created to correlate collected data at the highest level. This approach requires the following National Correlation Process 18 Chapter 9 – Correlation ...
Purchase answer to see full attachment
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

Final Answer

Hi! kindly find the attached document. Thank you.

Running head: DISCUSSION QUERY

1

Discussion Query
Name of Student
Institution Affiliation

DISCUSSION QUERY

2
Discussion Query

The technological development witnessed in the globe is linked with both positive and
negative effects. The positive impacts of the technological development entail the advancement
of IT which has helped businesses to automate their processes. Conversely, technology
development has also caused negative impact...

Warner (3208)
Cornell University

Anonymous
Thanks for the help.

Anonymous
Outstanding. Studypool always delivers quality work.

Anonymous
Tutor was very helpful and took the time to explain concepts to me. Very responsive, managed to get replies within the hour.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4