FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4313158368> ?p ?o ?g. }

• W4313158368 endingPage "22" @default.
• W4313158368 startingPage "1" @default.
• W4313158368 abstract "Modern attacks against enterprises often have multiple targets inside the enterprise network. Due to the large size of these networks and increasingly stealthy attacks, attacker activities spanning multiple hosts are extremely difficult to correlate during a threat-hunting effort. In this paper, we present a method for an efficient cross-host attack correlation across multiple hosts. Unlike previous works, our approach does not require lateral movement detection techniques or host-level modifications. Instead, our approach relies on an observation that attackers have a few strategic mission objectives on every host that they infiltrate, and there exist only a handful of techniques for achieving those objectives. The central idea behind our approach involves comparing (OS agnostic) activities on different hosts and correlating the hosts that display the use of similar tactics, techniques, and procedures. We implement our approach in a tool called Ostinato and successfully evaluate it in threat hunting scenarios involving DARPA-led red team engagements spanning 500 hosts and in another multi-host attack scenario. Ostinato successfully detected 21 additional compromised hosts, which the underlying host-based detection system overlooked in activities spanning multiple days of the attack campaign. Additionally, Ostinato successfully reduced alarms generated from the underlying detection system by more than 90%, thus helping to mitigate the threat alert fatigue problem." @default.
• W4313158368 created "2023-01-06" @default.
• W4313158368 creator A5046075378 @default.
• W4313158368 creator A5051819817 @default.
• W4313158368 creator A5058117020 @default.
• W4313158368 creator A5059358384 @default.
• W4313158368 date "2022-01-01" @default.
• W4313158368 modified "2023-09-23" @default.
• W4313158368 title "Ostinato: Cross-host Attack Correlation Through Attack Activity Similarity Detection" @default.
• W4313158368 cites W1919179112 @default.
• W4313158368 cites W1980849679 @default.
• W4313158368 cites W1990600049 @default.
• W4313158368 cites W2016089260 @default.
• W4313158368 cites W2048125321 @default.
• W4313158368 cites W2081193615 @default.
• W4313158368 cites W2096347345 @default.
• W4313158368 cites W2112127916 @default.
• W4313158368 cites W2114996745 @default.
• W4313158368 cites W2117831564 @default.
• W4313158368 cites W2149684865 @default.
• W4313158368 cites W2244152248 @default.
• W4313158368 cites W2401005551 @default.
• W4313158368 cites W2560810941 @default.
• W4313158368 cites W2764206252 @default.
• W4313158368 cites W2790557990 @default.
• W4313158368 cites W2794988934 @default.
• W4313158368 cites W2906943923 @default.
• W4313158368 cites W2912262279 @default.
• W4313158368 cites W2947745012 @default.
• W4313158368 cites W2947883180 @default.
• W4313158368 cites W2962703433 @default.
• W4313158368 cites W3015650867 @default.
• W4313158368 cites W3016038045 @default.
• W4313158368 cites W3099203541 @default.
• W4313158368 cites W3214329506 @default.
• W4313158368 cites W4214926737 @default.
• W4313158368 cites W4233622428 @default.
• W4313158368 cites W4245671428 @default.
• W4313158368 doi "https://doi.org/10.1007/978-3-031-23690-7_1" @default.
• W4313158368 hasPublicationYear "2022" @default.
• W4313158368 type Work @default.
• W4313158368 citedByCount "0" @default.
• W4313158368 crossrefType "book-chapter" @default.
• W4313158368 hasAuthorship W4313158368A5046075378 @default.
• W4313158368 hasAuthorship W4313158368A5051819817 @default.
• W4313158368 hasAuthorship W4313158368A5058117020 @default.
• W4313158368 hasAuthorship W4313158368A5059358384 @default.
• W4313158368 hasConcept C103278499 @default.
• W4313158368 hasConcept C110875604 @default.
• W4313158368 hasConcept C115961682 @default.
• W4313158368 hasConcept C126831891 @default.
• W4313158368 hasConcept C136764020 @default.
• W4313158368 hasConcept C154945302 @default.
• W4313158368 hasConcept C18903297 @default.
• W4313158368 hasConcept C22735295 @default.
• W4313158368 hasConcept C35525427 @default.
• W4313158368 hasConcept C38652104 @default.
• W4313158368 hasConcept C41008148 @default.
• W4313158368 hasConcept C86803240 @default.
• W4313158368 hasConceptScore W4313158368C103278499 @default.
• W4313158368 hasConceptScore W4313158368C110875604 @default.
• W4313158368 hasConceptScore W4313158368C115961682 @default.
• W4313158368 hasConceptScore W4313158368C126831891 @default.
• W4313158368 hasConceptScore W4313158368C136764020 @default.
• W4313158368 hasConceptScore W4313158368C154945302 @default.
• W4313158368 hasConceptScore W4313158368C18903297 @default.
• W4313158368 hasConceptScore W4313158368C22735295 @default.
• W4313158368 hasConceptScore W4313158368C35525427 @default.
• W4313158368 hasConceptScore W4313158368C38652104 @default.
• W4313158368 hasConceptScore W4313158368C41008148 @default.
• W4313158368 hasConceptScore W4313158368C86803240 @default.
• W4313158368 hasLocation W43131583681 @default.
• W4313158368 hasOpenAccess W4313158368 @default.
• W4313158368 hasPrimaryLocation W43131583681 @default.
• W4313158368 hasRelatedWork W2151669228 @default.
• W4313158368 hasRelatedWork W2353686261 @default.
• W4313158368 hasRelatedWork W2535952706 @default.
• W4313158368 hasRelatedWork W2596503800 @default.
• W4313158368 hasRelatedWork W2787075961 @default.
• W4313158368 hasRelatedWork W2959928946 @default.
• W4313158368 hasRelatedWork W3008425890 @default.
• W4313158368 hasRelatedWork W3117634829 @default.
• W4313158368 hasRelatedWork W2400358291 @default.
• W4313158368 hasRelatedWork W2597807833 @default.
• W4313158368 isParatext "false" @default.
• W4313158368 isRetracted "false" @default.
• W4313158368 workType "book-chapter" @default.