Indicator Expansion with Analysis Pipeline

Abstract

Indicator expansion is a process of using one or more data sources to obtain more indicators of malicious activity by identifying those related to currently known indicators. Generic Situation: 1. Our host communicates with known bad IP address. 2. Host gets infected. 3. Host communicates with a different IP for: Command and control. Exfiltration. Let s try and find these second-level IP addresses.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 13, 2015
Accession Number
ADA617802

Entities

People

  • Daniel Ruef

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Abstracts
  • Command And Control
  • Department Of Defense
  • Engineering
  • Guarantees
  • Indicators
  • Information Operations
  • Intellectual Property
  • Law
  • Materials
  • Pipelines
  • Software Development
  • Test And Evaluation
  • Universities

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Database Systems and Applications

Technology Areas

  • Fully Networked C3
  • Fully Networked C3 - Command and Control