Identifying and Embedding Common Indicators of Compromise in Virtual Machines for Lab-Based Incident Response Education

Abstract

Though typical malware delivery vectors, behaviors, and general "attack craft" can be verbally explained and even illustrated, greater familiarity and confidence is imbued in the cyber defender when such theoretical explanations are followed by guided practical exercises that provide realistic scenarios. To demonstrate this, we created seven scenarios utilizing common attack types combined with prominent artifacts for indicators of compromise and prominent incident investigative tools. These scenarios will help facilitate the educational experience for students as well as instill confidence, resulting in more proficient incident response across the field. Should this type of education become a part of the NPS curriculum, additional research can be conducted to reaffirm its true capacity.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2015
Accession Number
ADA632497

Entities

People

  • Matthew S. Van Dusen

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Cyber Warfare
  • Cyberattacks
  • Cyberspace
  • Cyberspace Operations
  • Digital Information
  • Information Systems
  • Intrusion Detectors
  • Network Protocols
  • Network Science
  • Operating Systems
  • Students
  • Virtual Machines
  • Web Browsers

Fields of Study

  • Education

Readers

  • Cybersecurity.
  • Military History of the United States in the 20th Century.
  • Team-Based Human-Centered Cognitive Task Decision Making and Information Performance.

Technology Areas

  • Cyber