Advertisement

Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense

  • Frank J. StechEmail author
  • Kristin E. Heckman
  • Blake E. Strom
Chapter

Abstract

This chapter outlines a concept for integrating cyber denial and deception (cyber-D&D) tools, tactics, techniques, and procedures (TTTPs) into an adversary modeling system to support active cyber defenses (ACD) for critical enterprise networks. We describe a vision for cyber-D&D and outline a general concept of operation for the use of D&D TTTPs in ACD. We define the key elements necessary for integrating cyber-D&D into an adversary modeling system. One such recently developed system, the Adversarial Tactics, Techniques and Common Knowledge (ATT&CK™) Adversary Model is being enhanced by adding cyber-D&D TTTPs that defenders might use to detect and mitigate attacker tactics, techniques, and procedures (TTPs). We describe general D&D types and tactics, and relate these to a relatively new concept, the cyber-deception chain. We describe how defenders might build and tailor a cyber-deception chain to mitigate an attacker’s actions within the cyber attack lifecycle. While we stress that this chapter describes a concept and not an operational system, we are currently engineering components of this concept for ACD and enabling defenders to apply such a system.

Keywords

Enterprise Network Threat Information Advance Persistent Threat Threat Intelligence Shared Repository 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Frank J. Stech
    • 1
    Email author
  • Kristin E. Heckman
    • 1
  • Blake E. Strom
    • 1
  1. 1.MITRE CorporationMcleanUSA

Personalised recommendations