A4 Article in conference proceedings
Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic (2021)


Myllyla, J., & Costin, A. (2021). Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic. In S. Balandin, Y. Koucheryavy, & T. Tyutina (Eds.), FRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT (pp. 465-474). FRUCT Oy. Proceedings of Conference of Open Innovations Association FRUCT. https://fruct.org/publications/acm29/files/Myl.pdf


JYU authors or editors


Publication details

All authors or editors: Myllyla, Juuso; Costin, Andrei

Parent publication: FRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT

Parent publication editors: Balandin, Sergey; Koucheryavy, Yevgeni; Tyutina, Tatiana

Place and date of conference: Tampere, Finland, 12.-14.5.2021

eISBN: 978-952-69244-5-8

Journal or series: Proceedings of Conference of Open Innovations Association FRUCT

ISSN: 2305-7254

eISSN: 2343-0737

Publication year: 2021

Pages range: 465-474

Number of pages in the book: 540

Publisher: FRUCT Oy

Publication country: Finland

Publication language: English

Publication open access: Other way freely accessible online

Publication channel open access:

Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/77218

Web address where publication is available: https://fruct.org/publications/acm29/files/Myl.pdf


Abstract

Cyber attacks have become harder to detect, causing the average detection time of a successful data breach to be over six months and typically costing the target organization nearly four million dollars. The attacks are becoming more sophisticated and targeted, leaving unprepared environments easy prey for the attackers. Organizations with working antivirus systems and firewalls may be surprised when they discover their network has been encrypted by a ransomware operator. This raises a serious question, how did the attacks go undetected? The conducted research focuses on the most common pitfalls regarding late or even non-existent detection by defining the root cause behind the failed detection.
The main goal of this work is to empower defenders to set up a test environment with sufficient logging policies and simulating attacks themselves. The attack simulations will then be turned into actionable detection logic, with the help of the detection logic framework. The framework is designed to guide defenders through a quick and agile process of creating more broad detection logic with the emphasis on tactics, techniques and procedures of attacks. The results in this study approach the detection issues in a broad and general manner to help defenders understand the issue of threat detection, instead of providing readily implemented solutions.


Keywords: cyber attacks; data security; information technology; firewalls (computer security); organisations (systems); testing; simulation; cyber security


Contributing organizations


Ministry reporting: Yes

Preliminary JUFO rating: 1


Last updated on 2021-27-07 at 13:42