A4 Artikkeli konferenssijulkaisussa
Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic (2021)


Myllyla, J., & Costin, A. (2021). Reducing the Time to Detect Cyber Attacks : Combining Attack Simulation With Detection Logic. In S. Balandin, Y. Koucheryavy, & T. Tyutina (Eds.), FRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT (pp. 465-474). FRUCT Oy. Proceedings of Conference of Open Innovations Association FRUCT. https://fruct.org/publications/acm29/files/Myl.pdf


JYU-tekijät tai -toimittajat


Julkaisun tiedot

Julkaisun kaikki tekijät tai toimittajatMyllyla, Juuso; Costin, Andrei

EmojulkaisuFRUCT '29 : Proceedings of the 29th Conference of Open Innovations Association FRUCT

Emojulkaisun toimittajatBalandin, Sergey; Koucheryavy, Yevgeni; Tyutina, Tatiana

Konferenssin paikka ja aikaTampere, Finland12.-14.5.2021

eISBN978-952-69244-5-8

Lehti tai sarjaProceedings of Conference of Open Innovations Association FRUCT

ISSN2305-7254

eISSN2343-0737

Julkaisuvuosi2021

Artikkelin sivunumerot465-474

Kirjan kokonaissivumäärä540

KustantajaFRUCT Oy

JulkaisumaaSuomi

Julkaisun kielienglanti

Julkaisun avoin saatavuusMuulla tavalla avoin

Julkaisukanavan avoin saatavuus

Julkaisu on rinnakkaistallennettu (JYX)https://jyx.jyu.fi/handle/123456789/77218

Verkko-osoite, jossa julkaisu vapaasti saatavillahttps://fruct.org/publications/acm29/files/Myl.pdf


Tiivistelmä

Cyber attacks have become harder to detect, causing the average detection time of a successful data breach to be over six months and typically costing the target organization nearly four million dollars. The attacks are becoming more sophisticated and targeted, leaving unprepared environments easy prey for the attackers. Organizations with working antivirus systems and firewalls may be surprised when they discover their network has been encrypted by a ransomware operator. This raises a serious question, how did the attacks go undetected? The conducted research focuses on the most common pitfalls regarding late or even non-existent detection by defining the root cause behind the failed detection.
The main goal of this work is to empower defenders to set up a test environment with sufficient logging policies and simulating attacks themselves. The attack simulations will then be turned into actionable detection logic, with the help of the detection logic framework. The framework is designed to guide defenders through a quick and agile process of creating more broad detection logic with the emphasis on tactics, techniques and procedures of attacks. The results in this study approach the detection issues in a broad and general manner to help defenders understand the issue of threat detection, instead of providing readily implemented solutions.


YSO-asiasanatverkkohyökkäyksettietoturvatietotekniikkapalomuurit (tietoturva)organisaatiottestaussimulointikyberturvallisuus


Liittyvät organisaatiot


OKM-raportointiKyllä

Raportointivuosi2021

JUFO-taso1


Viimeisin päivitys 2024-22-04 klo 17:06