Pivot Attack Classification for Cyber Threat Intelligence

Abstract

The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recognising and classifying this technique in large corporate networks is a complex task, due to the number of different events and traffic generated. In this paper, we present a pivot attack classification criteria based on perceived indicators of attack (IoA) to identify the level of connectivity achieved by the adversary. Additionally, an automatic pivot classifier algorithm is proposed to include a classification attribute to introduce a novel capability for the APIVADS pivot attack detection scheme. The new algorithm includes an attribute to differentiate between types of pivot attacks and contribute to the threat intelligence capabilities regarding the adversary modus operandi. To the best of our knowledge, this is the first academic peer-reviewed study providing a pivot attack classification criteria.

Publication DOI: https://doi.org/10.26735/zntl3639
Divisions: College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre
College of Business and Social Sciences > Aston Business School > Operations & Information Management
Additional Information: © 2022. JISCR. This is an open access article, distributed under the terms of the Creative Commons, Attribution-NonCommercial License.
Uncontrolled Keywords: Cybersecurity,Pivot Attack,Classification,Lateral Movement,Pivoting,Flow-Based Analysis
Publication ISSN: 1658-7790
Last Modified: 29 Oct 2024 15:42
Date Deposited: 30 Jan 2023 14:59
Full Text Link:
Related URLs: https://journal ... ticle/view/1948 (Publisher URL)
PURE Output Type: Article
Published Date: 2022-10-03
Accepted Date: 2022-09-25
Authors: Marques, Rafael Salema
Al-Khateeb, Haider (ORCID Profile 0000-0001-8944-123X)
Epiphaniou, Gregory
Maple, Carsten

Download

Export / Share Citation


Statistics

Additional statistics for this record