| Title | A Systems Approach to Indicators of Compromise Utilizing Graph Theory |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Conference Name | 2018 IEEE International Symposium on Technologies for Homeland Security (HST) |
| Date Published | oct |
| Keywords | Applied Mathematics, attack vectors, attribution, complex network intrusion, complex networks, composability, computer network security, graph theory, Human Behavior, human-in-the-loop security center paradigm, indicators of compromise, IOC, IP networks, Malware, Mathematical model, mathematical tool, Metrics, multiple diverse modalities, network intrusion, network security breaches, network theory (graphs), pubcrawl, systems approach, systems-based indicators, Tools, Vectors, Workstations |
| Abstract | It is common to record indicators of compromise (IoC) in order to describe a particular breach and to attempt to attribute a breach to a specific threat actor. However, many network security breaches actually involve multiple diverse modalities using a variety of attack vectors. Measuring and recording IoC's in isolation does not provide an accurate view of the actual incident, and thus does not facilitate attribution. A system's approach that describes the entire intrusion as an IoC would be more effective. Graph theory has been utilized to model complex systems of varying types and this provides a mathematical tool for modeling systems indicators of compromise. This current paper describes the applications of graph theory to creating systems-based indicators of compromise. A complete methodology is presented for developing systems IoC's that fully describe a complex network intrusion. |
| DOI | 10.1109/THS.2018.8574187 |
| Citation Key | noauthor_systems_2018 |
A Systems Approach to Indicators of Compromise Utilizing Graph Theory