Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ECS > Lecture 10 quiz > Flashcards

Lecture 10 quiz Flashcards

1
Q

Who is the author of this paper on the future of cyber security, specifically the importance of speed.

A

Bushra, 2021

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who is Bushra, 2021 interviewing?

A

Shu, a Research Staff Member at IBM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Shu’s biggest concern biggest concern about the future of computing?

A

The speed in cyber security & the possibility of discovering modern cyber threats before attackers accomplish their goals or the impact of the threat gets worse.

Speed is the time take to execute attacks or defences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How have cyber attacks evolved?

A

The development of attacks is online.

Advanced Persistant Threat (APT) attacks are an example of how development of modern cyber security attacks is online today.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the first stage of the advanced persistent threat (APT) ?

A

It is known as the early attack phase ie., phase reconnaissance.

Attackers analyze their target before launching an attack by gaining access to the network and collecting information about the environment and its vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the second stage of the advanced persistent threat?

A

It is known as the phase lateral movement.

It happens once the attack has breached the network undetected, and it uses techniques to move deeper into the network to locate the valuable assets they are after ie., financial data and remove any obstacles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the third stage of the advanced persistent threat? (the malware development, delivery and execution phase of an attack)

A

Based on the knowledge developed during the last stages, the attackers can develop & test malware to make it undetectable by this anti-virus before launching it at the target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How should defenders discover threats?

A

Defenders need to understand security measurement limitations & gaps for each protected environment.

  1. Need to obtain hints of attacks from various perspectives eg. digging into process activities besides malware signatures to discover unknown malware.
  2. Reveal the root cause of security incidents eg., backtracking unknown zero-day exploits that allow malware to get in
  3. To evaluate covered impacts besides confirmed attack activities ie., is ransom the ultimate goal or the deceptive goal to stop investigation
  4. To verify the possible threat hypothesises ie., finding clues & proofs of the real attack goal of long-term customer privacy breaches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Do attackers know what their attack campaigns look like at the beginning & do defenders know what threats there are and how to detect them ahead of time?

A

No because attackers build attacks “on the fly” and defenders can develop detection strategies “on the fly based on what they observe”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the difference between static traditional security defense and dynamic cyber security defence?

A

Traditional static security defense requires a nearly complete understanding of a threat for each protected concern.

Dynamic cyber security defense creates new knowledge of that for each protected environment during detection.

This means the cyber security is no longer just the execution of attacks and defenses, but it also involves the development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do defenders need to think about today?

A

Programming, model creation, requirement analysis, algorithm design, data normalisation and system assembling even with pre-developed detection models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many days on average does it take to detect a data breach today?

A

279 days & this number has been increasing steadily over the past years & if this continues the loss of security will impede the use & development in the future

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How have cyber security attacks evolved over the years?

A

They have evolved quickly & advanced persistent threat (APT) is becoming a major concern.

The way attacks have changed has weakened existing defenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do defenders need to solve?

A

The issue of speed & efficency of cyber defense.

It is challenging to accelaterate cyber defense, especially knowledge, expression, composition, reuse & application. And it is challenging to foster creative artificial intelligence to play the game.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is the cyber defense process slow & difficult to speed up?

A

Cyber security analysts:

  1. Start from a suspicious observation (ie., repeated larger than expected network traffic)
  2. Make threat hypothesised eg., data exfiltration
  3. Next, they verify detailed adversary tactics against more observations
  4. Revise the hypothesised
  5. Threat hypothesises is verified
  6. Responses are proposes, evaluated & executed against each attack.

Today, cyber defense relies on ad-hoc threat hunting with incomplete & incompatible pieces of threat intelligence & knowledge. These processes are working, but are SLOW & far from the full strength of dynamic cyber defense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What dynamic cyber defense methodology does shu propose?

A

“Threat intelligence computing” is a new methodology that aims to formalise the reasoning aspect of dynamic cyber defense as a graph computation problem.

17
Q

What is the next challenge for the “threat intelligence computing” methodology?

A

To apply the methodology & technology outside the DAPRA envirinoment & they are working with new platforms and industry standards to bring security vendors & threat hunters together towards practical dynamic cyber defense.

 Once	 accomplished,	 it	 will	 rebalance	 the	 game	 with	 orders	 of	 magnitude	 shorter	 time	 to	 discover modern	 threats.	 It	 will	 also	 unlock	 further	 opportunities	 for	 defense	 design	 automation	 and	 security	 artificial	 intelligence	 which	 will	take	the	speed	of	cyber	defense	to	the	next	level.
18
Q

What is dynamic cyber defense?

A

It is an emerging approach

It connects multiple sub-disciplines in cyber security & beyond such as systems security, computer language, formal methods, machine learning etc.

& it opens lots of opportunities with big data and AI.

19
Q

What does “threat intelligence computing” methodology provide?

A

It provides both human & machine with one unified way to quickly encode knowledge & verify threat hypothesises against system & network data.

It enables easy cyber knowledge composition of large attack plots from small steps & tactics, techniques & procedures (TTP).

Also, proprietary knowledge from existing detection & reasoning systems can be trivially embedded via labels in our approach.

Proof of concept system is built in the DAPRA Transparent Computing program for threat hunting, for automatic TTP detection & for comprehensive policy reasoning which turns out to be a great success.

ECS (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions