Assessing Internet-wide Cyber Situational Awareness of Critical Sectors

Result code in IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F18%3A00102646" target="_blank" >RIV/00216224:14610/18:00102646 - isvavai.cz</a>

Result on the web

<a href="http://doi.acm.org/10.1145/3230833.3230837" target="_blank" >http://doi.acm.org/10.1145/3230833.3230837</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3230833.3230837" target="_blank" >10.1145/3230833.3230837</a>

Result language

angličtina

Original language name

Assessing Internet-wide Cyber Situational Awareness of Critical Sectors

Original language description

In this short paper, we take a first step towards empirically assessing Internet-wide malicious activities generated from and targeted towards Internet-scale business sectors (i.e., financial, health, education, etc.) and critical infrastructure (i.e., utilities, manufacturing, government, etc.). Facilitated by an innovative and a collaborative large-scale effort, we have conducted discussions with numerous Internet entities to obtain rare and private information related to allocated IP blocks pertaining to the aforementioned sectors and critical infrastructure. To this end, we employ such information to attribute Internet-scale maliciousness to such sectors and realms, in an attempt to provide an in-depth analysis of the global cyber situational posture. We draw upon close to 16.8 TB of darknet data to infer probing activities (typically generated by malicious/infected hosts) and DDoS backscatter, from which we distill IP addresses of victims. By executing week-long measurements, we observed an alarming number of more than 11,000 probing machines and 300 DDoS attack victims hosted by critical sectors. We also generate rare insights related to the maliciousness of various business sectors, including financial, which typically do not report their hosted and targeted illicit activities for reputation-preservation purposes. While we treat the obtained results with strict confidence due to obvious sensitivity reasons, we postulate that such generated cyber threat intelligence could be shared with sector/critical infrastructure operators, backbone networks and Internet service providers to contribute to the overall threat remediation objective.

Czech name

—

Czech description

—

Type

D - Article in proceedings

CEP classification

—

OECD FORD branch

10200 - Computer and information sciences

Project

<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>

Continuities

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Publication year

2018

Confidentiality

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Article name in the collection

Proceedings of the 13th International Conference on Availability, Reliability and Security

ISBN

9781450364485

ISSN

—

e-ISSN

—

Number of pages

6

Pages from-to

„29:1“-„29:6“

Publisher name

ACM

Place of publication

Hamburg

Event location

Hamburg

Event date

Aug 27, 2018

Type of event by nationality

WRD - Celosvětová akce

UT code for WoS article

000477981800057