Accession Number:

ADA617802

Title:

Indicator Expansion with Analysis Pipeline

Descriptive Note:

Briefing charts

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s):

Report Date:

2015-01-13

Pagination or Media Count:

16.0

Abstract:

Indicator expansion is a process of using one or more data sources to obtain more indicators of malicious activity by identifying those related to currently known indicators. Generic Situation 1. Our host communicates with known bad IP address. 2. Host gets infected. 3. Host communicates with a different IP for Command and control. Exfiltration. Let s try and find these second-level IP addresses.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE