EXAMINING THREAT GROUPS FROM THE OUTSIDE: GENERATING HIGH-LEVEL OVERVIEWS OF PERSISTENT AND TRADITIONAL COMPROMISES

Horneman, Angela (2014) EXAMINING THREAT GROUPS FROM THE OUTSIDE: GENERATING HIGH-LEVEL OVERVIEWS OF PERSISTENT AND TRADITIONAL COMPROMISES. Master's Thesis, University of Pittsburgh. (Unpublished)

Preview

PDF Accepted Version Download (992kB) | Preview

Abstract

Analyzing threats that have compromised electronic devices is important to compromised organizations, researchers, and law enforcement. Examination of network and host based logs and network traffic is effective in identifying threats, the impact, and how to recover from the compromise. However, this form of analysis is very time consuming and requires technical expertise. This traditional form of analysis also only will provide information concerning organizations that have those logs and network flows. A quick and easy to use methodology for generating a high level overview of threats’ targets globally would aid analysts by indicating areas of focus for more in-depth analysis.

In this thesis we propose a methodology for synthesizing information from multiple publicly available, scope limited data sets that allows a rapid and cheap compilation of an overview of a threat. This method has the additional benefits of being available to researchers outside of compromised organizations and of being possible when logs and network flow do not exist. Once the approach has been implemented, it can be used to analyze multiple threats. This is demonstrated by two case studies, one examining a persistent threat called Advanced Persistent Threat 1 and the other overviewing a more traditional threat, the malware family Mabeza Infected.

---

Share

Citation/Export:	Select format... Citation - Text Citation - HTML Endnote BibTex Dublin Core OpenURL MARC (ISO 2709) METS MODS EP3 XML Reference Manager Refer
Social Networking:	Share |

---

Details

Item Type:	University of Pittsburgh ETD
Status:	Unpublished
Creators/Authors:	Creators Email Pitt Username ORCID Horneman, Angela anh91@pitt.edu ANH91
ETD Committee:	Title Member Email Address Pitt Username ORCID Committee CoChair Joshi, James B.D. jjoshi@sis.pitt.edu JJOSHI Committee CoChair Snoke, Timur Committee Member Krishnamurthy, Prashant prashant@sis.pitt.edu PRASHK Committee Member Palanisamy, Balaji bpalan@pitt.edu BPALAN
Date:	3 January 2014
Date Type:	Publication
Defense Date:	18 November 2013
Approval Date:	3 January 2014
Submission Date:	3 December 2013
Access Restriction:	No restriction; Release the ETD for access worldwide immediately.
Number of Pages:	94
Institution:	University of Pittsburgh
Schools and Programs:	School of Information Sciences > Information Science
Degree:	MSIS - Master of Science in Information Science
Thesis Type:	Master's Thesis
Refereed:	Yes
Uncontrolled Keywords:	Malware, Advanced Persistent Threat, Threat Analysis, Combining Data Sets,
Date Deposited:	03 Jan 2014 18:47
Last Modified:	15 Nov 2016 14:16
URI:	http://d-scholarship.pitt.edu/id/eprint/20253

Available Versions of this Item

• EXAMINING THREAT GROUPS FROM THE OUTSIDE: GENERATING HIGH-LEVEL OVERVIEWS OF PERSISTENT AND TRADITIONAL COMPROMISES. (deposited 03 Jan 2014 18:47) [Currently Displayed]

---

Metrics

Monthly Views for the past 3 years

Plum Analytics

---

Actions (login required)

View Item