Provenance Inference for Advanced CMS-Targeting Attacks
In a method for detecting an attack compromise window in a CMS website for which a temporal sequence of a plurality of snapshots of website backups have been stored, a temporally ordered set of spatial elements from each snapshot is constructed. Spatial metrics are computed for each individual snaps...
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | In a method for detecting an attack compromise window in a CMS website for which a temporal sequence of a plurality of snapshots of website backups have been stored, a temporally ordered set of spatial elements from each snapshot is constructed. Spatial metrics are computed for each individual snapshot's elements. The collected spatial metrics are temporally correlated and queried against attack models to recover an attack timeline. Attack events in the attack timeline are labelled. A sequence of assigned attack labels is verified. The compromise window is extracted from the plurality of snapshots. |
---|