模棱两可的技术：通过语境判断恶意.pdf

《模棱两可的技术：通过语境判断恶意.pdf》由会员分享，可在线阅读，更多相关《模棱两可的技术：通过语境判断恶意.pdf（30页珍藏版）》请在三个皮匠报告上搜索。

1、 2025 THE MITRE CORPORATION.ALL RIGHTS RESERVED.Approved for Public Release;Distribution Unlimited.Public Release Case Number 25-2837Ambiguous Techniques:Determining Malice Through ContextSANS Hack and Defend SummitOctober 29th,2025 2025 THE MITRE CORPORATION.ALL RIGHTS RESERVED.ProblemSolutionImpac

2、tThe observables of some techniques are not sufficient to determine malicious intent.These can be referred to as“ambiguous techniques.”Create and apply a methodology to develop robust analytics which include the usage of ambiguous techniques informed by context.Provide lower false positive detection

3、 of ambiguous techniques.Defenders can make better-informed attributions of an actors intent.Ambiguous Techniques2 2025 THE MITRE CORPORATION.ALL RIGHTS RESERVED.Technical DocumentationNeed standardized definition of what makes a technique ambiguous,and how we can develop robust analytics for themDe

4、liverable:Publish methodology for identification of ambiguous techniques and guidance for effective methods to distinguish malicious from benign activity3 2025 THE MITRE CORPORATION.ALL RIGHTS RESERVED.Key ConceptsAmbiguous Technique A technique whose observables are not sufficient to determine mali

5、cious intent with a preponderance of certainty.Requires more deliberate and conclusive detections in order to reduce false positivesIntent The inference of a cyber actors disposition when performing certain actions and behaviors within an environment Can be malicious or benign our goal is identify a

6、nd differentiate malicious intentContext The situational awareness of information relating to the behavior or activity of interest Serves to substantiate,clarify,and illuminate the activity or behavior of interest in an environment Can be provided by observables and activities directly and indirectl